How collaboration ensured the privacy and security of the COVID-19 contact tracing app.
In 2020, the world faced an unprecedented challenge: the COVID-19 pandemic. The need to contain the spread of the virus and protect public health led to the development of Immuni in Italy, the official contact tracing app promoted by the Ministry of Health. Immuni was not just an app, but a symbol of the collective fight against the virus, built with the intention of combining effectiveness and respect for citizens’ privacy.
From the outset, Immuni was at the centre of a heated debate, with concerns about security, data management and transparency. To gain users’ trust and ensure maximum security, Bending Spoons, one of the leading Italian and European technology companies that developed the Immuni app, chose Mobisec as a strategic partner to oversee all aspects of the app’s privacy and security.
The Immuni project required an agile, bold and innovative approach. The crucial question was clear:
“How to design an app capable of monitoring contacts efficiently, while ensuring maximum privacy protection?”
The first step was to understand the peculiarities of the project: the sensitivity of the data involved and the media attention required extremely high security standards. The challenge was to protect not only an application, but the trust of millions of people and institutions in Italy.
A complex set of often conflicting challenges.
GDPR compliance was required. The list of permissions that were required by the app was carefully scrutinised to ensure that they were kept to the bare minimum.
Mobisec performed an in-depth analysis of the Immuni app to identify any vulnerabilities in the app and connected systems, to ensure the level of resilience to threats.
Mobisec simulated complex scenarios to test the code quality and behaviour of the Immuni App under different usage conditions to identify potential areas of improvement.
Immuni as an example of security and transparency.
Mobisec's work has produced concrete and significant results.
1
The tests did not reveal any significant vulnerabilities, demonstrating the effectiveness of the security measures implemented to protect user data.
2
The publication of the source code on GitHub has ensured total transparency, strengthening public trust and encouraging collaborative participation.
3
Immuni received excellent scores for privacy and data security, establishing itself as a reference for other similar technology initiatives.