Last year, the German consumer electronics manufacturer MEDION had two of its Smart Home applications (Air and Robots), together with two representatives of the respective product category, tested for certification. The applications, as well as the devices, passed all tests without any problems and were accordingly awarded our certificate “Approved IoT Product”.
This year, MEDION is beginning to unite the control of the different product categories under one application. The MEDION LIFE+ app thus offers customers who use several smart products a decisive advantage and even more convenient control. In order to have a consistently high level of security confirmed for the new app and the countless additional product categories, the MEDION LIFE+ app, along with three representatives (a vacuum robot, an air conditioner, and an automatic feeder), also went through our extensive certification process.
Like every mobile application at our lab, the new MEDION LIFE+ application (Android / iOS; com.medion.medionlifeplus; v1.1.28) first had to undergo static analysis. In this step, we scan the application code, the associated assets, configuration files, etc. for indications of possible vulnerabilities and known weak points. However, the MEDION app did not allow any notable lapses here and has even improved a bit compared to last year’s certified and now obsolete apps Air and Robots. This impression was also confirmed in the subsequent dynamic analysis: The application’s communication was found to be adequately secured throughout, and no other problems in the important areas of password and account security could be identified during operation.
The devices provided to us by MEDION as representatives of the various product categories, namely the MEDION LIFE X20 SW+ vacuum cleaning robot, the MEDION LIFE MD60228 smart automatic feeder with video function, and the MEDION LIFE P900 mobile air conditioner, of course also had to undergo the usual tests. We performed security scans of the devices, monitored, analyzed and checked communication locally and online for vulnerabilities, and carried out a wide variety of attacks on all possible aspects of the devices. But here, too, all the devices presented themselves solidly and left us little room for criticism. Of course, due to the immense variety of products, we could not examine every single device supported by the MEDION LIFE+ app, but we were assured by the manufacturer MEDION that the communication of all other devices is identical and implemented via the same SDK.
The last and nonetheless very important part of any certification procedure is the privacy and data protection analysis. Here, we take a close look at the product’s privacy policy, assess its degree of transparency and comprehensibility, and, with the help of the test results from the previous analysis steps, look for inconsistencies between the information provided in the privacy policy and the actual behavior observed for the product under review. Here again, we noticed a step forward compared to the “old” applications. The already very detailed privacy policy, which we examined last year, has also become a little bit better again in its new version (as of April 5, 2023) for this year’s test of the new app. The interested user is really informed extensively and in detail about all relevant areas of data collection, processing and sharing. The permissions of the applications and the necessity of them are explained, and also all other aspects concerning the user’s privacy are discussed extensively. Opting out of any data collection is also made easy for the user via the application’s settings menu. Well done!
Overall, the new LIFE+ application from MEDION is convincing in all relevant areas and passes our certification tests confidently and with only a few comments on our part. Accordingly, we award our certificate “Approved IoT Product” to the MEDION LIFE+ application.