fbpx

The Aarogya Setu Dilemma

Cyber security team wattlecorp todayJuly 28, 2020 64 3 5

Background
share close

THE AAROGYA SETU DILEMMA

The Indian Government has developed an app to provide for efficient contact tracing – Aarogya Setu. The government has made it mandatory as a way to stay safe, but is the app a technological wonder to lower the number of cases or a privacy nightmare lurking in the shadows?

Before we answer the question, we will need to answer a few questions and understand the technology used by the app, the privacy concerns raised and much more.

Aarogya Setu – The App

aarogya setu app

Developed under the guidance of India’s National Informatics Center, Aarogya Setu is an app available on both iOS and Android. It was popularised through advertisements on television channels and newspapers. Instructions were given to have it pre-installed in new phones and banks and telecom companies are instructed to broadcast information about the app to all customers via telephone calls, emails and text messages. The Prime Minister has also taken to Twitter among other platforms to encourage downloads of the app. 

Moving away from the marketing of the app, the app was released to trace the origin of people who are diagnosed as contact cases.

The Technology

aarogyasetu-app-wattlecorp

The app uses Bluetooth and GPS to find out a user’s location. The functioning of the application relies on all citizens of India to update their health status when tested positive for the case. Based on the location of people who are tested to be positive, the app notifies users if there are users in a 500 m, 1 m or 5m range.

Apart from the notifications about cases in the vicinity, Aarogya Setu also acts as a route map to allow the origin’s detection when it comes to contact cases. A three-way handshake is done using Bluetooth when 2 or more people coincide in a particular place. 

If someone using the application is tested positive, all their contacts who met them would be contacted by the government using the details on their Aadhar card and/or mobile number used during registration.

While the technology behind the app seems to be good, let us now understand the security provided by the app.

Arogya Setu’s Security

covid-contact-tracing-india

The security of how Arogya Setu was put into question since the initial launch. Aarogya Setu’s privacy policy claims that “user information will be used only by the government in anonymised aggregated data sets”, implying that all data collected by the app will be used only by the government and this data will be sent only after making the users anonymous.

If you have a closer nation, you can find that there is no committee overlooking the data handed over to the government. This proves to be a big breach of privacy that is concerning for Aarogya Setu users. The app asks for almost all permissions from the device and it works only when all of them are granted. In the midst of a pandemic which is strife with political tension, this seems like they’re not concerned with the privacy of their users.

Apart from the handover of data, there are other vulnerabilities related to data being stored, it can also cause concerns raising questions about the usage of the app when there are multiple security concerns. The app claims that all data stored in the app is encrypted, but since Aarogya Setu was never released as an open-source code, it is not possible for ethical hackers to check for vulnerabilities and the validity of these clams.

The worst blow for Aarogya Setu’s already downhill battle against the rising privacy concerns was setback even further with the presence of ethical hacker who goes by the name Elliot Anderson who is known for previously finding a vulnerability within the Aadhar system. Elliot tweeted that there was a serious security vulnerability present in Aarogya Setu. With his previous issue findings, the makers of the app claim to have done discussions with the ethical hacker, but none of it is made public.

The Verdict

While Aarogya Setu has made quite a few advancements in biotechnology, the biggest concern still remains the same –  is it an unavoidable privacy nightmare or worth taking risks for?

Aarogya Setu appears to be a good application if you ignore the security concerns. But in a time where security is an essential tool and it is better to bid farewell to App which is not going to be there on the apps stores anymore.

Interested to know more about the security vulnerabilities in various accession is ? We have more to offer through our ethical hacking coaching. To learn more in the field of cybersecurity, join our ethical hacking training program. We train people in the best way possible, experiencing it in the real world while working as a part of our ethical hacking internship. For more cybersecurity lessons in similar topics, join our ethical hacking internship program.

Contributors : Labeeb Ajmal, Asif AP

Written by: team wattlecorp

Tagged as: .

Rate it

Previous post

Similar posts

Post comments (0)

Leave a reply

Your email address will not be published. Required fields are marked *