Immuni
- The short name or acronym of the project
-
Immuni
- The release version of the software application. If there is no official version number, use 20YY-MM-DD-unstable
-
Android 1.3.0 & iOS 1.3.1
- Main organisation(s) behind the technology
-
Bending Spoons S.p. A https://bendingspoons.com/
- The web address of the source code of the project
-
https://github.com/immuni-app
- Are all components of the project publicly available under an OSI Approved Licence?
-
Yes
-
https://github.com/immuni-app/immuni-documentation#immunis-high-level-description
- Pointers to other sources of information, e.g. whitepapers, architectural designs
-
https://github.com/immuni-app/immuni-documentation/blob/master/Technology.md#architecture
- Official description of the data flow and the overall architecture
-
https://github.com/immuni-app/immuni-documentation/blob/master/Technology.md#core-flow
TEK and RPI generation. Every 24 hours, the Mobile Client generates a new TEK (Temporary Exposure Key) and stores it locally. The Mobile Client derives RPIs (Rolling Proximity Identifier) from the TEK via a cryptographic hash function. Every RPI is associated with a subinterval of the 24 hours of a TEK’s validity. Using a cryptographic hash function makes it practically impossible to derive a TEK from an RPI.
RPI exchange. Mobile Clients use BLE to continuously broadcast the RPI associated with the current subinterval of the 24 hours, and collect RPIs from Mobile Clients they were Exposed to. The received RPIs are stored locally, together with the timestamp of the event and the Attenuation.
TEK upload. When a user tests positive for SARS-CoV-2, a Healthcare Operator will ask them whether they wish to dictate the OTP (One Time Password) they can locate in the App. If so, the Healthcare Operator inserts the OTP provided by the user into the HIS (Health Information System), and the HIS forwards the OTP to the OTP Service. This operation authorises the App to upload to the Exposure Ingestion Service the TEKs generated over the previous 14 days.
TEK Chunk publishing. On a regular basis, the Exposure Ingestion Service creates TEK Chunks containing the TEKs that have been uploaded since the last TEK Chunk creation. The Exposure Reporting Service makes the TEK Chunk available publicly.
Exposure Detection and notification. On a regular basis, the Mobile Clients download the new TEK Chunks (A set of TEKs uploaded by Mobile Clients of users tested positive for COVID-19 in a specific time window), verify whether any TEK Matches the RPIs received and stored locally by the Mobile Client over the previous 14 days, and compute an Exposure Detection Summary. This includes summary information on Exposures to the TEKs within the TEK Chunk. It also includes the maximum Total Risk Score across these Exposures, if any. If at least one Exposure has occurred and the maximum Total Risk Score is above a certain threshold, Exposure Info is computed for each Exposure and the user is notified that they may be at risk, then provided with a recommendation of what to do.
-
Self-diagnosis Exposure notification
-
- Upload the logo of the project if available. Non-essential, but pretty.
-
-
General principles
E.g. Bluetooth, Bluetooth Low Energy, Near-Ultrasound, Ultrasound, LIDAR, 802.11x, Zigbee, infrared, visible light, UV. More than one answer is possible. -
Bluetooth
- Select the technical protocol(s) supported by the application. If the protocol is not yet inthis list, please save this page, navigate to the protocols list and add before proceeding.
-
Apple-Google
- Is the application based on a published technical specification for contact tracing (eg DP3T, BlueTrace, Google-Apple)?
-
Yes
-
Apple/Google exposure notification framework https://github.com/immuni-app/immuni-documentation/blob/master/Technology.md#architecture
- Is there evidence of the (epidemiological) effectivity of the application? Please add any links to information on studies or trial runs that showcase that the technology proposed .
-
-
Legal/licensing information
Are all components of the project publicly available under OSI Approved Licence(s)? If you know which license(s), please use SPDX identifiers. -
AGPL-3.0
- If not all components used are open source, please provide a technical description of these components suitable for publication, and any third party security analysis. Provide contact details of each technology supplier.
-
- If the project is known to be encumbered by (software) patents or other intellectual property claims by any of its creators or known third parties, please indicate which. Also, feel free to list any defensive publications.
-
-
Platforms, build environment
On which platforms can the application(s) run? -
Android 6+ iOS
-
Smartphone
- Location(s) of the app(s) in various app stores (F-Droid, Google Play, Apple Store, Jolla Store, etc).
