Aarogya Setu, the Indian mobile app for COVID-19 “contact tracing, syndrome mapping and self-assesment”, has been very useful for the health departments amid the pandemic. Also known as Health Bridge app, it reached more than 100 million installs in just a month after its launch in India on April 2. With the rise in downloads, it became one of the most popular government apps in India.

The World Health Organisation (WHO) also acknowledged the importance of Aarogya Setu mobile app in identifying COVID-19 clusters. The app is an updated version of a now-discontinued app called Corona Kavach, released earlier by the Government of India. Privacy and security remained a huge priority for Vikalp Sahni, Goibibo’s co-founder, and his team of developers while they were working on building the tech platform for the app.

Despite the protective measures, the app has been mired in controversies in several Indian states. Many claim that it raises huge data security concerns as the users’ data is hosted on government data centres across India.

The Indian government made it mandatory for all the citizens and employees from all the sectors to download the Aarogya Setu mobile app. Moreover, malls, gyms, housing societies and start-ups offering food delivery services throughout India have also made the app mandatory. In some places in the capital city, those not complying with the government mandate could be jailed for around six months.

But the bigger question is how effective the app has been in containing the COVID-19 spread.

On its website, it is claimed that it has been successful in fulfilling its objective. Not only does it alert users about the COVID-positive cases around them, but provides a self-assessment feature, too, for those at high risk of virus infection as well. It has recorded more than 16 crore installations, making it the world’s most downloaded contact-tracing app till date.

However, many have questioned the government’s directive to mandate the download of Aarogya Setu mobile app, after becoming aware of its working.  

The Aarogya Setu mobile app uses phone’s Bluetooth and location data to let its users know if they had an interaction with a COVID-infected person, by scanning a database of known cases of infection. It also calculates the users’ risk of infection, post interaction and recommends spread avoiding measures. This data then gets shared with the government.

BN Srikrishna, former SC judge, India, called the drive to make people use the app “utterly illegal”. A month after the app’s launch, he asked the Indian government, “Under what law do you mandate it? So far it is not backed by any law.”

Robert Baptiste, a French ethical hacker, who goes by the name Elliot Alderson, also stood in criticism of the Aarogya Setu app. He criticised the Indian government saying, “Forcing people to install an app doesn’t make a success story. It just means that repression works.”

The app collects users’ name and number, gender, travel history, but doesn’t make this information public. However, the experts suggested that the Aarogya Setu’s need to store data makes it invasive from the security and privacy viewpoint.

To allay the rising public fears, the Indian government open-sourced Aarogya Setu app’s source codes, bringing transparency in its working. It was also made clear that all the data is encrypted in accordance with best practices and is never pushed out unless there is a case of infection. Some renowned hackers attempted to carry out the distributed denial-of-service (DDoS) attacks, but failed to obtain any specific information.

Despite all the measures and wide app popularity, the worries regarding the privacy of users’ collected data remains the top concern till date.

Leave a Reply