India makes source code of contact-tracing app public
NEW DELHI: India said on Tuesday (May 26) it was making public the source code of its coronavirus contact-tracing app Aarogya Setu for Google's Android smartphones, a move digital rights activists said will boost the security of users.
The bulk of India's roughly 500 million smartphone users have Android devices and the source code for the app's iOS version will be released in the next two weeks, India's tech ministry said in a statement.
"Transparency, privacy and security have been the core design principles of Aarogya Setu since its inception. And opening the source code up to the developer community signifies the government of India's continuing commitment to these principles," Amitabh Kant, CEO of the government think-tank NITI Aayog, told a news conference.
Aarogya Setu ("Health Bridge") was launched by the government in early April as a key tool in containing the spread of COVID-19. It is currently used by more than 115 million Indians.
It uses Bluetooth and GPS on smartphones to record when people come in close contact with one another, so that contacts can be quickly alerted when a person is diagnosed with COVID-19.
Privacy advocates including a French hacker who called out some of Aarogya Setu's flaws on Twitter had asked the government to make the app's source code public, which would allow security researchers to inspect the system and find how it captures data.
A source code refers to programming instructions which are used to run an application.
Udbhav Tiwari, the public policy adviser for internet firm Mozilla, said the Aarogya Setu app still had some ground to cover before it could claim to be truly open source.
"This includes open sourcing the server-side code and ensuring that the app is built exclusively from its public repository," Tiwari said. On Tuesday, the government said it did plan to release the server code.
India has been encouraging a widespread use of the app including for rail and air travel, although it softened its previous demand for compulsory use by office workers, after a backlash from privacy advocates.
The app, which was initially available for only Android smartphones and Apple devices, can now also be used in cheap internet-enabled phones which run on the KaiOS mobile operating system.