Skip to content
Switch branches/tags
Go to file
Cannot retrieve contributors at this time

This document is also available in spanish

What is Open Coronavirus?

The availability of an effective vaccine may be delayed indefinitely for up to possibly 18 months. This requires quarantine measures - currently of a general nature - for the entire population. At the same time, health authorities are contemplating performing diagnostic tests at the population level, to ensure proper epidemiological control.

The Open Coronavirus project offers, for this time interval, a digital solution for monitoring, diagnosing and containing SARS-CoV-2 infection that allows quarantine measures to be applied in a controlled manner at focal points or hotspots, thus minimizing the general quarantine of the population, reducing the overload of health systems, and at the same time facilitating the progressive resumption of daily activity in the shortest possible time.

The system will have 3 applications:

  • Citizen App. Collaborative Mobile app to control spread of SARS-CoV-2.

    The application allows you to request a test, and receive the ensuing results. Will be made possible by a personalised QR code to identify the user.

    Anonymous cross paths of the user (with Bluetooth Low Energy) will be logged into his mobile to control possible infections and to enable SARS-CoV-2 monitoring by health authorities.

  • Centralised Data Management Software (coming soon) where health & epidemiologic control authorities will track the spread of SARS-CoV-2.

  • Authorities App. Mobile app enabling authorities to read the users' QR codes where needed, as well as tracking the users' mobility.

Important A team of medical and bioethical research experts from Oxford University explains the need for such an application:

Should the Ministry of Health, or the regional health authorities decide to take on the dissemination of the app and the processing of its data, the use of the app would be in line with General Data Protection Regulation (GPDR).

For more information, you can consult WikiProject:

Why did we create Open Coronavirus?

We do not intend to publish this APP, since it must be the relevant Ministry or body that does so. We know that the government is investing in an application like this one however since speed is key, we are making this code available to the relevant bodies in the event it may be of use. Given the urgency of the current situation, no amount of help is enough. That is why we have designed and programmed the basic core of a project with 100% functional apps that can respond to some citizens’ needs during the quarantine period. The design is flexible enough to add or change functionalities in an easy and fast way, which is what we need now. This application aims to help citizens and fight the pandemic. Be responsible. Together, we will defeat the virus! #iamstayinghome

How is the app follow the spread of the virus based on the Bluetooth Low Energy?

The app uses Bluetooth Low Energy technology which is able to track possible COVID-19 exposure. Every citizen has the application installed and with bluetooth connected.

This is how the Bluetooth LE system works:

  1. When two citizens are physically close their phones will exchange anonymous identification codes through Bluetooth LE. Each of these encounters will be stored in the phone's memory.

    The proximity of the the two phones is measured based on the intensity of the bluetooth signal. It will also store the amount of time that you were with the individual who is COVID-19 positive to know your level of exposure to the virus.

    This information will only be stored for a limited period of time as a protection to citizens' privacy. You can figure the amount of time using the tool but it is recommended to be set to between 14 and 37 days which is the amount of time in which a diagnosed carrier would have been able to infect others with COVID-19.

  2. In the case that a citizen is tested positive for COVID-19, the application would update your QR status to red and perform the analysis to determine which people you could have been in close proximity to.

    The system will upload to a server all potentially contagious encounters and would send a push notification to those individuals so that they would be aware of the potential risk and/or to encourage them to have a diagnostic test.

It is fundamentally important that the official health system of the administration or government be properly integrated with the application.

Bluetooth LE flow
Follow the spread of the virus based on the Bluetooth Low Energy

This past 10th of April 2020, Apple and Google made an [official agreement](insert link here) to implement a native level contract tracing technology on their operating system using Bluetooth Low Energy technology.

Conceptually it is a similar strategy to what is used in Open Coronavirus.

As soon as API SDK is functioning we will work to connect our bluetooth system to the native system to have more inclusive and optimal results.

Legal considerations

The project has not been published. Before publishing, one of the things that must be done is its adaptation to the legislation on the processing of personal data. The project is available to any Ministry of Health, state administration or competent autonomous administration for implementation. They will be responsible for the dissemination of the app and processing of the data obtained, following the GDPR Law. The data collected must be managed following the law regarding security measures for its storage, maximum term of custody and storage, and information on user rights (especially information concerning purpose and revocation of consent). Likewise, although this app asks the user for their consent, the GDPR Law also contains exceptions to the need for prior consent for the treatment of data, in the event of an epidemic or for the protection of people's health based on general interest, which is our current situation. The scenario in which this report focuses is one in which the autonomous health authorities adopt extraordinary measures for the protection of public health, since it is the only body authorized to adopt this type of measure.