-
https://play.google.com/store/apps/details?id=it.ministerodellasalute.immuni&hl=en_US
https://apps.apple.com/us/app/immuni/id1513940977 - What external libraries and SDKs does the application depend on?
-
https://github.com/immuni-app/immuni-documentation/blob/master/Technology.md#ios-app-technologies
https://github.com/immuni-app/immuni-documentation/blob/master/Technology.md#android-app
- Which tools (IDE, etc.) are necessary to build the application from the available sources?
-
Android: Android Studio or Gradle Wrapper
- Do different builds of the application yield the same bits?
-
No
-
https://github.com/immuni-app/immuni-documentation/blob/master/Technology.md#reproducible-builds
- Is the user in control when some or all bits of the application are replaced?
-
-
- Is the update mechanism compatible with the requirements of TUF (https://theupdateframework.io/security), including resilience against rollback attacks, extraneous dependencies attacks and handling vulnerability to key compromises?
-
-
Security
-
https://github.com/immuni-app/immuni-documentation/blob/master/Application%20Security%20Description.md
https://github.com/immuni-app/immuni-documentation/blob/master/Traffic%20Analysis%20Mitigation.md - If the developers have published or adopted a dedicated threat model for their app, provide a web link.
-
No formal threat model deliverable.
- If there have been in-depth security analyses of the application(s) and/or underlying protocols, provide web links to publicly available reports. One line per report.
-
No available report.
- If there are known security weaknesses or shortcomings that are currently unresolved, please provide a link to CVE's/bug reports or other available sources.
-
No exploitable vulnerability we are currently aware of.
A known shortcoming is the lack of signature of files that are hosted on the CDN, which we are planning to implement in a future release. - Is the temporary data stored by the solution protected by modern, strong cryptographic means
-
Yes
-
https://github.com/immuni-app/immuni-documentation/blob/master/Application%20Security.md
- Exposure of interfaces with critical system level security flaws.
-
-
Privacy
General impact assessment
Has a Data Privacy Impact Assessment (DPIA) or equivalent privacy analysis been conducted in relation to the technologies used or proposed by the project? A DPIA is a formal assessment of privacy risks users are to be exposed to. Provide a link to the outcome of this assessment, and any updates or responses or mitigations that have been implemented since in response to the findings of the DPIA. : Provide web addresses of the DPIA and any follow ups. -
- Provide links to other noteworthy articles and reports regarding or mentioning the project.
-
- Are there any special provisions made for protection of the information of minors, or legally incompetent people?
-
-
Mobile app specific questions
Does the solution have complete governance/run-time control over client-side hardware while in deployment, including the OS? Or is there shared tenancy, and are there other applications running? -
-
- Use of the solution does not require the use of an online account which is traceable to individuals. E.g. a vendor account which needs to be activated before a mobile phone can be used.
-
Yes
-
https://github.com/immuni-app/immuni-documentation/blob/master/Product.md
- Is use of the solution tied in any way to the use of (an) account(s) with any third party, other than national?
-
No
-
https://github.com/immuni-app/immuni-documentation/blob/master/Privacy-Preserving Analytics.md
- Does the application make use of fixed, traceable, device specific identifiers or accounts, like phone numbers, IMEI, etc?
-
No
-
https://github.com/immuni-app/immuni-documentation/blob/master/Privacy-Preserving Analytics.md
- Is the solution free from telemetry/tracking?
-
No
-
https://github.com/immuni-app/immuni-documentation/blob/master/README.md
- Does the application request/require OS privileges to e.g. recent contacts, the address book, location based services, the camera, etc.?
-
Yes
-
https://github.com/immuni-app/immuni-documentation/blob/master/Technology.md#mobile-client
- For each of the requested permissions explain how the data or the funcitonality that can be accessed through that permission is used by the application. Specify whether this access is merely local, or whether information obtained through this is shared centrally.
-
https://github.com/immuni-app/immuni-documentation/blob/master/Technology.md#mobile-client
Location (Android only).
On Android devices, Location needs to be on at the operating system level to detect nearby devices, although the A/G Framework’s documentation explicitly states that it does not actually use location data. This may be quite confusing for the user, but unfortunately it is outside of the Android App’s control. Please note that the Android App will not request the Location permission, nor will it have access to location data. However, Location needs to be activated at the operating system level for the A/G Framework to work properly. - Is there any location data (or equivalent) stored?
