Advertisement
Tuesday, Sep 21, 2021
Outlook.com
Outlook.com

'No Security Breach In Aarogya Setu App': Govt Assures After Ethical Hacker Raises Privacy Concerns

On Tuesday, a French hacker and cyber security expert Elliot Alderson had claimed that 'a security issue has been found' in the app and that 'privacy of 90 million Indians is at stake'.

'No Security Breach In Aarogya Setu App': Govt Assures After Ethical Hacker Raises Privacy Concerns
The interface of Aarogya Setu App
'No Security Breach In Aarogya Setu App': Govt Assures After Ethical Hacker Raises Privacy Concerns
outlookindia.com
2020-05-06T10:45:33+05:30

The government on Wednesday said no data or security breach has been identified in Aarogya Setu after an ethical hacker raised concerns that the data of millions of people was at risk.

The app is the government's mobile application for contact tracing and disseminating medical advisories to users in order to contain the spread of COVID-19.

On Tuesday, a French hacker and cyber security expert Elliot Alderson had claimed that "a security issue has been found" in the app and that "privacy of 90 million Indians is at stake".

Dismissing the claims, the government said "no personal information of any user has been proven to be at risk by this ethical hacker".

"We are continuously testing and upgrading our systems. Team Aarogya Setu assures everyone that no data or security breach has been identified," the government said through the app’s Twitter handle.

The tweet gave point-by-point clarification on the red flags raised by the hacker.

"We discussed with the hacker and were made aware of the following... the app fetches user location on a few occasions," it said, but added that this was by design and is clearly detailed in the privacy policy.

The app fetches users’ location and stores on the server in a secure, encrypted, anonymised manner - at the time of registration, at the time of self assessment, when users submit their contact tracing data voluntary through the app or when it fetches the contact tracing data of users after they have turned COVID-19 positive, it said.

On another issue that users can get COVID-19 stats displayed on the home screen by changing the radius and latitude-longitude using a script, Aarogya Setu said that all this information is already public for all locations and hence does not compromise on any personal or sensitive data.

"We thank the ethical hacker on engaging with us. We encourage any users who identify a vulnerability to inform us immediately...," it said.

Responding to Aarogya Setu's clarification, Alderson tweeted, "I will come back to you tomorrow".

Advertisement

Outlook Newsletters

Advertisement

Read More from Outlook

Hathras Gang Rape:   A Year To The Ground

Hathras Gang Rape: A Year To The Ground

Second of Outlook’s six-part series that captures the horror and heartbreak at Hathras village in Uttar Pradesh a year ago.

India To Resume Export Of Surplus Vaccines Next Month

India To Resume Export Of Surplus Vaccines Next Month

Health Minister Mansukh Mandaviya said the government will receive over 30 crore doses of COVID-19 vaccines in October and over 100 crore doses in the next three months.

IPL 2021: Clinical KKR Outplay RCB

IPL 2021: Clinical KKR Outplay RCB

The result will not just boost their morale immensely but also improve KKR's net run rate going ahead.

Amazon Claims It Has 'Zero Tolerance' For Corruption

Amazon Claims It Has 'Zero Tolerance' For Corruption

The e-commerce retailer was responding to a report alleging a certain amount paid by Amazon in legal fees have been used to pay bribes by one or more of its legal representatives.

Advertisement