. 2021 May 14;16(5):e0251867. doi: 10.1371/journal.pone.0251867

Table 6. Potential weaknesses and other security issues per app.

App Name	Signer certificate information	Janus	Network Security	CWE-330	CWE-276	CWE-532	CWE-312	CWE-89	CWE-327	CWE-295	CWE-749	CWE-919
Stopp Corona	–	+	–	+	+	–	–	–	–	–	–	–
Coronalert	–	+	–	+	+	+	+	+	–	+	–	–
ViruSafe	–	+	–	+	–	+	+	+	AES ECB	–	–	–
Stop COVID-19	–	+	–	+	+	+	–	–	–	–	–	–
CovTracer	–	+	–	+	–	+	+	+	MD5, AES-ECB	–	–	–
eRouska	–	+	–	+	–	+	+		–	–	–	–
Smittestop	–	+	–	–	+	+	–	–	–	–	–	–
Hoia	–	+	–	+	–	+	+	+	–	–	–	–
Koronavilkku	–	+	–	+	+	+	+	+	–	–	–	–
TousAntiCovid	–	+	–	+	+	+	+	–	–	–	–	–
Corona-Warn-App	–	+	–	+	+	+	–	+	MD5, SHA1	+	–	–
VirusRadar	–	+	–	+	+	+	+	–	–	–	–	–
COVID Tracker	–	+	–	+	++	+	+	+	SHA1	–	–	–
Immuni	–	+	–	+	+	+	+	–	–	+	–	–
Apturi Covid	–	+	–	+	+	+	+	–	–	–	–	–
Korona Stop LT	–	+	–	+	–	+	–	+	SHA1	+	–	–
COVID Alert	SHA1withRSA (SHA256withRSA)	+	–	+	–	–	+	+	–	–	–	–
CoronaMelder	–	+	–	+	++	+	+	+	–	–	–	–
Smittestopp	–	+	–	+	+	+	+	+	–	–	–	–
STOP COVID—ProteGO Safe	–	+	–	+	–	+	–	–	–	–	+	–
STAYAWAY COVID	–	+	–	+	–	+	+	+	–	–	–	–
ZostanZdravy	–	+	Domain is insecurely configured and permits clear text traffic	+	++	+	–	+	MD5, SHA1, AES-ECB	–	–	–
#OstaniZdrav	–	+	–	+	+	+	–	+	MD5, SHA1	+	–	–
Radar COVID	–	+	–	+	–	+	+	+	–	–	–	–
SwissCovid	–	+	–	+	–	+	+	+	–	–	–	–
NHS Covid-19	–	+	Domain is insecurely configured and permits clear text traffic	+	+	+	+	–	–	–	–	+
Total	1	26	2	25	16	24	18	17	7	5	1	1