The Aarogya Setu app has a “security problem” that has put the privacy of crores of Indians on the line, French security researcher Robert Baptist who uses the username Elliot Alderson for his work on Twitter.
The researcher tweeted on Tuesday in the government’s contact-tracking software to warn the government and over 1.67 lakh supporters about the suspected security issue.
The CERT-In and NIC (National Informatics Centre) team of India’s Emergency Response Team reached him quickly for an understanding of the issue. The Aarogya Setu app’s department, however, denied the researcher’s argument.
The researcher tweeted with the Aarogya Setu app Tuesday without describing the loophole. “Ninety million Indians are at risk of privacy. You have privately been able to reach me? “He posted on Twitter and tagged the touch tracing app’s official page.
In his tweet, the researcher also wrote that Congressman Rahul Gandhi was right. Gandhi reported last week that the Aarogya Setu software is a ‘sophisticated surveillance device’ posing “significant privacy and data protection issues” and that it is outsourced to a private provider without institutional oversight.
The researcher said he had been contacted by the CERT-In and NIC Teams within 49 minutes of the initial tweet. “[The] issue was exposed,” he added. The application is the most downloaded software in India, with broken records on how quickly it’s uploaded.
Nevertheless, there have been numerous critiques from organizations such as the Software Freedom Law Centre, India (SFLC.in) and the Internet Freedom Foundation (IFF), even although it was originally a voluntary initiative, this changed rapidly.
In a note tweeted early Wednesday, the team behind the Aarogya Setu Device acknowledged the researchers’ touch. It did not, however, have any detail on the alleged safety issue and also refute the alleged security question.
“No personal information of any user has been proven to be at risk by this ethical hacker. We are continuously testing and upgrading our systems. Team Aarogya Setu assures everyone that no data or security breach has been identified,” the team wrote in the note.
He also told the team about triangulation — suggesting a breakdown in the structures which collects user data using the application. “I am going to come back to you tomorrow.”
It became common in India as security issues had been discovered in the past in the Aadhaar program. The researcher has also reported that millions of Adhaar distributors affiliated with the LPG brand Indane have been subjected to a security loophole last year. Nevertheless, the company denied his argument.
In January 2018, a fault in OnePlus’ OxygenOS clipboard that supposedly allowed data to be transmitted to China was also found by the researchers. However, the mobile maker denied the investigator’s claims.