Immuni

How collaboration ensured the privacy and security of the COVID-19 contact tracing app.

Immuni: the official pandemic contact tracing app.

In 2020, the world faced an unprecedented challenge: the COVID-19 pandemic. The need to contain the spread of the virus and protect public health led to the development of Immuni in Italy, the official contact tracing app promoted by the Ministry of Health. Immuni was not just an app, but a symbol of the collective fight against the virus, built with the intention of combining effectiveness and respect for citizens’ privacy.

The challenge: to guarantee privacy without jeopardising the effectiveness of the app.

From the outset, Immuni was at the centre of a heated debate, with concerns about security, data management and transparency. To gain users’ trust and ensure maximum security, Bending Spoons, one of the leading Italian and European technology companies that developed the Immuni app, chose Mobisec as a strategic partner to oversee all aspects of the app’s privacy and security.

 

Immuni, l'app italiana per il contact tracing durante la pandemia COVID-19

The Immuni project required an agile, bold and innovative approach. The crucial question was clear:

“How to design an app capable of monitoring contacts efficiently, while ensuring maximum privacy protection?”

The first step was to understand the peculiarities of the project: the sensitivity of the data involved and the media attention required extremely high security standards. The challenge was to protect not only an application, but the trust of millions of people and institutions in Italy.

A complex set of often conflicting challenges.

Data management and permissions

GDPR compliance was required. The list of permissions that were required by the app was carefully scrutinised to ensure that they were kept to the bare minimum.

Vulnerability analysis

Mobisec performed an in-depth analysis of the Immuni app to identify any vulnerabilities in the app and connected systems, to ensure the level of resilience to threats.

Data and network testing

Mobisec simulated complex scenarios to test the code quality and behaviour of the Immuni App under different usage conditions to identify potential areas of improvement.

Immuni as an example of security and transparency.

Mobisec's work has produced concrete and significant results.

1

The tests did not reveal any significant vulnerabilities, demonstrating the effectiveness of the security measures implemented to protect user data.

2

The publication of the source code on GitHub has ensured total transparency, strengthening public trust and encouraging collaborative participation.

3

Immuni received excellent scores for privacy and data security, establishing itself as a reference for other similar technology initiatives.

Key learnings.

A lesson for new challenges in the future.

icon

Security and privacy

Immuni’s experience has shown that it is possible to strike an effective balance between security and privacy, and has also pointed the way forward for future technological projects in the health sector.

icon

At the service of users

This project has helped to create a solid base of knowledge and skills that can be used to face new challenges, always with the aim of putting users’ trust and protection at the centre.

icon

Working for the common good

Immuni’s story is an extraordinary example of technology, security and collaboration addressing the most complex challenges and creating a solution that meets security and privacy needs.