Within just a month of its release, Aarogya Setu, the Indian COVID-19 tracking app, has created a lot of buzz for its creditability and security. Hackers have also reported security flaws questioning its vulnerable data handling.
Though Aarogya Setu is also helping the government to fight against the coronavirus outbreak, there has been an upsurge on Twitter with hashtag ‘#OpenSourceAarogyaSetu.’ Owing to privacy concerns, people are urging the Indian government to make the source code of Aarogya Setu public. So what does open source mean and how can it help the app? Let’s find out.
A few days ago, a French hacker, with the pseudonym “Elliot Anderson”, published a detailed article to demonstrate the possible risks in the Aarogya Setu app. Hours later, a hashtag about the Aarogya Setu app entered the trending list in India. However, people had already been demanding the same since other security researchers started noticing vulnerability in the app.
You have the power to make it happens. Tweet #OpenSourceAarogyaSetu until they really do it pic.twitter.com/7EWcuVO1Ej
— Elliot Alderson (@fs0c131y) May 6, 2020
What Is Open Source Software?
If you’re new to the term ‘open source,’ let me tell you that it’s a popular word in the world of software development. It simply means making the source code of software public so that anyone can access, analyze, modify, and enhance the design code freely.
Open source aims to bring a community of developers and testers to work on the app, making it more secure and stable. However, the open-source software is also released under a different type of license to comply with some rules.
How Can Open Source Help Aarogya Setu?
As of now, only government IT institutions design, develop, and maintain the Aarogya Setu app. Hence, they hold all rights and codes of software. But if it goes by what people want — the pen-sourcing of Aarogya Setu — anyone would get the code of the app and use it to find bugs and security vulnerability or further modifications.
In this way, first, it could bring a number of volunteers to participate in the development of an app that can save money. Secondly, a large number of open source security researchers and bug bounty hunters can test and discover the application to eliminate all bugs and vulnerabilities.
Since it is currently under government, only an allowed and limited group of developers and security institutions tests the Aarogya Setu.
Now you may think that people would have access to code so they can also find a way to alter and hack. Well, we should take a moment and think about the world’s largest open-source project, Linux Kernel, which powers the world’s top supercomputer, enterprise servers, and even your Android mobile phone.
The Way Ahead
Looking at the latest reply to that public demand, the Government denies any of the data mishandling by saying: ‘Aarogya Setu is completely safe and secure.’
Aarogya Setu is completely safe and your data is fully secure.
Its Privacy first by design.
All your queries answered here.
Do watch and share.#SetuMeraBodyguard#IndiaFightsCoronahttps://t.co/i0Ul06uGct— Aarogya Setu (@SetuAarogya) May 7, 2020
Also, as per the current Terms of Use, no one is allowed to tamper or perform reverse-engineering of the app for any purpose. However, in a report by TheQuint last week, officials had also confirmed that they will make the application code public to the scientific and research community soon.
