Aachen, June 2, 2021. About a year after the launch of the “Corona-Warn-App” in Germany, it is a good time to now review these apps - both in Germany and abroad. umlaut, the global consultancy company and world leader in mobile network testing and long-standing partner of connect, the international telecommunication test magazine for consumers, have subjected the warning apps from Germany, Great Britain, New York, South Africa, Canada and Australia to extensive security tests. The result: All tested apps offer very high data security and received the connect rating "good" or "very good". The German “Corona-Warn-App” is the test winner with 940 out of 1,000 points and the grade "very good".
The focus of the tests was on security, which plays a central role in the acceptance of the population - this was examined by umlaut with its tried and tested test procedure for app security. umlaut took a close look at four areas: Data Privacy, Traffic Protection including encryption, measures against Impersonation attacks such as loss of integrity and rights expansion, as well as Secure Code practices, the security measures around the app source code. Aspects such as functional scope and ease of use were not evaluated and compared because the Covid-19 warning apps can only be used in their target region and are generally offered there without direct competition.
The "Corona-Warn-App”, which has been available in Germany since June 2020, leads the connect ranking with 940 points and impresses in particular with its full score for personal data protection. Today, the app, developed by Deutsche Telekom and SAP with the support of the Robert Koch Institute (RKI), counts 28 million users. Since late 2020 (version 1.10), it offers a contact diary in which, for example, meetings with family and friends can be registered. Since March 2021 (version 1.13), voluntary donations of data for scientific research have been possible, and since April (version 2.0), event registration was added. This allows organisers to generate a QR code for their events in the app and publish it, for example, on a poster. Participants can then scan it via the app. Since May (version 2.1), the results of rapid tests can be noted in the app and by the end of June, the digital vaccination certificate currently under development is planned to be integrated.
In contrast to the intense criticism in its home country, the "Covid Safe Australia" app achieved an excellent second place with 912 points and a "very good" rating. After its launch around a year ago, however, the number of users has stagnated at around seven million. Centralised data management and misunderstandings at launch time obviously caused lasting damage to the image of the Australian app.
Third place in the connect ranking goes to the "NHS Covid 19 App" from the United Kingdom with the grade "very good" and 896 points. After an app with centralised data storage first appeared in May 2020, the National Health Service (NHS) switched to a privacy-friendly version following strong criticism. According to connect, this second British Covid-19 app gets a lot of things right and convinces with well thought-out and practical additional functions. Today, the app counts around 22 million users and thus a similar penetration as the “Corona-Warn-App” in Germany.
The U.S. app “Covid Alert NY” occupies fourth place with 876 points and a "very good" rating. Because a U.S.-wide app was hardly feasible, New York developed its own solution. But acceptance remains low despite very good security. Besides the contact notification built into iOS and Android, its only features is a private symptom diary.
The "Covid Alert South Africa App" is close behind with 848 points and the grade "good". There is little to criticise about the security of the South African app - nevertheless, it did not achieve a high penetration rate until today. The functionality of the “Covid Alert South Africa” app is moderate, but there are no major security flaws.
The last place is taken by the "Covid Alert Canada" app with 816 points and also the grade "good". With Blackberry and Shopify, big names are involved in the development of Canada's Covid-19 app. After extensive privacy discussions, the Canadian app limits itself to its core function.
A look at apps around the world proves this: Once a Covid-19 app has suffered a damage to its image due to data protection problems or due to the central data storage criticised by security experts, this is quickly at the expense of a high level of penetration. umlaut’s security tests also confirm that the German “Corona-Warn-App”, which is often questioned at home, stands up very well in an international comparison with its strong focus on data protection.
“We can certify the Covid-19 warning apps to offer a good or partly even very good level of security and data protection. App providers from many countries achieve convincing results. Still, German app users can rely on the best security rating in our comparison," says Hakan Ekmen, CEO Telecommunication at umlaut. Hannes
Rügheimer, author at connect, summarizes the conclusion as follows: "Telekom and SAP have done a lot right with the German app, and not just in terms of data protection. Even if the hope is growing that we will need its functionality increasingly less - anyone who is still undecided should give the “Corona-Warn-App” a chance in view of our results."
umlaut and connect note, nevertheless, that there is room for improvement for the German app. Some clever details from other countries could be integrated, for example, the postcode-based overview of currently valid Covid-19 restrictions from the UK.
