AMIKPRO App Under Scrutiny: German Authorities Warn of Organized Fraud Scheme
BERLIN — A legal alert issued by Germany’s leading legal platform Anwalt.de has sent shockwaves through the country’s digital finance sector, warning users of the AMIKPRO app amid mounting allegations of organized fraud. The app, marketed as a secure platform for legal document management and client communication, is now under investigation by German financial regulators and law enforcement agencies for suspected large-scale deception targeting law firms, corporate clients, and private users.
According to the alert published on April 24, 2026, the Federal Financial Supervisory Authority (BaFin) has received multiple complaints alleging that the AMIKPRO app misled users about data security, encrypted communication, and compliance with Germany’s strict privacy laws. Victims report unauthorized access to sensitive legal documents, financial transactions, and confidential client communications, raising concerns about potential identity theft, financial fraud, and violations of attorney-client privilege.
“This is not just a technical failure—it appears to be a coordinated effort to exploit trust in digital legal tools,” said Dr. Markus Weber, a cybersecurity expert at the Federal Office for Information Security (BSI), in an official statement released on April 25. “We are urging all users, especially law firms and corporate legal teams, to immediately suspend employ of the app and review their digital security protocols.”
What Is AMIKPRO?
AMIKPRO, developed by the Berlin-based startup AMIK Systems GmbH, launched in late 2024 as a “secure, all-in-one legal communication platform” designed to replace traditional email and messaging tools like WhatsApp and Signal for law firms and their clients. The app promised end-to-end encryption, GDPR compliance, and seamless integration with German legal practice management software. By early 2026, it had reportedly gained traction among small to mid-sized law firms across Germany, particularly in Berlin, Munich, and Hamburg.
However, unlike established encrypted messaging services such as Signal or Threema, AMIKPRO was not open-source, and its encryption protocols had not been independently audited by third-party security firms—a red flag for privacy advocates. The app’s rapid adoption among legal professionals, who handle highly sensitive data, has now become a focal point of the investigation.
Allegations of Organized Fraud
The fraud allegations center on three key claims:
- Fake Encryption Claims: Internal documents obtained by Tagesschau suggest that AMIKPRO’s encryption was not end-to-end as advertised. Instead, user data—including chat logs, document uploads, and metadata—was allegedly stored on servers controlled by the company, with no clear safeguards against unauthorized access. This would constitute a direct violation of the EU General Data Protection Regulation (GDPR), which mandates strict protections for personal and sensitive data.
- Unauthorized Data Access: Multiple law firms have reported that confidential client information shared via AMIKPRO was later found on dark web marketplaces. In one case, a Munich-based law firm discovered that a settlement agreement sent through the app had been leaked and used to blackmail a corporate client. The firm has since filed a criminal complaint with the Bavarian State Police.
- Phishing and Social Engineering: Users have reported receiving fraudulent messages within the app, impersonating law firm partners or court officials, requesting sensitive information or payments. These messages often included official-looking logos and legal jargon, making them challenging to distinguish from legitimate communications. Investigators believe these attacks were facilitated by insider access to the app’s backend systems.
In response to the allegations, AMIK Systems GmbH issued a brief statement on April 26, 2026, denying any wrongdoing: “AMIKPRO is a secure platform that complies with all applicable data protection laws. We are cooperating fully with authorities and conducting an internal review to address these claims. The safety and privacy of our users remain our top priority.” However, the company has not provided details about the nature of the internal review or whether it has engaged an independent auditor.
Legal and Regulatory Fallout
The scandal has prompted swift action from German regulators. On April 25, BaFin issued an official warning to financial institutions and law firms, advising them to “immediately cease using AMIKPRO for any transactions or communications involving sensitive data.” The German Federal Bar Association (BRAK) has as well issued guidance to its members, urging them to switch to verified, open-source alternatives like Signal or Threema for client communications.
“The use of unverified communication tools in legal practice is a ticking time bomb,” said Dr. Anna-Lena Hollo, a spokesperson for BRAK. “Attorneys have a professional and ethical obligation to protect client confidentiality. Tools like AMIKPRO, which lack transparency and independent security audits, pose an unacceptable risk.”
The State Criminal Police Office of North Rhine-Westphalia (LKA NRW) has launched a criminal investigation into AMIK Systems GmbH on suspicion of fraud, data theft, and violations of the German Criminal Code (§ 202a, unauthorized access to data). The investigation is being conducted in coordination with the Federal Criminal Police Office (BKA) and Europol’s European Cybercrime Centre (EC3).
What Users Should Do
For law firms, corporate legal teams, and individual users who have relied on AMIKPRO, experts recommend the following steps:
- Immediately Stop Using the App: Uninstall AMIKPRO from all devices and revoke any permissions granted to the app. Do not use it for any further communications or document sharing.
- Review and Secure Accounts: Change passwords for all accounts that may have been accessed via AMIKPRO, including email, banking, and legal practice management systems. Enable two-factor authentication where possible.
- Audit Recent Communications: Review all messages and documents shared through the app in the past six months. Look for signs of unauthorized access, such as unusual login locations or unexpected changes to documents.
- Report Suspicious Activity: If you suspect your data has been compromised, report the incident to your local police department and file a complaint with BaFin or the Federal Commissioner for Data Protection and Freedom of Information (BfDI).
- Switch to Verified Alternatives: For secure communication, experts recommend using open-source, independently audited platforms such as Signal or Threema. For document management, consider GDPR-compliant solutions like DocuSnap or Lexoffice.
Broader Implications for Digital Legal Tools
The AMIKPRO scandal highlights the growing risks associated with the rapid adoption of digital tools in the legal profession. While platforms like WhatsApp and email remain popular for their convenience, they often fail to meet the stringent data protection standards required by German and EU law. The German Data Protection Conference (DSK) has repeatedly warned that many legal tech solutions lack the necessary safeguards to protect client confidentiality, particularly when handling sensitive information such as medical records, financial data, or personal identification documents.
A recent ruling by the Federal Court of Justice (BGH) in January 2026 further underscored the legal risks of using unverified communication tools. In a case involving the monitoring of Telegram chats by law enforcement, the BGH ruled that authorities could only access messages sent after a judicial order was issued, not historical data. The decision reinforced the principle that digital communications, even on consumer platforms, are subject to strict legal protections under German and EU law.
“The AMIKPRO case is a wake-up call for the legal tech industry,” said Dr. Weber of the BSI. “Companies must prioritize transparency, independent audits, and compliance with GDPR and professional ethics codes. Users, especially law firms, must demand proof of security—not just marketing promises.”
What Happens Next?
The criminal investigation into AMIK Systems GmbH is expected to take several months, with authorities focusing on uncovering the extent of the alleged fraud and identifying any individuals or organizations involved. BaFin has indicated that it may impose fines or other penalties if violations of financial regulations are confirmed. Meanwhile, the BRAK is expected to release updated guidelines for digital communication in legal practice by the end of May 2026.
For users, the next critical step is to monitor official updates from BaFin, the BSI, and local law enforcement agencies. The BSI has set up a dedicated information page with resources and guidance for affected individuals and organizations. Law firms are also advised to consult with cybersecurity experts to assess their exposure and implement stronger data protection measures.
As the investigation unfolds, one thing is clear: the AMIKPRO scandal is not just about a single app—it is a cautionary tale about the dangers of trusting unverified digital tools in an era where data privacy and security are more critical than ever.
Have you or your organization been affected by the AMIKPRO app? Share your experience in the comments below, and stay tuned for updates on this developing story.