India acknowledges, but brushes aside, features-not-bugs in Aarogya Setyu virus contact-tracing app

Late-night notifications come as opposition labels app ‘surveillance system with no oversight’

The Indian government has acknowledged “potential security issues” in the Aarogya Setyu contact-tracing app which its opposition labels as a ‘surveillance system with no oversight,’ but says the code issues are not that big a deal.

A late night tweet from the team that developed and oversees the app said it was “alerted by an ethical hacker of a potential security issue”.

The first feature called out is accessing location data – which is explained away as being a feature, not a bug. The second seems more serious and is described as allowing a user to “get the COVID-19 stats displayed on Home Screen by changing the radius and latitude-longitude using a script”.

The app team’s response is that the API that makes this possible is firewalled and that the data produced is both limited and already public.

“Getting data for multiple latitude longitude this way is no different than asking several people of their location’s COVID-19 statistics”, the notification says.

police

India makes contact-tracing app compulsory in viral hot zones despite most local phones not being smart

READ MORE

Unlike other nations’ contact-tracing apps, Aarogya Setyu is not open source or known to be based on other open source efforts. India’s government has pushed it aggressively and even made it compulsory – although one Reg reader ordered to install the app was able to brush off authorities’ insistence because his phone couldn’t access Indian app stores.

So why bother to rebut two minor issues with the app? Perhaps because India’s opposition National Congress Party has heavily criticised Aarogya Setyu. Here’s MP Raul Gadhi – who leads the largest opposition party – in action:

Business is also bristling at being made responsible for ensuring the apps mass adoption by staff, while the Indian Software Freedom Law Center analysed the app and found numerous concerns, among them a liability clause that it says “exempts the Government from liability in the event of ‘any unauthorised access to the [user’s] information or modification thereof’.”

“This means that there is no liability for the Government even if the personal information of users are leaked,” the Center’s lawyers argue.

And here’s the full not-a-bug report from the Aarogya Setyu team.

Also in India …

Also in India, and also announced-by-tweet, Wipro will turn over one of its vacant campuses to local health authorities for use as a hospital. The Pune facility will be converted to a 450-bed facility before reverting back to become a Wipro office in a year. ®

Sponsored:
Practical tips for Office 365 tenant-to-tenant migration

Articles You May Like

Redmi 9i to Go on Sale in India Today via Flipkart, Mi.com: Price, Specifications
Realme UI 2.0 Unveiled With Customisable Features and Dark Modes, Rollout to Start With Realme X50 Pro
Before you buy that managed Netgear switch, be aware you may need to create a cloud account to use its full UI
Logitech MX Anywhere 3 Wireless Mouse With Customisable Side Buttons to Control Video Chat Settings Launched
PUBG Mobile May Remain Banned in India Despite Tencent Licence Withdrawal

Leave a Reply

Your email address will not be published. Required fields are marked *