Indian Government now offering Rs 4 lakh to users who can find flaws and vulnerabilities in Aarogya Setu app

Updated on 30-May-2020
HIGHLIGHTS

Researchers and experts can now win Rs 4 lakh by finding bugs and vulnerabilities in Aarogya Setu.

This was tweeted out by the Indian government.

There a few guidelines to follow

If you’re a hacker or someone who knows coding in regards to apps can now help find bugs in India’s own contact-tracing app Aarogya Setu. In a tweet that was published bu the government, researchers and experts who have the technical knowledge regarding apps are being offered Rs 4 lakhs to help find bugs and issues with Arryoga Setu. This bug bounty is open to all comers including people on Aarogya Setu. The government says, “Everyone, including researchers and users of Aarogya Setu, are encouraged to report any vulnerability impacting the privacy and information security posture of Aarogya Setu application.”

https://twitter.com/mygovindia/status/1266013950040145921?ref_src=twsrc%5Etfw

A few weeks ago, French security researcher Robert Baptiste who goes by the pseudonym Elliot Alderson (a character from the TV show Mr Robot) posted a tweet saying that Aarogya Setu has a few flaws that may lead to a leak in the information collected. After that kerfluffle, the government has now decided to make Aarogya Setu open source. This essentially means that anyone can now inspect and check the source code for the app and make necessary changes where they see fit. This was a necessary move for the government as the public backlash getting worse. 

Researchers who do find bugs in the app will be asked to responsibly disclose those vulnerabilities and even get paid for it. The government has also laid down a few guidelines for people to follow. Basically, the reported vulnerability should only be present in the Aarogya Setu app or its source code or back-end server. They further added that the bug or vulnerability should be able to be exploited by “an unrooted phone running a version of Android supported by Aarogya Setu, with ADB Disabled and with all default Android security features in place.”

In other Aaryoga Setu news, the app is now mandatory for people who are flying. You can read more about that here. There has been a new contact-tracing app called SwissCovid which is based on Google and Apple’s UPI as well, you can check out how it compares to our own Aarogya Setu app here

Digit NewsDesk

Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech.

Connect On :