Govt will pay you up to Rs 4 lakh for your suggestions to improve Aarogya Setu app; details inside

By: |
May 29, 2020 2:37 PM

The bug bounty program is open for anybody and everybody, including researchers and Aarogya Setu users, until June 26, 2020.

aarogya setuGovernment has made Aarogya Setu app open source. (Photo credit: @mygovindia)

The Government will pay you up to Rs 4 lakh in cash for finding bugs in Aarogya Setu or suggest improvements to make India’s indigenous COVID-19 tracking app even better as part of its bug bounty program. The bug bounty program is open for anybody and everybody, including researchers and Aarogya Setu users, until June 26, 2020.

“Everyone, including researchers and users of Aarogya Setu, are encouraged to report any vulnerability impacting the privacy and information security posture of Aarogya Setu application,” the Government notes in the program’s terms and conditions.

Researchers and cybersecurity experts (as well as anybody with the technical know-how) can now audit the Aarogya Setu app at their full discretion, because the Government of India has put up the entire source code of the Aarogya Setu app for Android on GitHub, or in simple words, it has made Aarogya Setu app open source. Source code for iOS and KaiOS (for JioPhone) as well as server side of things will also be available for all in the coming days, in a big win for privacy advocates.

With that in place, the Government has also announced a bug bounty program to allow security researchers to “responsibly” disclose vulnerabilities in the Aarogya Setu app and also get rewarded for their findings. There are a few guidelines to follow though. To begin with, the reported vulnerability should be present in the Aarogya Setu app or its source code or back-end server only and not in the platform such as operating system, cloud, web, server or database, or in technology such as Bluetooth, GPS or SMS. Also, the said vulnerability should be exploitable on “an unrooted phone running a version of Android supported by AarogyaSetu, with ADB Disabled and with all default Android security features in place.”

People are also encouraged to share improvements to the source code of Aarogya Setu as part of the bug bounty program. The Government notes that the “suggested code improvement should have a significant impact on the app’s overall performance improvement, battery usage reduction, memory and bandwidth reduction.”

Also Read Government of India makes Aarogya Setu app open source; here is what it means

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, Check out latest IPO News, Best Performing IPOs, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

Next Stories
1OTP messages not coming through? You are not alone, here’s why this is happening
2Microsoft security flaw could cause trouble for 20,000 US companies
3OnePlus reveals OnePlus 9 series design ahead of March 23 launch: here’s what it looks like