Nations across the world are coming up with their contact tracing apps for locating coronavirus patients and putting up electronic fences to isolate them. India has also released its home-baked app “Aarogya Setu,” which became the world’s fastest app to cross 50 million downloads.
Aarogya Setu has now crossed the 75 million download mark, but this number is still very small in comparison to India’s huge 1.35 billion population. PM Modi and the Indian government are advertising the app heavily and encouraging citizens to download it.
In fact, a new Livemint report suggests that India might force manufacturers to pre-install the Aarogya Setu app on smartphones sold across the nation.
Pre-installation of Aarogya Setu app in phones
The publication confirmed this news from two sources having close links to the smartphone industry — a smartphone manufacturer, and a Manufacturers Association for Information Technology (MAIT) member.
If the report is anything to go by, it says that the Indian government had asked companies to install the app by default on phones way earlier. However, due to the ongoing lockdown in the country, which was enforced in March, all manufacturing operations were ceased, and the instructions couldn’t be carried out.
Now that the lockdown is expected to end on May 3, the pre-installation of Aarogya Setu by smartphone makers will most likely resume.
Aarogya Setu will play a crucial role ahead
Meanwhile, the report also discusses how PM Narendra Modi asked all state Chief Ministers to “popularize the app and asked them to ensure downloads in greater numbers.” He cited South Korea and Singapore’s example where contact tracing apps have been successful in tracking and containing the spread of COVID-19.
India’s Aarogya Setu was also made along the same lines to fight the pandemic. The majority of Indians (around 550 million) are feature phone users in comparison to smartphone users (450 million). This is why the IT ministry is planning to launch the counterpart of the Aarogya Setu app that can work on 2G phones without Bluetooth for contact tracing.
According to an official document, the government is also exploring the possibility of the app being used as an e-pass in the near future to permit travel from one place to another.
Very recently, all the government employees were asked to download the Aarogy Setu app. They were advised to attend office only if their status in the app is “safe or low risk.”
There are other rumors too floating around the app. One such rumor claims that the app will be used by Central Industrial Security Force (CISF) and Delhi Metro to screen people who wish to travel via the metro after the lockdown is lifted.
While such reports are yet to be confirmed, delivery apps like Zomato and Urban Company have already made the Aarogya Setu app mandatory for their delivery and service executives. This indicates that it’s possible for the Aarogya Setu to come pre-installed on our smartphones. But it raises a very important question:
Is the Aarogya Setu app safe? Is it government spyware?
The New York Times has already exposed the app’s security bugs, and it was also found lacking common security measures. The Android version of the app was caught leaking a user’s latitude and longitude to a YouTube server if they performed a particular set of actions. The Aarogya Setu team acknowledged this bug in an official statement, and the app developers have fixed it now.
There is no denying that coronavirus tracker apps could be very useful at a time like this. Experts who are handling the COVID-19 cases in the country have said that the app has helped public health monitors in identifying hotspots for the virus. It has also assisted in speeding up door-to-door visits in certain areas to alert residents, many of which didn’t own smartphones.
However, such a massive nation-wide data collection also raises questions on how the data is gathered, where it is stored, and what happens with it once the pandemic ends.
Right now, the data is hosted on AWS (Amazon Web Services), and assuming that the data will be ported later, then where will it be hosted? Or who will have access to it? Who is actually in control of that? These are some questions that any privacy-concerned person would ask, and the Indian government simply doesn’t have a clear answer at the moment.
Besides, we have already seen the state of government-collected data in India and its weak security — yes, I am talking about the Aadhaar data which was compromised.
How to bypass the password protection of the official #Aadhaar #android #app in 1 minute.
For this attack, the attacker need a physical access to the phone, rooted phone is not needed and yes this is the latest version of the app.
cc @uidai @ceo_uidai pic.twitter.com/7aZ0fvr0Wv
— Elliot Alderson (@fs0c131y) March 13, 2018
Even though UIDAI denied such reports, French hacker Elliot Alderson claimed that he found details of 20,000 Aadhaar cards within a span of three hours.
Hi #Aadhaar 👋! Can we talk about the #BenefitsOfAadhaar for the #India population?
I quickly check your #android app on the #playstore and you have some security issues…It's super easy to get the password of the local database for example…🤦♂️https://t.co/acjp6tUjqs
— Elliot Alderson (@fs0c131y) January 10, 2018
In the light of recent tensions in the country’s government and the minority Muslim population, there is always some amount of cynicism when the same government asks you to divulge personal information.
Civil liberties groups around the world have warned that the rush to build virus-tracking technology may give birth to new forms of government surveillance and social control. Once such an architecture is built, it would be extremely difficult to get rid of it, even if the apps don’t emerge as an effective tool in fighting coronavirus.
Whether Aarogya Setu turns out to be one such government weapon, is something only time can tell. Until then, it’s one person’s perspective versus another’s.