The government of India has finally open sourced the source code of the Android application of the Aarogya Setu contact tracing app.
Earlier today, Amitabh Kant, CEO of Niti Aayog, stated that the source code of the iOS version of Aarogya Setu will also be opened up “soon”.
The code was released by Kant, along with K Vijay Raghavan, the principal scientific advisor of India, and Dr Neeta Varma, the director general of the National Informatics Commission of India.
The source code of the Android app of Aarogya Setu will be uploaded to GitHub after midnight tonight. Speaking at the launch, Kant said that “opening the source code to developers' community signifies Government of India's commitment to the core design principles of transparency, privacy and security.” He further added that Aarogya Setu was the fastest app in the world to reach 15 million users in 13 days, and 100 million in 41 days.
Alongside releasing the code, Ajay Prakash Sawhney, the secretary of the Ministry of Electronics and IT (MeitY) emphasised on how the app was developed as a public private partnership basis, and was largely developed by “volunteers”,
who came together to build the app. On this note, Varma of NIC also announced a bug bounty programme, which will offer cash rewards of up to Rs 1 lakh to everyone that will report bugs, code frailties and improvements to the government. The bug bounty programme will be run by MyGov, as its chief executive Abhishek Singh stated.
There’s a 1 lakh reward up for grabs for anyone who can find a valid way to improve the Indian government’s COVID-19 tracking app, Aarogya Setu. Another ₹3 lakh is up for grabs if someone can point out a security vulnerability. The government wants to lay to rest any acquisitions or claims about how the data its take from users’ phone can be misappropriated.
The open-source code for the contact tracing app has been released on Github and developers are being encouraged to track down any loopholes that they can find — something that many privacy activists have been advocating ever since Aarogya Setu made its way into the limelight.
The question of privacy
The Indian government’s COVID-19 tracking app has repeatedly been under the lens during the lockdown. With Aarogya Setu asking for permission to access users’ data, people are concerned that they may be offering up more than they had bargained for — especially since the government of India made it mandatory for everyone to have it on their phones.
“You want to make sure that you have the right protection in your application and that equitable data is being collected. It opens up the doors for attackers. From a government’s perspective, you want to make sure that the agencies are taking the right protection,” Yuval Wollman, the President of Cyberproof and former Director-General of Israeli Intelligence told Business Insider.
Aarogya Setu has had a tough go of it ever since Twitter’s famed Elliot Alderso real name, Robert Baptiste pointed out that there is a security issue with the app earlier this month. “The privacy of 90 million Indians is at stake,” he wrote.
The makers of Aarogya Setu hit back saying, “No personal information of any user has been proven to be at risk by this ethical hacker. We are continuously testing and upgrading our systems.”
Developing countries, with their limited budgets and resources, need to consider the costs versus the outcomes in tracing exposed individuals in a privacy preserving way,” said Ramesh Raskar, an MIT Media Lab professor.
According to him, an app like Aarogya Setu runs the risk of exposing private data, which is especially risky considering the large data stores that a population like India has up for grabs
No comments:
Post a Comment