Aarogya Setu, India’s official contact tracing app has been downloaded by more than 100 million citizens in a bid to keep a track of people who could be infected by the Coronavirus. The app was launched on April 2 and was downloaded by over 50 million users in just a matter of 13 days since, making Aarogya Setu the fastest app (Android or iOS) to reach that milestone.
https://twitter.com/amitabhk87/status/1260283041748070401?ref_src=twsrc%5Etfw
In the backdrop of the app being criticized by many security researchers and privacy advocates, the Indian government has made Aarogya Setu mandatory for people travelling via railways. The same rule is expected to be implemented for people opting to travel via airlines once the services are operational.
https://twitter.com/RailMinIndia/status/1259919781945319426?ref_src=twsrc%5Etfw
In cities like Noida and Greater Noida, local authorities are entitled to criminally prosecute any person who’s found not having the Aarogya Setu app installed on their smartphones. This order has been challenged by the Internet Freedom Foundation in court as the developers of the contact tracing app work on a feature phone version.
The Indian government has made Aarogya Setu mandatory for its employees and has ordered private companies to follow suit. Additionally, the government could also be looking at making Aarogya Setu mandatory for all phones going on sale as lockdown restrictions are eased further.
Interestingly, 100 million users only account for 7.2 per cent of the total Indian populace and by virtue, contact tracing needs a much stronger user base to be used effectively. At a time when more than half of the country’s population use feature phones, they’re practically left out from the range of contact tracing apps. While the government is making a feature phone version of Aarogya Setu, it’s currently unknown how it plans to make the rural masses use the app and whether or not all feature phones will be compatible with the app.
Recently, French security researcher Robert Baptiste warned the Indian government of the security lapses in Aarogya Setu that lets any malicious attacker access a person’s COVID-19 information from anywhere in the world including details about their self-assessment tests. Moreover, with the data collected by the app, it’s possible to get Coronavirus information around a particular point of interest.
These claims were dismissed by the Aarogya Setu team as a built-in feature of the app. The government released data processing rules for Aarogya Setu that lay down some guidelines on the user data collected and an option for users to initiate removal of the collected data from the app within 30 days from making the request.