New Delhi:
The government on Wednesday said no data or security breach has been identified in Aarogya Setu after an ethical hacker raised concerns that the data of millions of people was at risk.
The app is the government's mobile application for contact tracing and disseminating medical advisories to users in order to contain the spread of COVID-19.
On Tuesday, a French hacker and cyber security expert Elliot Alderson had claimed that "a security issue has been found" in the app and that "privacy of 90 million Indians is at stake".
Dismissing the claims, the government said "no personal information of any user has been proven to be at risk by this ethical hacker".
"We are continuously testing and upgrading our systems. Team Aarogya Setu assures everyone that no data or security breach has been identified," the government said through the app’s Twitter handle.
The tweet gave point-by-point clarification on the red flags raised by the hacker.
"We discussed with the hacker and were made aware of the following… the app fetches user location on a few occasions," it said, but added that this was by design and is clearly detailed in the privacy policy.
The app fetches users’ location and stores on the server in a secure, encrypted, anonymised manner – at the time of registration, at the time of self assessment, when users submit their contact tracing data voluntary through the app or when it fetches the contact tracing data of users after they have turned COVID-19 positive, it said.
On another issue that users can get COVID-19 stats displayed on the home screen by changing the radius and latitude-longitude using a script, Aarogya Setu said that all this information is already public for all locations and hence does not compromise on any personal or sensitive data.
"We thank the ethical hacker on engaging with us. We encourage any users who identify a vulnerability to inform us immediately…," it said.
Responding to Aarogya Setu's clarification, Alderson tweeted, "I will come back to you tomorrow".
Nine crore users have downloaded the Aarogya Setu
Close to nine crore users have downloaded the Aarogya Setu mobile application and it has been made mandatory that government and private sector employees use it to bolster efforts to fight the COVID-19 pandemic.
The Group of Ministers (GoM) on COVID-19 was informed about this on Tuesday by officials during its 14th meeting in which it also discussed various aspects pertaining to the performance, impact and benefits of the Aarogya Setu application.
The mobile application helps users identify whether they are at risk of COVID-19. It also provides people with important information, including ways to avoid coronavirus and its symptoms.
The GoM was informed that "people have informed about their health status on the application which has helped in tracing those suffering with any symptoms for COVID-19 containment , the heatth ministry said in a statement on Tuesday.
The GoM was also informed that a mechanism has been devised to reach out to the people who have landline or featured phones through Interactive Voice Response System (IVRS) in local languages for better results," it said Union Health Minister Harsh Vardhan who chaired the GoM meeting said use of technology is integral for the containment strategy and is helping the states to manage the deadly disease in a more effective manner.
The Union Home Ministry on Friday also said the mobile app will be must for people living in COVID-19 containment zones. "Use of Aarogya Setu app shall be made mandatory for all employees, both private and public. It shall be the responsibility of the head of the respective organisations to ensure 100 per cent coverage of this app among the employees," the ministry had said.