DOWNLOAD PRESS MATERIAL
For more information please visit: https://www.umlaut.com/en/stories/covid-19-warning-apps-test
The focus of the tests was on security, which plays a central role in the acceptance of the population - this was examined by umlaut with its tried and tested test procedure for app security. umlaut took a close look at four areas: Data Privacy, Traffic Protection including encryption, measures against Impersonation attacks such as loss of integrity and rights expansion, as well as Secure Code practices, the security measures around the app source code. Aspects such as functional scope and ease of use were not evaluated and compared because the Covid-19 warning apps can only be used in their target region and are generally offered there without direct competition.
The "Corona-Warn-App”, which has been available in Germany since June 2020, leads the connect ranking with 940 points and impresses in particular with its full score for personal data protection. Today, the app, developed by Deutsche Telekom and SAP with the support of the Robert Koch Institute (RKI), counts 28 million users. Since late 2020 (version 1.10), it offers a contact diary in which, for example, meetings with family and friends can be registered. Since March 2021 (version 1.13), voluntary donations of data for scientific research have been possible, and since April (version 2.0), event registration was added. This allows organisers to generate a QR code for their events in the app and publish it, for example, on a poster. Participants can then scan it via the app. Since May (version 2.1), the results of rapid tests can be noted in the app and by the end of June, the digital vaccination certificate currently under development is planned to be integrated.
In contrast to the intense criticism in its home country, the "Covid Safe Australia" app achieved an excellent second place with 912 points and a "very good" rating. After its launch around a year ago, however, the number of users has stagnated at around seven million. Centralised data management and misunderstandings at launch time obviously caused lasting damage to the image of the Australian app.
Third place in the connect ranking goes to the "NHS Covid 19 App" from the United Kingdom with the grade "very good" and 896 points. After an app with centralised data storage first appeared in May 2020, the National Health Service (NHS) switched to a privacy-friendly version following strong criticism. According to connect, this second British Covid-19 app gets a lot of things right and convinces with well thought-out and practical additional functions. Today, the app counts around 22 million users and thus a similar penetration as the “Corona-Warn-App” in Germany.
The U.S. app “Covid Alert NY” occupies fourth place with 876 points and a "very good" rating. Because a U.S.-wide app was hardly feasible, New York developed its own solution. But acceptance remains low despite very good security. Besides the contact notification built into iOS and Android, its only features is a private symptom diary.
The "Covid Alert South Africa App" is close behind with 848 points and the grade "good". There is little to criticise about the security of the South African app - nevertheless, it did not achieve a high penetration rate until today. The functionality of the “Covid Alert South Africa” app is moderate, but there are no major security flaws.
The last place is taken by the "Covid Alert Canada" app with 816 points and also the grade "good". With Blackberry and Shopify, big names are involved in the development of Canada's Covid-19 app. After extensive privacy discussions, the Canadian app limits itself to its core function.
A look at apps around the world proves this: Once a Covid-19 app has suffered a damage to its image due to data protection problems or due to the central data storage criticised by security experts, this is quickly at the expense of a high level of penetration. umlaut’s security tests also confirm that the German “Corona-Warn-App”, which is often questioned at home, stands up very well in an international comparison with its strong focus on data protection.
“We can certify the Covid-19 warning apps to offer a good or partly even very good level of security and data protection. App providers from many countries achieve convincing results. Still, German app users can rely on the best security rating in our comparison," says Hakan Ekmen, CEO Telecommunication at umlaut. Hannes
Rügheimer, author at connect, summarizes the conclusion as follows: "Telekom and SAP have done a lot right with the German app, and not just in terms of data protection. Even if the hope is growing that we will need its functionality increasingly less - anyone who is still undecided should give the “Corona-Warn-App” a chance in view of our results."
umlaut and connect note, nevertheless, that there is room for improvement for the German app. Some clever details from other countries could be integrated, for example, the postcode-based overview of currently valid Covid-19 restrictions from the UK.
DOWNLOAD PRESS MATERIAL
For more information please visit: https://www.umlaut.com/en/stories/covid-19-warning-apps-test
