Since then, they seem to have open sourced their client applications, so it should at least be possible to verify e2e encryption of messages. That isn't to say that metadata isn't valuable as well, of course.

> Slovak investigators, working with Europol, the European Union’s law enforcement agency, cracked Kocner’s phone and gained access to encrypted communication via the instant messaging app Threema.

If I remember correctly, the user in question kept exported plain-text backups of the conversations on the phone. The encryption of the app itself was not breached.