Amid concerns about security and privacy of user data, the developers of the Aarogya Setu app, a smartphone application developed by the Centre to contain the spread of coronavirus, have issued an official statement reaffirming that no data and security breach has been identified and the application is safe to use.
The statement came after a French security researcher Robert Baptiste, better known as Elliott Alderson, claimed that it is capable of leaking data of the around 9 crore users who have downloaded the app.
“No personal information of any user has been proven to be at risk by this ethical hacker,” said a tweet by the app’s twitter handle. “We are continuously testing and upgrading our systems. Team Aarogya Setu assures everyone that no data or security breach has been identified,” it added.
The app developers said that they were “alerted by an ethical hacker of a potential security issue of Aarogya Setu”, which they discussed with him.
Two issues were pointed out by the ethical hacker, the statement said. The first issue was that “the app fetches user location on a few occasions”, while the second was “user can get the Covid-19 stats displayed on home screen by changing the radius and latitude-longitude using a script.”
The developers stressed that the fetching of a user’s location is “by design”, and it is “stored on the server in a secure, encrypted and anonymised manner.”
For the second issue, the team said the radius parameters on the app “are fixed and can only take one of the five values: 500m, 1km, 2km, 5 km, and 10 km.” It further added that the information does not compromise on any personal or sensitive data.
Notably, the government has made it mandatory for all public sector and private employees who go to offices to download the app.