Maybe it will be arrived with delay with respect to the forecast and emergency pandemic in Italy, but the app Immune remains an important tool to monitor the contacts COVID-19 in the next few months. How it really works this app?


How can I download the app?

Immune is available for free on the App Store in the category of Medicine. Despite the app was developed by the Italian software house Bending Spoons after winning a selection competition held by the Italian government, of course, on the store appears in the name of the Ministry of Health.

The app weighs in at 37 MB and requires iOS 13.5 or later versions. This means that it can be installed on the iPhone 6s and later models: iPhone 11, 11 Pro, 11 Pro, Max, Xr, Xs, Xs, Max, X, IF (2020), 8, 8 Plus, 7, 7 Plus, 6s, 6s Plus, IF (first-generation). Without a compatible smartphone, for the moment, the app is not usable. Immune is also available on the Google Play Store for Android smartphones, where we know that the downloads have exceeded 50,000 in a few hours.

The service will be active starting from June 8 in Abruzzo, Liguria, Marche and Puglia for the first stage of the test. Only in these regions, the app will be also linked to the national health System to report contacts with patients positive. Subsequently, the tracking system will be activated in the whole Italy. Of course, this does not prevent users of other regions to download and activate now the app, but without access to the various services.

Remember that the code is open source and available on GitHub. The license is the GNU Affero General Public License version 3.

What is it Immune?

The goal of the app is to help contain outbreaks of COVID-19 in Italy, thanks to the so-called notifications of exposure. In a safe manner and in compliance with the privacy (we will discuss in detail later), the app monitors the people with whom we come in contact and inform us in case one of these is positive to COVID-19.

Immune, therefore, proposes to inform the possible users potentially infected, even when they are asymptomatic. In this way, users are alerted and can then isolate themselves to avoid the risk of infect other people.

Are obliged to download the app?

No, absolutely not. Despite being an app that “government” has an important goal as to draw the contacts COVID-19, the use of Immune is absolutely voluntary. Obviously, the more people use the app and more this system is able to contain the spread of the virus.

On the first access, we need to insert our province of residence; this is the only data that we will need to provide to the app, which will remain anonymous. We should then accept all of the terms and conditions, in addition, the service may be used only by users that have more than 14 years.

How it works the Immune

At first launch, the Immune displays a series of screens that explain in detail how the tracking of the contact. Once installed, the app associates a random code to every smartphone and this code not only is changed several times per day, but it is completely anonymous, does not collect any personal information and is saved in the local.

Via Bluetooth Low Energy, the smartphone that you encounter during the day also exchange the respective random codes, in such a way that Immune to be able to keep track of contacts and can notify us in the event that one of these users is then positive to the virus. In that case, the Immune will alert you with a notification, providing all the information on how to best protect your health and that of your family.

The system can be used together with the RSSI (“Indication of the power of the received signal“) to estimate with greater precision the distance between the two phones at the time of the contact

Taking advantage of the system of random codes, the app never knows our identity. In addition, Immune integrates the API of Apple and Google that allow you to use the Bluetooth in the background too (with app closed) and do not require the use of the GPS. Translated, the app will never know our position.

These APIS ensures greater safety:

  • The entire system is opt-in and voluntary
  • Only apps built by the local health authority may use all functions of this API
  • The contact data are stored and processed only on the device of the user
  • The data are sent over a server – always anonymously – only in case of positivity, and only if decided by the user

How they are stored, the random codes?

The keys are stored locally on the device for a maximum of 14 days, and then be permanently deleted, and are also able to record the duration of the meeting between the two devices: the Immune, as expected from Apple and Google will not log any data if the length of the meeting is less than 10 minutes. The recording is in each case interrupted after 30 minutes, so as to avoid any deductions on the fact that the two devices have been in contact for a longer time. Another important aspect is that Immune not be able to verify most exposures in different days by the same phones, so as to not record repeated encounters between two or more users.

And in case of positivity?

As mentioned before, you will be informed through notification anonymous only in the case in which a person with whom you have been in contact in the last 14 days is found to be positive COVID-19. Immune will provide information on the degree of risk, depending on the distance and the time spent with that person.

To record positive COVID-19 it is necessary the intervention of the medical staff, in order to avoid false signals. In practice, you will need to provide to the health authorities Italian to a unique password. Once provided the password, the health authorities will carry out a check and put in the information in the central database, so to start the notification to all users that have come in contact with the positive patient.

Also this procedure is voluntary and no one can be compelled to provide this information within the app: users who have tested positive for the virus, you can choose to share on the server, the random codes that their smartphones have transmitted in the previous days, in order to make them available to other users. Also in this case, no personal information is shared.

To send these notifications of exposure, Immune and periodically checks the codes on the server to compare them with the ones saved on your device. In this way, the app will be able to determine if you have been exposed to a potential contagion.

Here is an example:

The person A and person B spend more than 5 minutes together in a restaurant. During this period, their smartphones, they exchange the identifier Bluetooth anonymous and random. The two people do not know, but the person is positive to COVID-19 a few days later and choose to report that a positive test through the app Immune. Person B will then receive a notification that says that someone with which has recently reported positive COVID-19. At that point, person B will receive a series of information on how to behave and what to do, also in relation to the degree of risk calculated on the basis of any symptoms.

