THE AAROGYA SETU DILEMMA
The Indian Government has developed an app to provide for efficient Covid 19 contact tracing – Aarogya Setu. The government has made it mandatory as a way to stay safe, but is the app a technological wonder to lower the number of cases or a privacy nightmare lurking in the shadows?
Before we answer the question, we will need to answer a few questions and understand the technology used by the app, the privacy concerns raised, and much more.
Aarogya Setu – The App
Developed under the guidance of India’s National Informatics Center, Aarogya Setu is an app available on both iOS and Android. It was popularised through advertisements on television channels and newspapers. Instructions were given to have it pre-installed on new phones and banks and telecom companies are instructed to broadcast information about the app to all customers via telephone calls, emails, and text messages. The Prime Minister has also taken to Twitter among other platforms to encourage downloads of the app.
Moving away from the marketing of the app, the app was released to trace the origin of people who are diagnosed as contact cases.
Read More About Cybercrime in the time of Pandemic
The app uses Bluetooth and GPS to find out a user’s location. The functioning of the application relies on all citizens of India to update their health status when tested positive for the case. Based on the location of people who are tested to be positive, the app notifies users if there are users in a 500 m, 1 m, or 5m range.
Apart from the notifications about cases in the vicinity, Aarogya Setu also acts as a route map to allow the origin’s detection when it comes to contact cases. A three-way handshake is done using Bluetooth when 2 or more people coincide in a particular place.
If someone using the application is tested COVID positive, all their contacts who met them would be contacted by the government using the details on their Aadhar card and/or mobile number used during registration.
While the technology behind the app seems to be good, let us now understand the security provided by the app.
Read More About Is Whatsapp Spying you?
Arogya Setu’s Security
If you have a closer nation, you can find that there is no committee overlooking the data handed over to the government. This proves to be a big breach of privacy that is concerning for Aarogya Setu users. The app asks for almost all permissions from the device and it works only when all of them are granted. In the midst of a pandemic which is strife with political tension, this seems like they’re not concerned with the privacy of their users.
Apart from the handover of data, there are other vulnerabilities related to data being stored, it can also cause concerns raising questions about the usage of the app when there are multiple security concerns. The app claims that all data stored in the app is encrypted, but since Aarogya Setu was never released as an open-source code, it is not possible for ethical hackers to check for vulnerabilities and the validity of these clams.
The worst blow for Aarogya Setu’s already downhill battle against the rising privacy concerns was setback even further with the presence of an ethical hacker who goes by the name Elliot Anderson who is known for previously finding a vulnerability within the Aadhar system. Elliot tweeted that there was a serious security vulnerability present in Aarogya Setu. With his previous issue findings, the makers of the app claim to have done discussions with the ethical hacker, but none of it is made public.
While Aarogya Setu has made quite a few advancements in biotechnology, the biggest concern still remains the same – is it an unavoidable privacy nightmare or worth taking risks for?
Aarogya Setu appears to be a good application if you ignore the security concerns. But in a time where security is an essential tool and it is better to bid farewell to App which is not going to be there on the apps stores anymore.
Interested to know more about the security vulnerabilities in various accession is ? We have more to offer through our ethical hacking coaching. To learn more in the field of cybersecurity, join our ethical hacking training program. We train people in the best way possible, experiencing it in the real world while working as a part of our ethical hacking internship. For more cybersecurity lessons in similar topics, join our ethical hacking internship program.
Contributors : Labeeb Ajmal, Asif AP