The team at Aarogya Setu app has stressed that no personal information of any user has been proven to be at risk and no data or security breach has been identified in the COVID-19 contact tracing app.
Reacting to an ethical hacker’s claim that a security issue has been found in the app, the team said the app is completely safe.
The Aarogya Setu team said the app fetches a user’s location by design and store the location data on the server in a secure, encrypted and anonymised manner, “when users submit their contact tracing data voluntary through the app of when we fetch tracing data of a user after they have turned COVID-19 positive.”
It said that the radius parameters to spot COVID-19 positive patients are fixed and can take one of the five values: 500 metres, 1 km, 2 km, 5 kn and 10 km.
“The app user can change the latitude/longitude to get the data for multiple locations. Getting data for multiple latitude/longitude this way is no different than asking several people of their location’s COVID-19 statistics”.
All this information is already public for all locations and, hence, does not compromise on any personal or sensitive data,” said the app team.
The app team encouraged users who identify any vulnerability to come forward and inform them.
“We are continiously testing and upgrading our systems,” it added.
Downloaded by millions in the country, Aarogya Setu is a COVID-19 tracking mobile application developed by the National Informatics Centre (NIC) that comes under the Ministry of Electronics and Information Technology (MeitY).
The app is aimed at augmenting the initiatives of the Central government, particularly the department of health, in proactively reaching out to and informing the users of the app regarding risks, best practices and relevant advisories pertaining to the containment of COVID-19