Book Now

Quick Contact

Talk to our team

Email

[email protected]

Phone

+91 8289885662

Social

fb-footer
instagram-footer
Twiiter
youtube-footer
linkedin-footer
Blog -------- July 28th, 2020

The Aarogya Setu Dilemma

Share
AAROGYA SETU DILEMMA Cybersecurity wattlecorp

The Indian Government has developed an app to provide efficient COVID-19 contact tracing – Aarogya Setu. The government has made it mandatory as a way to stay safe, but is the app a technological wonder to lower the number of cases or a privacy nightmare lurking in the shadows?

Before we answer the question, we will need to answer a few questions and understand the technology used by the app, the privacy concerns raised, and much more.

Aarogya Setu – The App

aarogya-setu-dilemma

Developed under the guidance of India’s National Informatics Center, Aarogya Setu is an app available on both iOS and Android. It was popularised through advertisements on television channels and newspapers. Instructions were given to have it pre-installed on new phones and banks and telecom companies were instructed to broadcast information about the app to all customers via telephone calls, emails, and text messages. The Prime Minister has also taken to Twitter among other platforms to encourage downloads of the app. 

Moving away from the marketing of the app, the app was released to trace the origin of people who are diagnosed as contact cases.

Read More About Cybercrime in the time of Pandemic

The Technology

aarogyasetu-app-wattlecorp-cybersecurity

The app uses Bluetooth and GPS to find out a user’s location. The functioning of the application relies on all citizens of India to update their health status when they test positive for the case. Based on the location of people who tested positive, the app notifies users if there are users in a 500 m, 1 m, or 5m range.

Apart from the notifications about cases in the vicinity, Aarogya Setu also acts as a route map to allow the origin’s detection when it comes to contact cases. A three-way handshake is done using Bluetooth when 2 or more people coincide in a particular place. 

If someone using the application tested COVID-19 positive, all their contacts who met them would be contacted by the government using the details on their Aadhar card and mobile number used during registration.

While the technology behind the app seems to be good, let us now understand the security provided by the app.

Read More About Is Whatsapp Spying you?

Arogya Setu’s Security

tracing India Wattlecorp

The security of Arogya Setu has been put into question since the initial launch. Aarogya Setu’s privacy policy claims that “user information will be used only by the government in anonymized aggregated data sets”, implying that all data collected by the app will be used only by the government and this data will be sent only after making the users anonymous.

If you have a closer nation, you can find that there is no committee overlooking the data handed over to the government. This proves to be a big breach of privacy that is concerning for Aarogya Setu users. The app asks for almost all permissions from the device and it works only when all of them are granted. In the midst of a pandemic that is strife with political tension, this seems like they’re not concerned with the privacy of their users.

Apart from the handover of data, there are other vulnerabilities related to data being stored, it can also cause concerns raising questions about the usage of the app when there are multiple security concerns. The app claims that all data stored in the app is encrypted, but since Aarogya Setu was never released as an open-source code, it is not possible for ethical hackers to check for vulnerabilities and the validity of these claims.

The worst blow for Aarogya Setu’s already downhill battle against the rising privacy concerns was setback even further by the presence of an ethical hacker who goes by the name Elliot Anderson who is known for previously finding a vulnerability within the Aadhar system. Elliot tweeted that there was a serious security vulnerability present in Aarogya Setu. With his previous issue findings, the makers of the app claim to have had discussions with the ethical hacker, but none of it is made public.

The Verdict

aarogya-setu-app

While Aarogya Setu has made quite a few advancements in biotechnology, the biggest concern still remains the same –  is it an unavoidable privacy nightmare or worth taking risks for?

Aarogya Setu appears to be a good application if you ignore the security concerns. But in a time where security is an essential tool it is better to bid farewell to App which is not going to be there on the app stores anymore.

