Search

Aarogya Setu App Privacy Issue: Government says No Data or Security Breach; Know Everything Here

Aarogya Setu Privacy or Security Issue: Ethical hacker named Elliot Alderson tweeted that Aarogya Setu app puts privacy of 90 million Indians at stake. However, hacker did not disclose the flaws.

May 6, 2020 18:26 IST
facebook IconTwitter IconWhatsapp Icon

Aarogya Setu App has been red-flagged by a Paris-based ethical hacker who claims that this COVID-19 contact tracing app has a security issue. The hacker named Elliot Alderson tweeted about the same on May 5, 2020 stating that the app puts privacy of 90 million Indians at stake. However, hacker did not disclose the flaw or vulnerability.

In a reply to hacker's tweet, the makers of Aarogya Setu App issued a statement clarifying that no data or security breach has been identified in the app. The statement details about the user's data extracted by the app on different occasions such as at the time of registration, self-assessment and others. Have a look at the Hacker's tweet and the Aarogya Setu's statement below:

Ethical Hacker's tweet regarding flaws in Aarogya Setu app:

Ethical Hacker points out flaws in Aarogya Setu app

Aarogya Setu App Maker's reply:

Aarogya Setu's reply to hacker

Aarogya Setu's Clarification against Issues raised by hacker

Issue 1: App fetches location of users on a few occasions

Aarogya Setu's Reply: The fetching of user's location is by design and is also mentioned in the app's privacy policy. The user’s location is stored on the app's server in a secure and encrypted manner is following occasions:

-During user registration

-During self-assessment

-During voluntarily submission of contact tracing data by users

-When app fetches user's contact tracing data after they turn COVID-19 positive

Issue 2: Users get COVID-19 statistics displayed on app's home screen when they change the radius or latitude-longitude through a script

Aarogya Setu's Reply: The radius parameters of the app are fixed and takes only one value among the five - 500 metres, 1 km, 2 km, 5 km and 10 km. These values are posted with HTTP headers and any other value apart from these fives gets defaulted to 1 km.

On the other hand, users can change the latitude or longitude to get information of multiple locations. However, the API call is behind Web Application Firewall, making bulk calls impossible. Accessing data of multiple locations through this is similar to asking people of their location‘s COVID-19 stats. This information is already public and does not compromise on sensitive or personal data.

Ethical Hacker warns Aarogya Setu App Makers

The statement mentions that as per the ethical hacker, no personal information of users has been proven to be at risk. The makers assure the users that there is no data or security breach identified in the functioning of app. To this, the ethical hacker replies in a tweet warning the government that if data breaches are not fixed, he would disclose the issues publically. Have a look:

Ethical Hacker's warning against Aarogya Setu app

Aarogya Setu app was launched in March 2020 soon after the Lockdown was announced in India amid Coronavirus outbreak. The app, developed by National Informatics Centre (NIC) under MeiTY, helps the government in contact tracing and identify the location of people turning COVID-19 positive. Within a month of its launch, the app has about 90 million users.

Download our Current Affairs & GK app For exam preparation

डाउनलोड करें करेंट अफेयर्स ऐप एग्जाम की तैयारी के लिए

AndroidIOS