Aarogya Setu app responds to hacker Elliot Alderson's privacy concerns; says no data at risk
BusinessToday.In May 6, 2020
Contact tracing app, Aarogya Setu on Wednesday responded to ethical hacker Elliot Alderson's concerns over data leak. It said that no personal data of any user is at risk and said that they discussed the concerns with the hacker.
It all started with Elliot Alderson tweeting that security flaws have been found in the COVID-19 contact tracing app. "The privacy of 90 million Indians is at stake. Can you contact me in private?," it tweeted to Aarogya Setu app. It also said that Rahul Gandhi was right about privacy concerns.
Alderson said that 49 minutes after the tweet, Computer Emergency Response Team, Ministry of Electronics & Information Technology and NIC contacted him to discuss the privacy flaws.
Aarogya Setu app soon took to social media to respond to Elliot Alderson's alerts. It said that the app pulls up a user's location by design and it is not a flaw. It said that the user's location is stored on the server in a secure, encrypted and anonymised manner.
They also discussed that a user can get the COVID-19 stats displayed on Home Screen by changing the radius and latitude-longitude using a script. Aarogya Setu responded and said that "the radius parameters are fixed and can only take one of the five values: 500 meters, 1km, 2km, 5km and 10km." It added that all this information is already available publicly and does not compromise user data.
On receiving the response, Elliot Alderson said that the app basically says that there is "nothing to see here". "We will see. I will come back to you tomorrow," he wrote. He also followed up the tweet in a few hours and asked the app, "Do you know what triangulation is Aarogya Setu?"
Aarogya Setu is a contact-tracing app developed by NIC under the Ministry of Electronics and Information Technology and is endorsed by the government. It has been pushed across government and private employees and even in COVID-19 evacuation procedures.