It’s just a year back when there was a scare about the Aarogya Setu app collecting and putting our personal information out in the open. The allegation was brought about by an ethical hacker. The team behind the app claimed to sort it out by assuring the hacker that the data is safe.
In an official response, the team behind Aarogya Setu assured that “no personal information of any user” has been at risk and explained that the app fetches Bluetooth and location by design to provide results. They said the user’s data is stored on the server in a “secured, encrypted and anonymised manner.” The team discussed the matter with the ethical hacker who brought up the issue and explained to him how the app operates and the information collected is stored
The government said no data or security breach has been identified in Aarogya Setu after an ethical hacker raised concerns about a potential security issue in the app. The app is the government’s mobile application for contact tracing and disseminating medical advisories to users in order to contain the spread of COVID-19. A French hacker and cyber security expert Elliot Alderson had claimed that “a security issue has been found” in the app and that “privacy of 90 million Indians is at stake”.
The app fetches users’ location and stores on the server in a secure, encrypted, anonymised manner — at the time of registration, at the time of self assessment, when users submit their contact tracing data voluntary through the app or when it fetches the contact tracing data of users after they have turned COVID-19 positive, it said. “We thank the ethical hacker on engaging with us. We encourage any users who identify a vulnerability to inform us immediately…,” it said.
Responding to Aarogya Setu’s clarification, Alderson tweeted, “I will come back to you tomorrow”.