This document is intended to help you use ESYSTA securely. While we take comprehensive technical measures to protect your data and privacy, you can also contribute significantly to security by following a few simple steps.
An application can only be executed securely if the device used is also secure. Ensure that the
operating system is in a state recommended by the manufacturer. This means that the operating system is still
supported by the manufacturer and that all security-relevant updates have been installed.
Additionally, your device should have active device protection (password, fingerprint, etc.). When using mobile
devices, they must not be rooted. The ESYSTA App must not be installed in simulation environments either.
If these measures are not implemented, your device will be vulnerable. If a third party gains unauthorized
access to your device, they may also be able to access your ESYSTA data.
Access via a public network or via a third-party device can also result in risks that are beyond our and your control. Therefore, only access ESYSTA via a trustworthy network.
If you use ESYSTA in public spaces, be aware that third parties might be able to see your device and view information from ESYSTA. Ensure that no one can look over your shoulder and/or use a privacy screen protector.
Weak passwords are one of the biggest security risks. Therefore, use a secure password for ESYSTA. A secure password should contain at least 12 characters and include a mix of uppercase and lowercase letters, numbers, and special characters. It should not contain sequences of three or more consecutive digits, and the same character should not be repeated four or more times in a row. Avoid simple or easy-to-guess combinations.
Do not share your password with third parties and only store it securely, for example, in a password manager protected by a master password. Storing usernames or passwords in a web browser, on mobile devices, or in an unprotected location poses security risks, as these data could become accessible to third parties in the event of a successful attack on your device.
We also point out that there are security differences between various authentication methods. When setting up the ESYSTA App, you can optionally enable biometrics. If you do so, you can use your stored biometric feature (fingerprint or facial recognition) instead of entering the app PIN to unlock the app. This generally increases the risk of unauthorized access to your data. By choosing this authentication method, you accept the higher risk in favor of easier handling. You can remove biometric login in your account settings at any time. Details on different biometric authentication methods can be found here: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03107/TR-03107-1_Anforderungen.pdf
In the “Account settings/security” section of the ESYSTA Portal, you can configure security settings. There you can change your password, revoke device access, add security keys, biometric logins, or a "passkey."
Under “Account settings/Data sharing” you can manage the sharing of data with doctors. Please note that such sharing can endanger the confidentiality of your data.
Under “Account settings/Support access” you can grant the ESYSTA support team temporary access to your data to provide information or help with technical problems. Please note that this may endanger the confidentiality of your data.
In the ESYSTA App for Android, the option to enable or disable screenshot capturing is available. Please note that enabling screenshots may compromise the confidentiality of your data.
We would like to remind you that you are responsible for the security of exported data. We recommend storing downloaded data only in encrypted form.
Please also make sure that you store the copy of the recovery keys that you receive during registration
in a safe place. These serve as an authentication factor when logging in on other devices.
In general, using the copy-paste function can pose security risks, especially when sensitive
data such as passwords or access codes are copied to the clipboard. This data could be accessed by other
applications or malware. Use this function carefully and avoid transferring sensitive information this way.
To minimize risks, clear clipboard entries after use.
You should also avoid taking screenshots of sensitive data. These images are stored unencrypted on your device and may be unintentionally shared with other apps or services, posing a security risk.
Please be aware that the ESYSTA Portal web application cannot prevent third-party access or the storage of screen content (e.g., screenshots and screen displays when switching between applications). Sensitive data could be exposed. We recommend logging out after use. If you remain logged in, an active connection to the backend system may persist even when the device is locked.
Please note that locking the screen does not automatically log you out of our service and that the connection to the background system will remain open. Therefore, please log out after using the service (especially on third-party devices).
When using the mobile app, a connection to the ESYSTA Portal remains active even when the operating system is locked. This ensures the synchronization of your data, such as blood sugar readings received from Bluetooth devices, with the ESYSTA Portal. This centralized data storage serves on the one hand to secure your data, e.g. in the event of a defect or loss of your smartphone, and on the other hand to ensure that your data is as up-to-date as possible when accessed via the ESYSTA Portal, whether by yourself or by a doctor to whom you have granted data access. To protect your data, this automatic data transfer occurs in the background with restricted access rights. However, despite security precautions, there is a potential risk of data interception or manipulation by third parties. You can disable automatic data transmission in the app settings at any time.
Both the ESYSTA App and the ESYSTA Portal use third-party software libraries to provide functionality. Wherever possible, publicly available standard software is used and continuously monitored for known vulnerabilities. However, using third-party software can still pose data protection and security risks. For more information, please contact ESYSTA Support.
The ESYSTA App requires certain permissions for both installation and runtime to function properly. These differ depending on the operating system. Some optional functions, such as displaying notifications, require separate permissions.
The ESYSTA App requires certain permissions to function properly, which are requested at runtime. The request is made depending on the detected device or activated service. You can revoke permissions via the operating system’s settings, but this may restrict the following functions:
If you revoke any of these runtime permissions, the respective app functions may be restricted or unavailable.
These permissions are granted at installation and can only be revoked by uninstalling the app:
The ESYSTA App for iOS requires certain permissions to function properly, which are requested at runtime. The following points outline when and why these permissions are needed, how you can revoke your consent and what consequences this has:
ESYSTA® is a product and registered trademark of
Emperra® GmbH E-Health Technologies