Threema is a Swiss instant messenger that was built from the ground up with security and data privacy in mind.
For one thing, state-of-the-art end-to-end encryption prevents anyone other than the intended recipient (including the service provider) from reading the messages users exchange. For another thing, it is not required to provide any personal information (such as a phone number or email address) to use Threema. In other words, the service can be used completely anonymously. Finally, Threema adheres to the Privacy by Design principles, which is to say that only as little metadata as possible is generated, and it is only stored for the shortest amount of time possible.
The service provider hosts its own servers in Switzerland.
The following services and applications may be tested. All other targets and third party services not listed here are not in scope.
- iOS App
Directory Server / ID Service
Work Cockpit & Backend
Broadcast Cockpit & Backend
Gateway Cockpit & Backend
- Start looking for vulnerabilities, respecting the definitions in this program (scope, rules, ...).
- Report found vulnerabilities and support the platform and the customer in verifying them.
- Get paid for confirmed, new vulnerabilities.
The organization gives its approval for Friendly Hackers to use hacking methods based on the specified bug bounty program. Due to this consent, the criminal liability criterion of unauthorized use and thus the criminal liability of the Friendly Hackers with regard to the elements of crime in Art. 143 StGB (unauthorized data acquisition) and Art. 143bis StGB (unauthorized intrusion into a data processing system) does not apply.