- French security researcher claims to have found a security issue in the Aarogya Setu app
- The government assures the COVID-19 contact tracing app is secure and private
French security researcher Robert Baptiste, who goes by Elliott Alderson on Twitter, claims to have found a security flaw in the Indian government-developed Aarogya Setu app that can potentially put the privacy of 90 million registered users at stake. The hacker is yet to reveal specific details about the flaws that he discovered, but the government has already responded to his tweet, stating that the Aarogya Setu app is secure and that no personal data is at risk. Aarogya Setu is a COVID-19 contact tracing application that has been downloaded by millions of people in India.
“No personal information of any user has been proven to be at risk by this ethical hacker. We are continuously testing and upgrading our systems. Team Aarogya Setu assures everyone that no data or security breach has been identified,” the government said in a statement.
Basically, you said “nothing to see here”— Elliot Alderson (@fs0c131y) May 5, 2020
We will see.
I will come back to you tomorrow. https://t.co/QWm0XVgi3B
The ethical hacker, however, is not convinced by the government’s statement regarding the privacy and security of the Aarogya Setu app. He plans to reveal more information about the app’s vulnerabilities very soon. The COVID-19 contact tracing app has been a major topic lately with concerns about the way the app collects and stores data and as a tool for mass surveillance by the government. Meanwhile, the Centre is has mandated that public sector and private employees should have the Aarogya Setu app installed on their phones self-assess themselves before reaching office. It is also reported the app must be pre-installed on all the upcoming smartphones.