Security

Which IP Camera App Out There Is Most Secure?

Written by Bill Toulas
Last updated September 24, 2021

Avast has tested out ten of the most popular IP camera apps in the market and evaluated the aspect of “account security” in all of them. Thanks to the massive popularity of IP cameras today, there are many millions of users of each of the tested apps.

Thus, any security or privacy flaw in them has dire consequences for a large number of people. We have previously presented problems in TP-Link cams, the Wyze Labs infrastructure, Ring cameras security, and the Xiaomi camera feed mixup. Clearly, the field isn’t free of problems, and it couldn’t be. But which one is the most secure and trustworthy?

The apps that were tested by Avast’s researcher Marko Zbirka are the following ten:

The points that determine which app is secure and which one isn’t have to do with the existence of one-time passwords, brute force protection against password cracking attempts, generating notifications upon a new device connection, and any password-setting restrictions that are in place. Additionally, the researcher checked if the data traffic between the app and the vendor’s server is encrypted and whether a strong encryption scheme was used.

Name of IP Camera App # of app downloads (Google Play) One time password (OTP) Brute force Protection New device notification Password restrictions
Blink 1M+ Via email (only to add new device) Yes Yes (OTP required, sent per email) None
Wyze 1M+ Text message/authentication app (user has to enter code to activate) Yes (user not notified of attempts) No None
YI IOT 100K+ No No Yes (user receives notification with every new login) Max length of 16 characters
YI Home 1M+ No No Yes (user receives notification with every new login) Max length of 16 characters
Wansview Cloud 100K+ No No No Max length of 16 characters
MIPC 500K+ No No No None
Jawa 50K+ No No No None
CloudEdge 100K No No No Max length of 20 characters
Amcrest Cloud 50K+ No No No None
iCSee 1M+ No No No Max length of 32 characters

One of the most positive findings of this small study was that all apps used some form of encryption for their communications with the server. Also, all of them obliged the user to set up a password to access their accounts, although not all of them demanded that a strong one must be used. As for OTPs, brute force protection, and device connection notifications, there were mixed results.

The two most secure apps were determined to be Blink and Wyze, although these weren’t perfect in every sense. Wyze could set 2FA to default and send failed login notifications to the account holder, not the hacker. Blink could get even better by forcing the user to select a strong password instead of “any” password.

As for the least secure apps, there’s no point in making any discriminations there since all of the other eight apps are more or less at the same level. What this tells us is that IoT security still has a long way to go, and is actually far behind from where it should already be. Keep that in mind the next time you’re on the look for a new IP camera and opt for the most secure product with your money.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: