Top of class! Two different mobile applications have been identified for use with iChoice S1. Both applications and there corresponding web servers provide commendable standards in terms of security and privacy. Overall this solution performed best among our 8 scales in scope. Even more from a privacy perspective, this solution can be seen as good practice. The applications only collect content data and communication with one server only. No crash analytics, logs or any other usage data is collected and send in background.
| sensor | iChoice S1 |
| WiFi | ✗ |
| Bluetooth | ✅ |
| mobile app | com.medm.medmwt.diary |
| app release date | Apr, 2016 |
| app install base | 500k |
| app version | 2.0.26 |
The application provided by SwissMed mobile applied the best security we have seen in our tests. Data collected and transferred by this application can widely be considered to be secure. This application was the only application to employ certificate pinning which made it the most secure. Through this technique it would defeat all kinds of attacks on traffic we applied.
Minor issues identified by us have been discussed and addressed by SwissMed mobile after notification.
| mobile app | com.medm.ichoice.diary |
| app release date | Mar, 2015 |
| app install base | 1k |
| app version | 1.7.8 |
The iChoice application performed very similar to SwissMed with the exception of certificate pinning. Also the current implementation can be considered as secure in terms of normal use, certificate pinning would add another (desirable) layer of security.