Which brings up a more important question as most people keep old messages around, thus invalidating forward secrecy in practice.
Threema at least tries to protect the old messages using things like the the OS keystore (Signal also does this). On some platforms Threema actually allows a passphrase to protect the old messages which is arguably better than what Signal does. See the cryptography white paper for the details:
Threema at least tries to protect the old messages using things like the the OS keystore (Signal also does this). On some platforms Threema actually allows a passphrase to protect the old messages which is arguably better than what Signal does. See the cryptography white paper for the details:
* https://threema.ch/press-files/2_documentation/cryptography_...