- Aarogya Setu has claimed that the Coronavirus tracking app is secure, and no privacy breaches have been found.
- Elliot Alderson, an ethical hacker had claimed that he had found a security issue in the app.
French ethical hacker who goes by the fictitious name Elliot Alderson
claimed that there was a security issue in Aarogya Setu, the coronavirus tracking app launched by the Indian government.
In his tweet, Elliot Alderson had claimed that a security issue has been found in the
Aarogya Setu app and that the privacy of over 90 million Indians was at risk.
Soon after this, Alderson was contacted by the National Informatics Centre (NIC) and the Indian Computer Emergency Response Team (CERT-In). After disclosing the issue to them, Alderson
said that he would wait for the issue to be fixed before disclosing the gaps he discovered.
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More However, the government has dismissed the claims. “No personal information of any user has been proven to be at risk by this ethical hacker. We are continuously testing and upgrading our systems. Team Aarogya Setu assures everyone that no data or security breach has been identified.” Aarogya Setu said in a
statement.
Alderson has
said that he is not satisfied with Aarogya Setu’s response. Meanwhile, IT and telecom minister Ravi Shankar Prasad has
said that user data stored in Aarogya Setu for tracking the spread of COVID-19 will be deleted once the pandemic abates.
Aarogya Setu claims there has been no privacy breach
The first claim by Alderson was that the Aarogya Setu app is fetching the user’s location. To this, the Aarogya Setu team has responded that this is by design and has been mentioned in the app’s privacy policy.
It further added that the user’s location information is stored on the server in a ‘secure, encrypted and anonymized manner’.
Alderson also claimed that users can get the Covid-19 stats displayed on the home screen by using a script to change the radius and latitude-longitude. The team has claimed that the radius parameters are fixed and can take only one of the five specified values.
While it is possible to change the latitude and longitude to get data for multiple locations, the Aarogya Setu team claims that it is not possible to make bulk calls to the API are not possible as it is behind a Web Application firewall.
See also:
How to download and use Aarogya Setu Coronavirus tracking app
Coronavirus: East Delhi district admin asks RWAs to encourage people to download 'Aarogya Setu' app
COVID-19: Smartphone without 'Aarogya Setu' app will draw punishment for user in Gautam Buddh Nagar
Next Story
Global stocks rally even as Sensex, Nifty fall sharply on Friday
In second consecutive week of decline, forex kitty drops $2.28 bn to $640.33 bn
SBI Life Q4 profit rises 4% to ₹811 crore
IMD predicts severe heatwave conditions over East, South Peninsular India for next five days
COVID lockdown-related school disruptions will continue to worsen students’ exam results into the 2030s: study
