No more security updates for Android 13: e-patient record also affected

Anyone using a smartphone with Android 13, iOS 17 or an older version will have to switch: the mobile app for the electronic patient record (ePA) will no longer be supported by most health insurance companies on such devices starting July 1, 2026. This is confirmed, among others, by the AOK-Bundesverband upon request. The Techniker Krankenkasse has already informed its insured members that the ePA, the TI messenger and the Ident app will no longer be supported. The market share of Android 13 is approximately 13 percent.

Longer security updates in the future

The background to this are security requirements from the Federal Office for Information Security (BSI). According to these, the ePA may only be used on operating systems that still receive regular security updates. Google stopped providing security patches for Android 13 at the beginning of March 2026. For devices that remain on this version, system-wide security vulnerabilities will no longer be closed. The BSI generally recommends using only current and supported systems. Google must supply newer devices with security updates for longer in the future.

At AOK too, the switch affects the electronic patient record, the e-prescription, and the TI messenger, all three of which are bundled in the AOK app "Mein Leben." Members whose devices do not meet the future requirements will be informed in advance. AOK plans to display corresponding information directly in the app starting in early May 2026. In addition, it is preparing customer service and technical support to advise affected individuals and support them in switching. It is currently unclear how many insured members will be affected in total; such figures are not yet available to the AOKs. Regardless of the restrictions on mobile devices, access to the ePA via the desktop client on the computer remains unrestricted – at least with a card reader.

The e-prescription app from Gematik may also be impacted. When asked whether the lack of security updates for Android 13 also affects the e-prescription app, Gematik states that it “continuously checks the security of the e-prescription app. Operating systems that pose an acute security risk are immediately removed from use.” It further states: “The basis for this is a technical guideline – a so-called audit regulation – from the Federal Office for Information Security (BSI). The audit regulation defines security requirements for ePA applications, among other things. Consultations are currently underway between Gematik and BSI regarding the scope of supported operating systems.”

11 percent affected at Bitmarck

At the health insurance IT service provider Bitmarck, which serves most of the company health insurance funds and DAK as customers, the apps will still run until the end of 2026. “Risk detection and mitigation have always been a focus for Bitmarck and development partner RISE in the ePA app. Therefore, we always adhere to the currently valid security requirements. These requirements (stipulated in § 360 (10) SGB V) will apply to the ePA release in the fourth quarter of 2026 as follows: Because there will be changes to the e-prescription component of the ePA app, an external security certificate will be required for approval, which must be reviewed and confirmed by the Federal Office for Information Security (BSI),” explains Bitmarck upon request. Based on the certificate, the ePA app “may only support Android versions 14 and higher from the upcoming release. Until then, the ePA from Bitmarck and Rise will also support Android 13.” At Bitmarck, around eleven percent of insured members would be affected at the current time.

Empfohlener redaktioneller Inhalt

Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.

Preisvergleiche immer laden Preisvergleich jetzt laden

Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.

(mack)