India’s coronavirus tracing app Aarogya Setu responds to hacker’s claim of privacy issue

NEW DELHI, May 6, 2020, Hindustan Times. French hacker Robert Baptiste last night tweeted saying that India’s contact tracing app has a security issue. While he did not disclose the vulnerability, Aarogya Setu has issued a statement clarifying how the app collects location and user information, Hindustan Times reported.

“No personal information of any user has been proven to be at risk,” the statement read. The app makers also reiterated Aarogya Setu’s privacy policies which are accessible from the app itself. The app collects user location and stores them on the server which is said to be in a “secure, encrypted, anonymised manner”. The user’s location is fetched when they register, self-assess and when the user submits their contact tracing data voluntarily through the app, the statement added.

The hacker also responded to Aarogya Setu’s statement hinting that he will most likely reveal more details later today.

Aarogya Setu was launched back in March shortly after the lockdown started in India. It is the government’s official Covid-19 contact tracing app developed by the National Informatics Centre under MeiTY. The app is so far said to have around 90 million users within a little over a month since its launch. It has also had its fair share of criticism from experts over the collection of user data and location.

Aarogya Setu has also been made mandatory for all government and private employees. Residents in Noida may also reportedly be booked by the police if they don’t have the app installed on their phone.