India’s COVID-19 contact-tracing app, Aarogya Setu, has been installed by more than 100 million (10 crore) netizens within just 41 days of its launch. The app, which has been made mandatory for all private- and public-sector employees, had hit 50 million downloads within just 13 days of its launch. The app was officially unveiled on April 6th, and is available on both Android and iOS.
Available in 11 languages, including English, Hindi, Bangla, Gujarati, Kannada, Marathi, Punjabi, Malayalam, Tamil, Oriya and Telugu, the app helps people assess their risk of contracting COVID-19 by using Bluetooth and GPS to track whether the user has been in close contact with anyone infected with the virus.
Even as Aarogya Setu continues to climb the popularity charts, concerns regarding its safety and data-privacy policies continue to remain unaddressed. According to noted cyber-security researcher, Baptiste Robert aka Elliot Alderson, a serious security vulnerability in the app may have jeopardized the privacy of its users by revealing their exact location to potential hackers and other malicious actors.
The Indian government, however, denied all allegations of security vulnerabilities, claiming that the issues pointed out by the researcher are included in the app ‘by design’. The Ministry of Home Affairs, this week, also issued a new set of guidelines called Aarogya Setu Data Access and Knowledge Sharing Protocol for storing and processing data collected through the controversial app, but most cyber-security analysts and civil liberty advocates remain unconvinced.
Many legal experts are also questioning the basis of the government directive, with former Supreme Court Judge, B. N. Srikrishna, calling the order “utterly illegal”. The judge also came down heavily on the recent Noida Police directive that threatened citizens with jail-time for not installing the app, calling the order “totally unlawful”.