India COVID-19 tracking app not breached, mandates citizens to download

 There has been no security breach in a Covid-19-tracking app that the Indian government has made a mandatory download for anyone stepping out of their homes to go to work, officials said on Wednesday.

According to a statement from the creators of the app, named Aarogya Setu, no personal information of any user has been proven to be at risk.

They were responding to concerns raised by a French hacker, Robert Baptiste, who goes by the name Elliot Alderson on Twitter and tries to alert groups to potential problems.

READ ALSO: COVID-19 cases in Africa rise to 49,000 – WHO

The app launched by the Indian government on April 2 evaluates users’ risk of infection based on their medical and travel history and their location.

The app uses GPS and Bluetooth services to trace a user’ contacts. Aarogya is disease-free in Hindi and setu means bridge.

There have been an estimated 90 million downloads so far.

The federal Home Ministry on May 1 said the app was compulsory for all public and private sector workers; it has also been made mandatory for delivery personnel and couriers.

Delhi-based digital rights organisation Internet Freedom Foundation has said the app runs risks of institutionalising mass surveillance in the absence of any robust data protection law in India.

Aarogya Setu said it had contacted the hacker after he posted: “A security issue has been found in your app. The privacy of 90 million Indians is at stake.”

It said the app collects user location and stores them on a server in a “secure, encrypted, anonymised manner.”

Alderson indicated on Twitter that he was not convinced by the response.

“I will come back to you tomorrow,” he posted.