According to the Spanish Data Protection Authority (APED) To comply with decisions about the coronavirus pandemic that are adopted by the competent authorities, particularly health authorities, data protection regulations should not be used to hinder or limit the effectiveness of the measures that these authorities adopt in the fight against the pandemic. Data protection regulations allow the adoption of measures necessary to safeguard the vital interests of individuals, essential public interest in the healthcare field, the performance of medical diagnostics, or compliance with legal obligations in the work sphere, including the treatment of health data without the need for the explicit consent of the affected party. In any case, the processing of this data must observe the principles established in the GDPR, in particular those of minimization, limitation of purpose and minimization of data retention.

Risk mitigation strategy to maximize both data privacy and data utility

Open-coronavirus is being designed according to the following principles:

  • Compliance with user privacy rigths: We believe no one should be obligated to share their personal information. On the one hand, non-carriers (i.e. those tested negative) are not required to share any personal information with a third party. On the other hand, diagnosed carriers would be prompted to share information, only with prior user-consent and on a decentralized, encripted and temporary way so to help implement the geospatial risk trace module including user alerts, which are necessary to maintain an effective surveillance.
  • Time limited storage of location trails further protects the privacy of diagnosed carriers. On this regard, first only anonymized, redacted, and aggregated sensitive information should be stored. Also, the appropriate amount of time for data storage should equal and not exceed the time during which a diagnosed carrier could have possibly infected another individual which for Covid-19 is between 14 to 37 days.
  • Use of a distributed network, rather than a central server
  • Use of an open-source approach to create an app to fosters trust in the app’s privacy protection capabilities, as independent experts and media can access and evaluate the source code.

The principles outlined above, while being technically compatible with current data privacy regulations are inspired in Apps Gone Rogue: Maintaining Personal Privacy in an Epidemic

Project Structure

The project is built on top of an horizontal architecture of node servers running on dockers and being balanced against a mongoDB database. The design allow to replace the database by whatever data stores since repositories (classes in charge of comunicating with the data store) are decoupled from the rest of the code. The framework used is Loopback 4, which allow to define models, controllers, repositories and datasources completely decoupled.

Apart from that, we know that this application should be integrated with health department databases, so we have define some services as interfaces allowing easily to integrate it with real databases by just implementing those interfaces.

The project is organized as follows:

  • server - NODE server (Loopback)
  • app-citizen - Code of the CitizenApp (Ionic)
  • dashboard - Code of the web dashboard where the data analysis will be performed (Angular) (coming soon)
  • app-police - Code of the Authorities’ App (Ionic) The app compiles for both Android and iOS.


To run the server, you need a mongoDB database and must adjust the or .env.production settings accordingly. You will also need to download all dependencies using

cd server
npm install

Finally, to run the server use

npm start

Citizen App

The App is made with the ionic framework. You will need to install the client using

npm install -g @ionic/cli

You will also need to download all dependencies using

cd app
npm install

Then, to run it use (use configuration parameter to force english version)

ionic serve --configuration=en

This allows you to run the app in a browser.

In order to test your application in a real device like an iphone or an android phone, execute the following command:

ionic capacitor run ios --livereload --external --host=<server-ip>

Just determine the network ip of the host where ionic is running the http server and replace in the --host parameter.

Citizen App displays (main element of the project)

Pantalla 1 Pantalla 2 Pantalla 3
Pantalla 4 Pantalla 5 Pantalla 6
Pantalla 7 Pantalla 8 Pantalla 9
Pantalla 10 Pantalla 11 Pantalla 12
Pantalla 13 Pantalla 14 Pantalla 15
Pantalla 16 Pantalla 17 Pantalla 18
Pantalla 19 Pantalla 20 Pantalla 21
Pantalla 22

More info


MIT License

Special thanks

Special thanks to Trayma Traducciones for the english translations

Special thanks to Alex Nogues for translate to english the wiki

Special thanks to Marc Mauri for translate to catalan the app

Special thanks to Yaiza Berenguer for translate to french the app

Special thanks to Laura Gea for translate to italian the app

Special thanks to Ma. Amparo Aymerich for translate to german the app

How you can help

PRs welcome.

Slack workspace: slack://