New Delhi, May 6: And a word against word is enough to ruin the stakes! The Aarogya Setu App developers have issued a statement on Wednesday rubbing off the potential privacy issues that earlier noted that the data of 90 mn Indians was in dander. This is after a French hacker Robert Baptiste, who tweets with pseudonym Elliot Alderson, posted that he had found a major security issue on the Aarogya Setu app.
Elliot Alderson tweeted, “A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private?” while tagging the official handle of the app. He then tweeted, “49 minutes after this tweet, @IndianCERT and @NICMeity contacted me. Issue has been disclosed to them.” Soon after, the Aarogya Setu developers also released a statement clarifying how the app works.
The statement released by the dvelopers said that the Aarogya Setu app is designed to collect a user’s location at certain points in the process, while the user is setting up the app and registering, at the time when the user is making a self-assessment, and also every time when a user either voluntarily shares their contact tracing data from within the app or in case a self-assessment indicates COVID-positive.
One surprise in all this process was that the ethical hacker in his series of tweets mentioned a Post Script saying that Rahul Gandhi was right. "The Aarogya Setu app is a sophisticated surveillance system, outsourced to a pvt operator, with no institutional oversight - raising serious data security & privacy concerns. Technology can help keep us safe; but fear must not be leveraged to track citizens without their consent", Gandhi had tweeted earlier. Now the link between Gandhi and Alderson is yet to be trailed out in open.
Aarogya Setu is a contact-tracing app developed by the National Informatics Centre (NIC) under the Ministry of Electronics and Information Technology, and is being pushed by the Government of India, as the one-stop solution for contact tracing as the COVID lockdown continues in the country. It has been made mandatory for employees of all private companies, and government employees also have to install the app on their phones.
Alderson also pointed out that the user could get the COVID-19 stats displayed on Home Screen by changing the radius and latitude-longitude using a script. For this, the Aarogya Setu developers say that the radius parameters were fixed and could only take one of the five values: 500 meters, 1km, 2km, 5km and 10km. They added this does not compromise on any personal or sensitive data because the information is already public for all locations.