Despite privacy issues, the Immuni app was the most downloaded app in Italy in the first 24 hours of distribution, both on the App Store and Google Play.
The app is already active throughout Italy, but only from Monday, June 8th will be integrated into the health systems of Liguria, Marche, Abruzzo and Puglia.
Therefore everyone can install it, so that it can start to store the codes of the other smartphones on which it is installed and with which it comes into contact via Bluetooth at less than two meters and for at least 15 minutes, however, only from next week health professionals in Liguria, Marche, Abruzzo and Puglia will be able to start reporting those who tested positive so that notifications are sent to those with whom they have come into contact.
The service is on a totally voluntary basis, as there is no obligation to download and install it, and there is also no obligation for people tested positive for the SARS-CoV-2 coronavirus to notify healthcare professionals of their code generated by the app.
However, two small bugs have already been detected.
Some Apple users have reported that, after installing it correctly, the tracking has stopped working, while some Android users complain about a similar problem that can be solved by turning Bluetooth off and on again.
However, according to Open, there is another critical point.
One user reported that in the notification code received when the system realizes that their smartphone on which the App is installed has been close to that of an infected person for more than 15 minutes, the date of when the meeting would take place is also displayed.
This information could allow the user to identify the identity of the person who is infected, with a clear violation of privacy.
From the user’s point of view, the operation of the app is limited to any notifications that the user would receive if the system realized that his app had been in contact for at least 15 minutes, and less than two meters away, with another app whose code is associated with that of an infected person. But in reality the app, and especially the underlying data collection system, does much more.
The point is that the app is designed to store the codes of other apps with which the smartphone comes into contact via Bluetooth. As long as these codes are only stored on the user’s smartphone and stored securely, there is no risk to privacy because the app does not communicate the data to a central server.
In short, the data collected by the app can remain always and only inside the user’s device.
The fact that the app’s code is open source allows verifying whether the app works properly.
However, if the user is found positive for the SARS-CoV-2 coronavirus, and decides to communicate his app code to the healthcare provider, privacy may be violated.
Although this could theoretically be a purely voluntary decision, it is not impossible to imagine that pressure could be put on positive users to communicate their code.
If the user agrees to communicate his or her code to the healthcare provider who found him or her positive, this code could first be stored on a central server. To date, there is no confirmation that this will happen, but it is not impossible.
One point that is not yet completely clear is whether or not the codes with which the app of a person found positive are communicated to the central server.
Until now, this possible functionality has not yet been highlighted by anyone, but it has not yet been conclusively denied by an in-depth analysis of the code.
What is known is that the app currently being distributed only stores codes on the user’s device, but despite this, a recent code analysis has revealed that the app communicates data to the central server in case a user is found positive and communicates his/her code to the healthcare provider.
Therefore, the central server collects data, albeit anonymously, and even if a user is never found positive, or decides not to communicate his or her code to the healthcare provider, in the event that his or her app is in contact with that of another user found positive, when the latter decides to communicate his or her code to the healthcare provider, the other user’s code will also be stored.
Combining this with the fact that the date of possible contagion is communicated in the notification to the users, it is possible to state that the users’ information is not absolutely protected, even though it is stored and possibly distributed in an exclusively anonymous way.
