In a bid to put an end to the incessant privacy and security concerns, the government of India has open-sourced the Aarogya Setu Android app. The source code for the app is available publicly on GitHub, giving Android developers and privacy enthusiasts to sift through the code and suggest updates that would make the app better for its over 100 million users.
This announcement was made on Tuesday evening by MeiTY secretary Ajay Prakash Sawhney on YouTube. The government takes pride in the fact that it’s the only one to open-source an in-house app at “this scale anywhere in the world.” What’s even better is that NIC (National Informatics Centre) has launched a bug bounty program to incentivize security researchers who discover vulnerabilities in the Aarogya Setu app.
“The government is committed to keep Aarogya Setu application, its support systems, data and network secure and address any security issues through a coordinated and constructive approach designed to drive the best possible protection for our citizens data,” says the official release for the bug bounty program.
The Bug Bounty program will be hosted by the MyGov Team and you can read all of its guidelines right here. The program runs from May 27 to June 26, i.e for one month, and the government is offering up to a total of Rs. 3 lakhs (1 lakh per vulnerability) to security researchers to report vulnerabilities in the Aarogya Setu app.
Niti Aayog CEO Amitabh Kant also chimed in and said that it’s a unique feat for India as “no other government product anywhere in the world has been open-sourced at this scale.” The open-source nature of the app code should now take some burden off the developers and volunteer’s shoulders.
The @SetuAarogya app has been an evolving product.
Opening the source code of #AarogyaSetuApp to the developer community is a testament to GoI's commitment to the design principles of transparency, privacy and security: @amitabhk87 @PMOIndia @GoI_MeitY @rsprasad @PIB_India pic.twitter.com/1Yf222nZjZ
— NITI Aayog (@NITIAayog) May 26, 2020
Apart from Android, the contact-tracing app, which amassed more than 100 million downloads in 41 days, is also available to iOS and JioPhone users. Aarogya Setu iOS app source code, along with API documentation, will also be made accessible to open-source researchers in the coming weeks.
If you are someone who wants to contribute towards the development of the Aarogya Setu app, head to this GitHub link to access the project. It went live at midnight last night and over 70 issues, as well as suggestions, have already filed by developers. So, could anyone find security loopholes in the app or not?