https://images.indianexpress.com/2020/05/arogya-setu.jpg
Aarogya Setu is a contact-tracing app developed by the National Informatics Centre (NIC) under the Ministry of Electronics and Information Technology. (Express photo: Sneha Saha)

The Indian Express

Aarogya Setu becomes open source: What does it mean?

The iOS version of the application will be released as open-source within the next two weeks and the server code will be released subsequently, the government has confirmed. The government has said that nearly 98 per cent users of Aarogya Setu app use an Android phone. 

by

Ever since the launch of the Aarogya Setu app back in April 2020 there have been several questions around user privacy and security. Given the application uses Bluetooth and location data to find out whether a user has come in contact with a Covid-19 positive person or not it has been criticised when it comes to handling user data. In the past few months, several developers and researchers have called out the contact tracing application for putting user data at risk.

As an answer to that today the government of India has made the Android version of the Aarogya Setu app open source, which means developers will be able to inspect the source code of the app and modify for changes. The source code of the Android version is already available for review and collaboration. All developers and researchers can visit this link to participate: https://github.com/nic-delhi/AarogyaSetu_Android.git

The government has announced that the iOS version of the application will be released as open-source within the next two weeks and the server code will also be released subsequently. The government has also said that nearly 98 per cent users of Aarogya Setu app use an Android phone. The app is available for both iOS and Android users.

Commenting on opening the source to the developer community the government of India says that it signifies their continuing commitment to the principles of transparency and collaboration. “With the release of the source code in the public domain, we are looking to expanding collaboration and to leverage the expertise of top technical brains amongst the talented youth and citizens of our nation and to collectively build a robust and secure technology solution to help support the work of frontline health workers in fighting this pandemic,” the press note states.

The process of supporting the open-source development will be managed by National Informatics Centre (NIC). Notably, all code suggestions will be processed through pull request reviews. The government of India has also requested the developers to help find any vulnerabilities or code improvement in order to make “Aarogya Setu more robust and secure”. For this, the government has launched a Bounty Programme “with a goal to partner with security researchers and Indian developer community to test the security effectiveness of Aarogya Setu and also to improve and enhance its security and build user’s trust.”

“Releasing the source code of the rapidly evolving product that is being regularly used by over 114 million people is challenging. Developing and maintaining the source code is both the responsibility of the team Aarogya Setu and the developer community,” the press statement stated.