[dbrgn]

Threema predates the Signal protocol.

There is an open source re-implementation of the Threema protocol obtained by reverse engineering: https://github.com/blizzard4591/openMittsu There is also an (incomplete) implementation in Go: https://github.com/o3ma/o3/ Note that Threema does not disallow reverse engineering in their terms of service.

The fact that OpenMittsu can properly encrypt and decrypt messages that are compatible with the Threema apps should be proof that the implementation is correct. Also, since Threema is financed by selling the app with no external investors, there should be more incentive to stick to their promises than to cheat on their privacy-sensitive users.

And even if the apps and the server were open source, unfortunately it would still not be possible to verify that the version on Google Play / iTunes is the same as the published source code. I'm not aware of a way to create reproducible builds on these app stores either.