The Central government has been encouraging people to download Aarogya Setu application on their smartphones saying the app tracks the spread of Coronavirus and alerts others.
However, it has also led to two major questions. First, can a government agency keep a watch on a person’s private details such as mobile data, movements etc.? Second, can a hacker enter into an individual’s mobile through this appl and gather all the personal details?
Despite allegations about app's weak security features, making it vulnerable to hacking, the National Informatics Centre (NIC), which developed the application, has assured the users of complete safety.
Software experts, however, disagree, saying if the security features of WhatsApp can be compromised, Aarogya Setu is no exception.
So what should we do address these concerns?
A section of software developers says Aarogya Setu is not open-source software. They say if the government forces someone to download the application, it should better make it an open-source so that it has the scrutiny of the developers everywhere in the country and the world.
Anand Sahay, CEO, Xebia, a technology multinational, says, “When I downloaded it, the first thing that came to my mind was to find if the app is open-source and where my data will reside."
Open-source software means larger software community can check the source code used to develop the application and find out what all the app can do and also potentially help point out flaws.
“It will bring trust among people. Looking at it, I can find what all government wants to do through this application. If the purpose is to track the spread of COVID-19 infection, there is nothing wrong in letting everyone know about the source data,” Sahay suggests.
Bikas Jha, from Real Networks, agrees and says, “It will assure me that there is no such code that can track my privacy.”
Experts also argue that if the source data is in the public domain, any software developer can find out the lacuna that can produce a security breach and alert the government agency.
“It will also tell people how secure this app is. Let the world of developers comment on it. People can see the code and assure that there is no hidden agenda in it. Ethical hackers, techies will see it and raise the alarm for a security breach if there is any,” another software developer, who didn't want to be named, said.
Experts say that looking from a technical stand point as well as contact-tracing App perspective, getting user’s profile data and location are bare minimum to achieve contact-tracing. "As we know contact-tracing of COVID-19 is critical in order to spread awareness about coronavirus as well as its spread, it is good idea to make it open source," said Kamalika Roy, a senior tech consultant at KidzByte Technology.