https://images.financialexpress.com/2020/04/corona-660.jpg
Aarogya Setu has been called into question by privacy advocates for missing some essential features that have been integrated by other contract tracing apps.

BlueTrace: The tech that many want govt to incorporate in Aarogya Setu

Aarogya Setu has been called into question by privacy advocates for missing some essential features that have been integrated by other contract tracing apps.

by

As countries around the globe look for a restart, government’s are requesting users to download their contact tracing apps. This will help in tracing and containing the next wave of innovations. India is no different. Last week, as the civil aviation minister announced plans to resume flights, one of the conditions for fliers was that they must have Aarogya Setu downloaded on their smartphones. The government, using these apps, can trace infected people using Bluetooth and location. However, Aarogya Setu has been called into question by privacy advocates for missing some essential features that have been integrated by other contract tracing apps. BlueTrace is one such technology that critics are requesting the government to incorporate in Aarogya Setu app.

What is BlueTrace?

BlueTrace is a contact tracing protocol used for Bluetooth communications to anonymise and decentralise data usage by customers. The protocol allows a device to have a temporary identifier, which frequently rotates, preventing someone from tracking user data. It only collects the mobile number as personally-identifiable information. Plus, the encounter history stays on the mobile’s local storage. Basically, BlueTrace helps avoid a man-in-the-middle attack.

What is a man-in-the-middle attack?

A man in the middle attack is a hijack attack where an attacker can either alter communication between two parties or secretly relay some other information. At times, a man-in-the-middle attack is used to infect a machine with malware. Pegasus, which infected WhatsApp was one form of man-in-the middle-attack.

How does BlueTrace stop a man-in-the middle-attack?

As the protocol keeps assigning a temporary identifier, it becomes difficult for the hacker to find the actual Bluetooth id of the device. Two, the protocol only allows saving of data on the local history, so it becomes difficult to steal that information.

Which countries have been using the BlueTrace protocol?

It was originally developed for Singapore’sTraceTogether app. But BlueTrace has found acceptance across different countries. Australia and New Zealand have been using the protocol in their apps.

Does Aarogya Setu have BlueTrace protocol?

Somehow the Indian contact tracing app does not seem to have this protocol, but as the chorus for more security grows, Indian app makers can also incorporate it. The protocol is readily available online as it is open-source.

Techsplained @FE features weekly on Mondays. If you wish to send in queries that you want explained, mail us at ishaan.gera@expressindia.com