Aarogya Setu app available for Android, iOS, JioPhone
Aarogya Setu app became one of the most popular apps in India after just 41 days of launch. While the Coronavirus contact tracing app has gained popularity it also has its share of issues, which is dismissed by the Indian Government. However, a new report has emerged that suggests the app is hackable, thus, raising more questions on the security of Aarogya Setu. Read on to know more.
Aarogya Setu reportedly hacked
According to a report by BuzzFeedNews, a Bengaluru techie hacked the Aarogya Setu COVID-19 contact tracing app because it got mandatory for users to install the app. It is suggested that Jay (a fake name for the Bengaluru techie) didn't like the mandate of the Coronavirus tracking app for all users in India and decided to do something about it.
Jay got access to the app's code and was able to bypass all the pages that require a user's information. He got through the registration page that requires a user's mobile number and the page that asks for personal information such as name, age, gender and more. Additionally, he also made his way through the permission page wherein users are required to grant GPS, Bluetooth, and data permissions.
This way, the techie was able to get a green badge on Aarogya Setu without providing any information to the app within 4 hours. With this, he can easily show the green badge to authorities who ask for it without really keeping the app on his smartphone.
The hacker told BuzzFeedNews, "I’m rebelling against the mandatory nature of this app,” he said. “I don’t want to share my location 24/7 with the government.” He said the Indian app fared poorly against what Google and Apple were helping to build, plans that do not store personal information on centralized servers. If I was coding this app, I would have chosen to keep data points to a minimum,” he said. “If I have your location information for a month, I can gauge a lot of things about your life."
To recall, recently an ethical hacker Elliot Alderson suggested that the app has security issues as it collects users' location and Bluetooth data. Following this, the Aarogya Setu released a reply to the allegation suggesting that the app is completely safe and 'by design' collects the data also mentioned in its privacy policy. Furthermore, it was claimed that Aarogya Setu stores user data in an encrypted way on the government's data servers and deletes it after 30 days. Aarogya Setu doesn't leak users' personal information.
While the government has touted Aarogya Setu to be absolutely safe, the fact that it reportedly got hacked raises concerns that if not the government, hackers can get into the app and leak user data. It remains to be seen how the government responds to this.
