iChoice S1

Top of class! Two different mobile applications have been identified for use with iChoice S1. Both applications and there corresponding web servers provide commendable standards in terms of security and privacy. Overall this solution performed best among our 8 scales in scope. Even more from a privacy perspective, this solution can be seen as good practice. The applications only collect content data and communication with one server only. No crash analytics, logs or any other usage data is collected and send in background.

sensor iChoice S1
WiFi
Bluetooth

mobile app com.medm.medmwt.diary
app release date Apr, 2016
app install base 500k
app version 2.0.26

Considerations

The application provided by SwissMed mobile applied the best security we have seen in our tests. Data collected and transferred by this application can widely be considered to be secure. This application was the only application to employ certificate pinning which made it the most secure. Through this technique it would defeat all kinds of attacks on traffic we applied.

Minor issues identified by us have been discussed and addressed by SwissMed mobile after notification.


mobile app com.medm.ichoice.diary
app release date Mar, 2015
app install base 1k
app version 1.7.8

Considerations

The iChoice application performed very similar to SwissMed with the exception of certificate pinning. Also the current implementation can be considered as secure in terms of normal use, certificate pinning would add another (desirable) layer of security.