On the evening of 10 November 2025, a powerful explosion happened in the area near the Red Fort metro station in Old Delhi. The explosion resulted in the killing of 13 people and injuring dozens. The explosion happened inside a parked vehicle, sending explosion waves through one of the capital’s busiest heritage zones. After the blast, security and investigation agencies were analysing what happened. This included going through the sequence of events before the blast. This is when they discovered something strange, as the attackers had relied on a little-known encrypted messaging app to plan and coordinate the operation. This lead has now become central to the case’s investigation.
What is Threema Swiss App used in the planning of attack?
The app that agencies are investigating is Threema, a Switzerland-based messaging service known for its strict privacy-first design. Although other popular platforms require a phone number or email ID to create a user profile. However, Threema generates an anonymous, random user ID without both mobile number and email, which makes it making it extremely difficult to link accounts to real identities. This privacy model, while attractive to many legitimate users, has also drawn the attention of groups seeking to hide from surveillance.
Officials told PTI that the trio may have taken things further by creating their own private Threema server, enabling them to share files, maps, and instructions in a fully isolated setup. The app’s encrypted environment allowed them to remain invisible to routine monitoring systems while they planned meetings, visits and exchanged sensitive material.
How did the suspects use Threema?
Investigation officials believe the terrorists may have maintained the secrecy of this attack a step further by using a privately configured Threema server. This had allowed them to operate outside the app’s mainstream network. This would have enabled them to share maps, locations and instructions without leaving easily traceable digital footprints.
Threema also supports “burn-after-reading” style message deletion, making it harder for agencies to reconstruct conversations once the plot came to light. Investigators say the suspects wiped large portions of their chat history, further complicating digital forensics.
Despite a ban, why is the app available for download?
Threema application is not new to India’s security radar. The government banned the app in 2023 under Section 69A of the IT Act. This was due to concerns about its misuse by external handlers directing operations within the country. Yet the suspects reportedly bypassed the ban using VPN services and foreign proxies, allowing them to access and use the app without detection.
This loophole has reignited debate over how effective app bans really are when sophisticated users can work around digital restrictions.
A wider security challenge
The Red Fort blast highlights a growing challenge for law-enforcement agencies: as communication tools become more private and decentralised. Therefore, the traditional surveillance methods struggle to monitor them, even apps like Threema, designed to protect everyday users from data misuse, can also shield malicious actors when misused.
The investigation, although is still happening yet the blast has forced a renewed discussion on balancing digital privacy with national security, and the need for global cooperation when encrypted foreign platforms become part of domestic threats.
