umlaut, partner of connect, a test magazine for consumers, has run a security test on warning apps warning apps from Germany, Great Britain, New York, South Africa, Canada, and Australia.
umlaut’s findings: all tested apps offer very high data security and received the connect rating good or very good. The German Corona Warning app bested the other apps and stood out with 940 out of 1,000 points and received a grade of very good.
The focus of the tests was on security, which plays a central role in the acceptance of the population. umlaut examined this with its test procedure for app security. It scrutinised four areas: Data Privacy, Traffic Protection including encryption, measures against impersonation attacks such as loss of integrity and rights expansion, and Secure Code practices, the security measures around the app source code. umlaut says aspects such as functional scope and ease of use were not evaluated and compared because the COVID-19 warning apps can only be used in their target region and are generally offered there without direct competition.
|
The Corona Warning app, which has been available in Germany since June 2020, leads the connect ranking with 940 points and impresses in particular with its full score for personal data protection. Today, the app, developed by Deutsche Telekom and SAP with the support of the Robert Koch Institute (RKI), counts 28 million users.
Since late 2020 (version 1.10), it offers a contact diary in which, for example, meetings with family and friends can be registered. Since March 2021 (version 1.13), voluntary donations of data for scientific research have been possible, and since April (version 2.0), event registration was added. This allows organisers to generate a QR code for their events in the app and publish it, for example, on a poster.
Participants can then scan it via app. Since May (version 2.1), the results of rapid tests can be noted in the app and by the end of June, the digital vaccination certificate currently under development will be integrated.
In contrast to the intense criticism in its home country, the COVID Safe Australia app achieved an excellent second place with 912 points and a very good rating. After its launch around a year ago, however, the number of users has stagnated at around seven million. Centralised data management and misunderstandings at launch time obviously caused lasting damage to the image of the Australian app.
Third place in the connect ranking goes to the NHS COVID-19 app from the United Kingdom with the grade "very good" and 896 points. After an app with centralised data storage first appeared in May 2020, the National Health Service (NHS) switched to a privacy-friendly version following strong criticism.
According to connect, this second British Covid app gets a lot of things right and convinces with additional functions. Today, the app counts around 22 million users and thus a similar penetration as the Corona Warning app in Germany.
The US app COVID Alert NY ranks fourth with 876 points and received very good rating. Because a US-wide app was hardly feasible, New York developed its own solution. But acceptance remains low despite very good security. Besides the contact notification built into iOS and Android, its only features it has is a private symptom diary.
The COVID Alert South Africa App is close behind with 848 points and was graded "good". There is little to criticise about the security of the South African app, nevertheless, it did not achieve a high penetration rate until today. The functionality of the Covid Alert South Africa app is moderate, but there are no major security flaws.
Last is COVID Alert Canada app with 816 points and was also graded good. With Blackberry and Shopify, big names are involved in the development of Canada's Corona app. After extensive privacy discussions, the Canadian app limits itself to its core function.
A look at apps around the world proves that once a COVID app has suffered a damage to its image due to data protection problems or due to the central data storage criticised by security experts, this is at the expense of a high level of penetration. umlaut’s security tests also confirm that the German Corona Warning app, which is often questioned in its country, stands up very well in an international comparison with its strong focus on data protection.
Hakan Ekmen, umlaut CEO telecommunications, notes: “We can certify the Corona warning apps to offer a good or partly even very good level of security and data protection. App providers from many countries achieve convincing results. Still, German app users can rely on the best security rating in our comparison.
Hannes Rügheimer, author at connect, summarises the conclusion as follows: "Telekom and SAP have done a lot right with the German app, and not just in terms of data protection. Even if the hope is growing that we will need its functionality increasingly less—anyone who is still undecided should give the “Corona Warning App” a chance in view of our results."