If I get the notification, what happens?

As mentioned, there is the obligation to auto-quarantine. If you receive a notification that person has been in contact with a person tested positive for COVID-19, the app will provide some tips to be followed and will advise you to contact your doctor and reduce the risk of complications.

For example, if Immune do you recommend to isolate you, does not mean that you definitely have the SARS-CoV-2 or that you are obligated to do so. It just means that, on the basis of the information available to the app, the isolation is the safest thing to do for yourself and for the person next to you. Eventually, they will always and only health authorities to provide any particulars.

The recommendation is that, when the app sends you a notification, you can read it, open the app and follow the directions provided. For example, if the app prompts you to isolate you and call your general practitioner, it is essential that you do it immediately.

The privacy

Immune remember some important aspects related to security and privacy:

  • The app does not collect information about your name, surname, date of birth, address, telephone number, or email.
  • Immune can never go back to your identity or that of the people you come into contact.
  • The app does not collect location information, since the GPS is never used. This means that your movements are not saved, neither on the local nor on the server.
  • The data stored locally are encrypted with AES. Also the connections between the app and the server are encrypted.
  • The code of Bluetooth Low Energy that is transmitted by the app is randomly generated and does not contain any information regarding to your smartphone, nor about you. The code changes several times per hour.

The data provided by the users are positive will be saved in anonymous public servers that are managed by Sogei, a company owned by the Ministry of Economy and Finance. Users will only have to indicate the province they belong to, and these data will also serve to preallertare a certain territories based on the number of notifications sent.

The only information that the app sends to these servers are:

  • Your province of residence
  • If the app works correctly
  • If you have been alerted of a contact at risk

All the data are then managed by public bodies controlled by the Ministry of Health. The authorities will never enter in possession of personal information, since the codes are random and change periodically. The number of notifications sent each day, however, can serve to establish how many possible infections you may register in the next days and prepare accordingly. In addition, all data will be deleted when no longer needed , and in any case not later than December 31, 2020. In any case your data will be sold or used for any commercial purpose, including profiling and for advertising purposes.

The government has made available an official website that will help you to clarify all the doubts related not only to the functioning of the app but also to the question of privacy.

Latest indications on the persons concerned in the management of the app:

Under the coordination of the Ministry of Health and with the support of the Department for Technological Innovation and Digitization, working on the project of the company to public control SoGEI spa and PagoPA spa, together at Bending Spoons S.p.A., which continues to provide a service of documentation, design and software development, always free of charge and without decision-making authority or access to user data.

How to use the app?

Once you have accepted the terms and conditions and entered the province of an address, the app asks us permission to send you notifications. Once accepted, the app starts its activity by storing the random codes of the smartphones of other people with whom we come in contact. The user must not do anything, if not to launch for the first time the app.

The important thing is that the smartphone is turned on and that Bluetooth is turned on. You can also close the app manually, since the system will always work until the Immune is installed on the device. It is only necessary that the Bluetooth is always active so that the system can detect the contact with other users. Of course, we can enable or disable the Bluetooth when we prefer to

To make sure that you are using the app as expected, just open it and check that in the Home section there is written “active Service“. Otherwise, you have to do is press the “Resume ” Immune” and follow the instructions.

The Ministry of Health suggests these tips to make sure that the Immune may be effective:

  • When you leave home, always take with you the smartphone on which you installed the app.
  • Do not disable the Bluetooth (except when you’re sleeping, if you want to).
  • Do not uninstall the app.

And the battery?

Immune always works in the background to ensure that they are recorded all the temporary codes of the persons with whom we come in contact. The app uses Bluetooth Low Energy, a technology created to be particularly efficient in terms of energy savings, then there should be no particular problems in terms of autonomy. In these hours we have installed and activated the app on the iPhone 11, without to see a difference on battery life.

How much traffic consumes?

Also in this case, a little. Immune does not require a connection to the Internet is continuous, but has a need to connect at least once a day to download the necessary information to check if you have been exposed to users potentially infectious. Every day, in fact, the app download the new cryptographic keys of the user devices infected with the SARS-CoV-2 to check if you have been exposed to them and possibly warn you. By initial estimates, this operation consumes a few megabytes of traffic per day, the same power that you have when you open a page of a site with a few photos of the inside.

Just make sure that your smartphone is connected to the Internet at least once a day.

The cost of Immune?

According to official information, nothing, at least for development. For the Immune, the Italian government made use of a perpetual and irrevocable license on all the code, graphics, texts and the documentation is granted free of charge by Bending Spoons S.p.A. of course, this applies to the development and future updates of the app, for which the only costs pertain only to the maintenance of the server. We do not know the exact figures, but it should be for small amounts.


Most people use Immune, the more the app can be effective. There are no privacy issues. Immune integrates APIS from Apple and Google recommended also by third party institutions. The GPS is never used. In short, there are serious motives to not install Immune.

The more we are, the better it is.