Hacking Aarogya Setu can win you ₹1 lakh to ₹3 lakh through the Indian government’s ‘bug bounty’ programme
- The Indian government has announced a ₹3 lakh bounty for anyone who can find a vulnerability with its COVID-19 tracking app,
- You can also win a reward of ₹1 lakh if you make a valid suggestion for how the app can be improved.
- Aarogya Setu’s open-source code is up for analysis on GitHub for developers to grab — and it’s a way for the government to lay to rest any privacy concerns that people may have.
The open-source code for the contact tracing app has been released on Github and developers are being encouraged to track down any loopholes that they can find — something that many privacy activists have been advocating ever since Aarogya Setu made its way into the limelight.
The ‘bug bounty’ programme is open to Indians as well as foreign nationals. However, only Indians are eligible to claim the money reward offered under the scheme.
“This is a unique thing to be done. No other government product anywhere in the world has been open-sourced at this scale,” announced Amitabh Kant, chief executive of NITI Aayog. The government has also promised that any updates to the app will also be made open-source through the same repository.
The question of privacy
The Indian government’s COVID-19 tracking app has repeatedly been under the lens during the lockdown. With Aarogya Setu asking for permission to access users’ data, people are concerned that they may be offering up more than they had bargained for — especially since the government of India made it mandatory for everyone to have it on their phones.
“You want to make sure that you have the right protection in your application and that equitable data is being collected. It opens up the doors for attackers. From a government’s perspective, you want to make sure that the agencies are taking the right protection,” Yuval Wollman, the President of Cyberproof and former Director-General of Israeli Intelligence told Business Insider.
Aarogya Setu has had a tough go of it ever since Twitter’s famed Elliot Alderson — real name, Robert Baptiste — pointed out that there is a security issue with the app earlier this month. “The privacy of 90 million Indians is at stake,” he wrote.
The makers of Aarogya Setu hit back saying, “No personal information of any user has been proven to be at risk by this ethical hacker. We are continuously testing and upgrading our systems.”
“Developing countries, with their limited budgets and resources, need to consider the costs versus the outcomes in tracing exposed individuals in a privacy preserving way,” said Ramesh Raskar, an MIT Media Lab professor. According to him, an app like Aarogya Setu runs the risk of exposing private data, which is especially risky considering the large data stores that a population like India has up for grabs.
Experts explain the legal and moral pitfalls in Aarogya Setu app — despite the government’s insistence that a protocol has been put in place
Amid privacy concerns, Centre makes Aarogya Setu app open source
Govt likely to make Aarogya Setu app mandatory for flyers post lockdown
- Uproar over Farm Bills 2020: What these bills contain and why the opposition — Here’s all you need to know
- Amazon Alexa in Hindi comes to smartphones in India as it turns one
- WhatsApp Web may get fingerprint authentication feature
- Amazon, Flipkart, and other e-commerce players could hit $7 billion in Diwali sales this year
- Top stock movers — TCS, Vodafone Idea, Adani Ports, Larsen & Toubro, Sterling and Wilson Solar and more