For the uninitiated, Aarogya Setu is India’s COVID-19 contact tracing app whose purpose is to spread awareness of COVID-19 and notify people if they have come into contact with a coronavirus infected person. The app is available for Android as well as iOS mobile operating systems. It should be noted that the Centre government has made downloading of the contact tracing app mandatory only for those employed in the government and private sectors. However, states are allowed to stricter the lockdown guidelines issued by the central government. “All those with smartphones who do not have the application can be booked under Section 188 of the IPC. After that, a judicial magistrate will either decide if the person will be tried, fined, or left with a warning,” said Akhilesh Kumar, DCP Law, and Order. Section 188 of IPC deals with disobedience to an order duly promulgated by a public servant, which could land a person up to 6 months in jail or a fine up to Rs. 1,000. “If people download it instantly, we will let them go. We are doing this so that people take the order seriously and download it. But if they do not download it after repeated warnings, we will take action.” For people who do not have mobile data on their smartphones will be given hotspot so that they can download it there and then, Kumar added. In cases such as lack of phone storage, the police officer will take the person’s contact details and call to check if they have downloaded it. Noida Police said that they will be randomly checking people out on the streets, market areas, and at borders for the app during patrol duty. Meanwhile, a French cybersecurity expert and hacker under the alias “Elliot Alderson” has claimed that the Aarogya Setu app has a security issue. According to the hacker, the privacy of 90 million Indians is at stake, as the Aarogya Setu app obtains location information of the user.
A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private? Regards, PS: @RahulGandhi was right — Elliot Alderson (@fs0c131y) May 5, 2020 While the government confirmed some of the issues identified by the hacker, it said “no personal information of any user has been proven to be at risk by this ethical hacker”. “We are continuously testing and upgrading our systems. Team Aarogya Setu assures everyone that no data or security breach has been identified,” the government said through the app’s Twitter handle. “We discussed with the hacker and were made aware of the following… the app fetches user location on a few occasions,” it said but added that “it is by design and is clearly mentioned in the privacy policy” of the app. “We thank the ethical hacker for engaging with us. We encourage any users who identify vulnerability to inform us immediately…,” the government said.
— Aarogya Setu (@SetuAarogya) May 5, 2020