The Indian government has acknowledged “potential security concerns” in the Aarogya Setyu contact finder, which its opposition calls “an unattended surveillance system”, but says the code issues are not that big.
An late-night tweet from the team that developed and supervised the app said it was “alerted by an ethical hacker to a potential security issue.”
The first feature called is access to location data – which is explained as a feature, not a bug. The second seems more serious and is described as allowing a user “to obtain the COVID-19 statistics displayed on the home screen by changing the radius and latitude-longitude using a script”.
The response of the application team is that the API that makes this possible is protected by a firewall and that the data produced is both limited and already public.
“Obtaining data for longitude at multiple latitudes this way is no different from asking multiple people for COVID-19 statistics of their location,” said the notification.
India makes contact tracking app mandatory in viral hot spots despite the fact that most local phones are not smart
Unlike contact tracking apps from other countries, Aarogya Setyu is not open source or is not known to be based on other open source efforts. The Indian government aggressively pushed it and even made it mandatory – although one Reg The reader who received the order to install the application was able to ignore the authorities' insistence because his phone could not access the Indian application stores.
So why bother to refute two minor issues with the app? Perhaps because the National Opposition Congress Party strongly criticized Aarogya Setyu. Here's MP Raul Gadhi – who leads the largest opposition party – in action:
The Arogya Setu application is a sophisticated surveillance system, subcontracted to a pvt operator, without institutional surveillance, which raises serious problems of data security and confidentiality. Technology can help us stay safe; but fear should not be used to hunt down citizens without their consent.
– Rahul Gandhi (@RahulGandhi) May 2, 2020
Businesses also bristle with being tasked with mass adoption of apps by staff, while the Indian Software Freedom Law Center analyzed the app and found many concerns, including a liability clause that , he said, “exempts the government from its responsibility in the event of” [user’s] information or its modification “.”
“This means that there is no responsibility for the government even if the personal information of the users is disclosed,” say lawyers for the Center.
And here is the full bug report from the Aarogya Setyu team.
– Aarogya Setu (@SetuAarogya) May 5, 2020
Also in India …
Also in India, and also announced by tweet, Wipro will hand over one of its vacant campuses to local health authorities for use as a hospital. The Pune facility will be converted to a 450-bed facility before becoming a Wipro office in a year. ®
Office 365 client-to-client migration tips