NE NEWS SERVICE
NEW DELHI, MAY 6
The government on Wednesday said no data or security breach has been identified in Aarogya Setu after an ethical hacker raised concerns about a potential security issue in the App.
Statement from Team #AarogyaSetu on data security of the App. pic.twitter.com/JS9ow82Hom
— Aarogya Setu (@SetuAarogya) May 5, 2020
The App is the government’s mobile application for contact tracing and disseminating medical advisories to users in order to contain the spread of COVID-19.
On Tuesday, a French hacker and cyber security expert Elliot Alderson had claimed that “a security issue has been found” in the App and that “privacy of 90 million Indians is at stake”.
Dismissing the claims, the government said “no personal information of any user has been proven to be at risk by this ethical hacker”.
“We are continuously testing and upgrading our systems. Team Aarogya Setu assures everyone that no data or security breach has been identified,” the government said through the App’s Twitter handle.
The tweet gave point-by-point clarification on the red flags raised by the hacker.
“We discussed with the hacker and were made aware of the following… the App fetches user location on a few occasions,” it said, but added that this was by design and is clearly detailed in the privacy policy.
The App fetches users’ location and stores on the server in a secure, encrypted, anonymised manner – at the time of registration, at the time of self-assessment, when users submit their contact tracing data voluntary through the App or when it fetches the contact tracing data of users after they have turned COVID-19 positive, it said.
On another issue that users can get COVID-19 statistics displayed on the home screen by changing the radius and latitude-longitude using a script, Aarogya Setu said that all this information is already public for all locations and hence does not compromise on any personal or sensitive data.
“We thank the ethical hacker on engaging with us. We encourage any users who identify a vulnerability to inform us immediately…,” it said.
Responding to Aarogya Setu’s clarification, Alderson tweeted, “I will come back to you tomorrow”.
The government on Wednesday said no data or security breach has been identified in Aarogya Setu after an ethical hacker raised concerns about a potential security issue in the App.
The App is the government’s mobile application for contact tracing and disseminating medical advisories to users in order to contain the spread of COVID-19.
On Tuesday, a French hacker and cyber security expert Elliot Alderson had claimed that “a security issue has been found” in the App and that “privacy of 90 million Indians is at stake”.
Dismissing the claims, the government said “no personal information of any user has been proven to be at risk by this ethical hacker”.
“We are continuously testing and upgrading our systems. Team Aarogya Setu assures everyone that no data or security breach has been identified,” the government said through the App’s Twitter handle.
The tweet gave point-by-point clarification on the red flags raised by the hacker.
“We discussed with the hacker and were made aware of the following… the App fetches user location on a few occasions,” it said, but added that this was by design and is clearly detailed in the privacy policy.
The App fetches users’ location and stores on the server in a secure, encrypted, anonymised manner – at the time of registration, at the time of self-assessment, when users submit their contact tracing data voluntary through the App or when it fetches the contact tracing data of users after they have turned COVID-19 positive, it said.
On another issue that users can get COVID-19 statistics displayed on the home screen by changing the radius and latitude-longitude using a script, Aarogya Setu said that all this information is already public for all locations and hence does not compromise on any personal or sensitive data.
“We thank the ethical hacker on engaging with us. We encourage any users who identify a vulnerability to inform us immediately…,” it said. Responding to Aarogya Setu’s clarification, Alderson tweeted, “I will come back to you tomorrow”.
Absolutely safe, says Ravi Shankar Prasad
Rejecting charges by the opposition that the Aarogya Setu application breaches privacy, Union IT Minister Ravi Shankar Prasad has asserted that the platform is “absolutely robust, safe and secure” in terms of privacy protection and data security.
“This is a technological invention of India – Ministry of Electronics and Information Technology, our scientists, NIC, Niti Aayog and some private (entities) – whereby it is a perfectly accountable platform to help in the fight against COVID-19,” Prasad told PTI.
Congress leader Rahul Gandhi has alleged that the Aarogya Setu app is a “sophisticated surveillance system, outsourced to a private operator, with no institutional oversight”. He also said it raises serious data security and privacy concerns. “Technology can help keep us safe; but fear must not be leveraged to track citizens without their consent,” Gandhi had said.
Countering the claim, Prasad said, “It is safe and secure. The data is in an encrypted form. Most important, it is for safety of Indians in public interest because it cautions you in the event there is a COVID-infected person in your vicinity.”
The minister said the mobile application also helps tracing contacts in the event a person is infected.
“It is a very robust invention of technology and many other countries are using similar applications to fight COVID-19. And the second most important point is that the data is limited. Routine data remains for 30 days and in the event you are infected, then (for) 45 to 60 days. Then automatically it will vanish,” he explained.
Prasad said there is always an option to scratch the app out of the phone or uninstall it.
“Then what is this hangama all about. The country has understood its utility and has willingly accepted it,” he said.
The Aarogya Setu app is for smart phones
“For feature phones we have developed Aarogya Setu IVRS. The app is absolutely robust in terms of privacy protection and safety and security of data,” he said.
It is now mandatory for all government and private sector employees attending office to download the app, according to a Union Home Ministry directive.
Prime Minister Narendra Modi has been urging people to download the Aarogya Setu app, saying it is a fantastic use of technology to combat coronavirus.
“Tracks the spread of COVID-19 and notifies you if someone around you is suffering from it. Also lists help-desk numbers of various states,” he had said in a series of tweets last month.
Meanwhile, the government on Wednesday said no data or security breach has been identified in Aarogya Setu after an ethical hacker raised concerns about a potential security issue in the app.
On Tuesday, French hacker and cyber security expert Elliot Alderson had claimed that “a security issue has been found” in the app and that “privacy of 90 million Indians is at stake”.
Dismissing the claims, the government said “no personal information of any user has been proven to be at risk by this ethical hacker”
