Aarogya Setu is now an open-source application

27 May 2020 by Web Desk

https://www.organiser.org/Encyc/2020/5/27/2_02_38_04_a_1_H@@IGHT_350_W@@IDTH_467.jpg

The Government of India has open-sourced the Android application Aarogya Setu, COVID-19 tracing app. The statement released by the Ministry of Electronics and Information Technology states that the iOS version of the application will be released as an open-source within the next two weeks and the server code will also be released.

There has been a growing call for making the Aarogya Setu contact tracing application open-source since 98 per cent of the Aarogya Setu users are Android, the open-source will become available on Github by midnight.

The Government of India has also requested the developers to help find any vulnerabilities or code improvement to make "Aarogya Setu more robust and secure". For this, the Government has launched a Bounty Programme "with a goal to partner with security researchers and Indian developer community to test the security effectiveness of Aarogya Setu and also to improve and enhance its security and build user's trust."

"Anyone who wants to report anything can send it by email to NIC or also report on the Innovate platform of MyGov. The collaborative approach of the development of the app continues," said Ministry of Electronics and IT

Ajay Prakash Sawhney, the secretary of the Ministry of Electronics and IT, emphasised on how the app was developed as a public, private partnership basis, and was developed mainly by "volunteers". National informatics centre also announced a bug bounty programme, which will offer cash reward up to Rs 1 lakh who will report bugs, and improvements to the Government. The bug bounty programme will be run by MyGov.

https://www.organiser.org/Encyc/2020/5/27/2_02_38_46_a_1_H@@IGHT_406_W@@IDTH_477.jpg

Security or privacy-related issues which are discovered by security researchers should be notified to as-bugbounty@nic.in and should carry the subject line as Security Vulnerability Report. Doing so will be called "responsible disclosures", and only such responsible disclosures shall be eligible for rewards. Any improvements to the source code should also be reported to as-bigbounty@nic.in.

Many cybersecurity and cyber law experts had already called out for open-sourcing the source code of the Aarogya Setu app, to accommodate developers to independently inspect all the privacy issues of the Aarogya Setu app. The government officials further stated that the move would set a significant precedent – not just for all Indian government apps in the future, but also for other governments across the world to follow.

As per Government's current stats, the Aarogya Setu app has been downloaded by 114 million users.