Aarogya Setu: Security issue in Govt’s COVID-19 tracking app puts privacy of 90 million Indians at stake, claims hacker

By: |
Updated: May 6, 2020 11:38:19 AM

The Government of India says all is well with the Aarogya Setu app though.

aarogya setuAarogya Setu uses Bluetooth and GPS to notify users when they might possibly be at a risk of exposure to COVID-19. (Photo credit: Saurabh Singh/Financial Express)

An anonymous French hacker who goes by the name of Elliot Alderson on Twitter has discovered a security issue in the Government’s Aarogya Setu COVID-19 tracking app that could potentially put the privacy of 90 million Indians at stake. Being an ethical hacker, Alderson has “flagged” the issue to India’s Computer Emergency Response Team (CERT) and the National Informatics Centre (NIC) that falls under the Ministry of Electronics and Information Technology. Alderson is notably the same hacker who had earlier exposed issues in the Government of India’s mAadhar app for Android.

On Tuesday, Alderson took to Twitter to claim that he had discovered a security issue in the Aarogya Setu app and asked the Government to contact him in private, so the hacker could disclose it to the authorities. The Government contacted the hacker soon enough and the issue was disclosed to them. Alderson now awaits a fix for the said issue, failure of which would entail the hacker in disclosing the issue in public, as per the core tenets of ethical “white hat” hacking.

The Government did come out with a detailed response to the hacker’s claims in the wee hours, last night. But the reason why we say the hacker still awaits a fix, is because in the words of Alderson, the Government basically said “(there’s) nothing to see here.” In other words, all is well with Aarogya Setu, as per the Government of India, even though the hacker appears to have raised not one, but two concerns with the app.

“No personal information of any user has been proven to be at risk by this ethical hacker. We are continuously testing and upgrading our systems. Team Aarogya Setu assures everyone that no data or security breach has been identified,” the makers of Aarogya Setu said.

Alderson has already put the word out on Twitter that he will come out with more information today, and we will update this piece as soon as we know more.

In the meanwhile, Alderson isn’t the only one to have raised alarm over privacy issues in the Aarogya Setu app. New Delhi-based Software Freedom Law Centre has alleged that the app collects sensitive user data such as a user’s gender and travel history, The Internet Freedom Foundation (IFF) has also alleged that Aarogya Setu lacks transparency.

The issues are particularly serious, to be looked into, because even though Aarogya Setu is seemingly a “voluntary” app, it’s being made more and more “mandatory” each passing day. Failure to install it on smartphones (when out in the public) is even punishable in Noida and Greater Noida, as per a new directive by the UP police, which is a first for any such app. The Government has also directed public and private sector employees to have it installed on their smartphones. “Use of Aarogya Setu app shall be made mandatory for all employees, both private and public. It shall be the responsibility of the head of the respective organisations to ensure 100 percent coverage of this app among the employees,” according to a recent MHA directive. Needless to say that Aarogya Setu is already mandatory for Central Government employees. And for people residing in COVID-19 containment zones.

Also Read Aarogya Setu is Government of India’s first ‘comprehensive’ COVID-19 tracking app, here are all the details

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

Next Stories
1Jio effect: MTNL launches Rs 251 prepaid plan; offers 1GB daily data and unlimited calling
2Zoom calls won’t be fully end-to-end encrypted for free users; here’s why
3Darkness your kryptonite? GoPro’s Zeus Mini is here to save the day