Since day one, when the Aarogya Setu app was launched in India there have been various questions arising on the security and privacy of the users. Provided the application uses Bluetooth function and the location data to examine whether the user has come in contact with any Coronavirus infected person or not, the app has been denounced when it comes to dealing with user data. In the recent past, many researchers and developers have indicted the contact tracing Aarogya application for setting users’ data at risk.
As a response to all the questions and charges raised in the past few months, the government of India on 26th May 2020 made the android version of Aarogya Setu application as an open-source, which gives liberty to the researchers and developers to access the source code of the application and modify for adaptations.
The government further declared openly that in the next two weeks the IOS version of the Aarogya Setu application will be made accessible as open-source and the server code will be made available thereafter. As per the government data, 98 percent of users of the Aarogya Setu application use android mobile devices. The app is accessible on both IOS and on android mobile phones.
Speaking of opening the source to the developers and researchers community, the government of India affirmed that it exemplifies their extending obligation of transparency and cooperation.
The government further stated that it is looking forward to expanding cooperations and to leverage the expertise of substantial technical brains with the release of the source code in the public domain. To provide aid and support to the work of frontline health workers in combatting the Coronavirus pandemic the government plans to bring talented youths and citizens of India to collectively build a strong and safe technology solution.
The press statement of the government further stated that over 114 million people in India are using the application which consequently makes it challenging for the government to release the source code of the Aarogya Setu application. It is further the responsibility of the Aarogya Setu team and the developer’s community to look for the development and maintenance of the application.
The National Informatics Centre (NIC) will manage the operations of supporting open source development. Primarily, all code recommendations will be processed through pull request reviews. To make Aarogya Setu a strong and safe application the government of India has further asked the researchers and developers to help in order to find out any deformities or code improvement.
Aarogya Setu has been open-sourced by Niti Aayog. According to the Niti Aayog CEO Amitabh Kant, by providing the open-source code to everyone the government of India has taken a unique step. So far no government body in the world has open-sourced its product at this scale.
The reward for finding bugs and vulnerabilities
Apart from releasing the open-source code, MyGov team is hosting a bug bounty program that has been launched by the government of India. The program provides an opportunity for the security developers and researchers to win Rs.1 lakh worth of bounty for finding out security vulnerability in the application. Furthermore, there is a different code improvement bounty of Rs 1 lakh.