-
No
-
https://github.com/immuni-app/immuni-documentation/blob/master/Product.md#privacy
- Does the application or device have a built-in kill-switch where it ceases to function after a predetermined point in time, to avoid unnecessary risk exposure?
-
Yes
-
https://github.com/immuni-app/immuni-documentation#privacy
- Users can choose to expose whether or not they are infected, even under pressure or threat
-
-
- Can the user determine when data is uploaded
-
Yes
-
Privacy (Bluetooth related)
-
https://github.com/immuni-app/immuni-documentation/blob/master/Technology.md#ag-framework-
- Is the privacy and the security of the user of the solution safe from compromise related to external observability of device-specific Bluetooth identifiers?
-
Yes
-
https://github.com/immuni-app/immuni-documentation/blob/master/Technology.md#ag-framework-
- Is a fixed Wifi MAC address broadcast by the solution?
-
No
-
https://github.com/immuni-app/immuni-documentation#privacy
https://covid19-static.cdn-apple.com/applications/covid19/current/static/contact-tracing/pdf/ExposureNotification-BluetoothSpecificationv1.2.pdf?1 - Is the Bluetooth ID of the user (or a derivation that can be easily linked back to it) broadcast?
-
No
-
Detailed privacy related attributes
-
https://covid19-static.cdn-apple.com/applications/covid19/current/static/contact-tracing/pdf/ExposureNotification-CryptographySpecificationv1.2.pdf?1#page=7&zoom=auto,-13,788
https://github.com/immuni-app/immuni-documentation#privacy - The application only shares anonymous attributes.
-
No
-
https://github.com/immuni-app/immuni-documentation#privacy
https://covid19-static.cdn-apple.com/applications/covid19/current/static/contact-tracing/pdf/ExposureNotification-BluetoothSpecificationv1.2.pdf?1 - Can the user of the app review and redact their data, or decide to not upload some data?
-
Yes
-
-
No
-
https://github.com/immuni-app/immuni-documentation#privacy
- Does the application request/require privileges to e.g. recent contacts, the address book or other user-specific data?
-
No
-
- Is the real identity (or a strongly linked attribute) stored outside of the user device?,
-
No
-
https://github.com/immuni-app/immuni-documentation#privacy
- Is the phone number of the user (or a derivation that can be easily linked back to it) stored outside of the user device?
-
No
-
https://github.com/immuni-app/immuni-documentation#privacy
-
No
-
https://github.com/immuni-app/immuni-documentation/blob/master/Product.md
- Is there any location data (or equivalent) stored externally?
-
No
-
https://github.com/immuni-app/immuni-documentation#privacy
- Is the wifi mac addres of the user (or a derivation that can be easily linked back to it) stored outside of the user device?
-
No
-
https://github.com/immuni-app/immuni-documentation#privacy
https://covid19-static.cdn-apple.com/applications/covid19/current/static/contact-tracing/pdf/ExposureNotification-BluetoothSpecificationv1.2.pdf?1 - Is the Bluetooth ID of the user (or a derivation that can be easily linked back to it) stored outside of the user device?
-
No
-
- The solution is guaranteed to never leak information about IP addresses of users to the backend.
-
Yes
-
Available third party analysis
-
https://github.com/immuni-app/immuni-documentation#analytics
- Relevant publications on the judicial aspects of the application(s) and protocol(s)
-
- Studies and analyses of the technical aspects of the application
-
-
Customization and usability aspects
Is the application ready to be used with multiple languages (i18n) if translated strings are provided? -
-
- Give the web address of any accessiblity certifications by an accreditated certifcation instance. If there are more than one, put each link on a new line.
-
- Has the assistive technology been designed to not expose users with disabilities with additional privacy risks?
-
No
-
Backend
-
https://github.com/immuni-app/immuni-backend-app-configuration
https://github.com/immuni-app/immuni-backend-exposure-ingestion
https://github.com/immuni-app/immuni-backend-exposure-reporting
https://github.com/immuni-app/immuni-backend-otp
https://github.com/immuni-app/immuni-backend-analytics
https://github.com/immuni-app/immuni-backend-common - Select where and how the data produced by the solution is hosted
-
Centralized Data store (foreign)
- If an external back-end technology is used in conjunction with the application or device, please provide a link to its repository or home page
-
https://github.com/immuni-app/immuni-documentation/blob/master/Technology.md#backend-services
- Any other relevant remarks and considerations