Adarsh p

Adarsh is a dedicated cybersecurity professional specialiced in penetration testing with a strong focus on infrastructure and network security. His expertise lies in identifying vulnerabilities within complex systems and networks, helping organizations safeguard their digital assets against potential threats. With a passion for securing critical infrastructure, Adarsh brings a comprehensive approach to penetration testing, ensuring robust defenses in an ever-evolving cyber landscape.

Share

Join 15,000+ Cybersecurity Innovators

Protect. Comply. Lead.

Secure your stack, stay compliant, and outpace threats with concise, field‑tested guidance on VAPT, cloud security, and regional privacy laws delivered by Wattlecorp’s
trusted advisors across the globe.

Leave a Comment

Your email address will not be published. Required fields are marked *

CISO cyber security AI-Powered Cyberattacks in India 2026: What CISOs Need to Know Now Aysha shafnaJune 10th, 2026

Key Takeaways: Generative AI has sharply accelerated the attacker’s advantage by making phishing, reconnaissance, and exploit preparation faster and easier to scale. Being a CISO in 2026 means making real-time threat decisions at board level, that’s a different job from what most security leaders are trained for, and the skill gap is already showing. CERT-In’s […]

Read more >>
ISO 27001 internal audit Saudi Arabia ISO 27001 Internal Audit for Saudi Companies: Preparing Evidence Before Certification  MidhlajJune 8th, 2026

Key Takeaways: An ISO 27001 internal audit helps Saudi companies validate whether their Information Security Management System is implemented, not just documented. Certification auditors do not only review policies. They check risk registers, control ownership, access reviews, incident records, supplier reviews, audit trails, management review minutes, and corrective action evidence. For Saudi companies, ISO 27001 […]

Read more >>
Proactive Threat Hunting for UAE Proactive Threat Hunting for UAE Enterprises: Finding Attackers Before They Strike  Adarsh pJune 5th, 2026

Key Takeaways: Proactive threat hunting is not the same as traditional monitoring. Monitoring waits for the alerts, while threat hunting actively searches for signs of attacker behaviour that may not trigger automated detection. For UAE enterprises, threat hunting is becoming more important because attacks are shifting from simple malware to credential abuse, ransomware preparation, cloud […]

Read more >>
CERT-In empanelled VAPT CERT-IN Empanelled VAPT: Why Indian Companies Should Choose CERT-IN Approved Firms in 2026 MOHAMMED NIZAMUDHEEN CJune 1st, 2026

Key Takeaways: Running a VAPT with a CERT-In empanelled firm means your security testing is backed by a standard that regulators and enterprise clients in India actually recognize, not just a vendor promise. When sensitive data and critical systems are involved, a CERT-In empanelled VAPT provider gives Indian companies compliance readiness they can demonstrate, not […]

Read more >>
soc 2 type i vs type ii SOC 2 Type I vs Type II Timeline: How Long UAE Companies Actually Need Aysha shafnaMay 29th, 2026

Key Takeaways: SOC 2 Type I vs Type II timelines differ and it is mostly based on audit depth. Type I checks if controls are well-designed at a given point in time. Type II goes a step further and it proves those controls worked consistently over a defined period. For UAE SaaS companies, Type I […]

Read more >>
ai security testing for saas platforms AI Security Testing for US SaaS Platforms: NIST AI RMF and What 2026 Standards Require Adarsh pMay 27th, 2026

Key Takeaways: AI security testing for SaaS platforms isn’t just a technical upgrade from traditional app security. It’s a completely different job. You’re not running a scan on code, you’re stress-testing a model to see how it breaks when someone is actively trying to make it fail. NIST AI RMF isn’t law yet, but your […]

Read more >>
Connect Wattlecorp

Protecting your Business

Book a free consultation with us .

View Our Services

Enquire Now

Ask our experts.

STRENGTHEN YOUR CYBER DEFENSES

Prevent breaches, protect data and stay ahead of cyber threats with expert security solutions.

STRENGTHEN YOUR CYBER DEFENSES
-Request Your Compliance Security Assessment

Achieve Compliance with Confidence

Identify vulnerabilities and ensure compliance with expert security solutions.