The application – Aarogya Setu, which signifies “bridge to health” in Sanskrit – was launched only a month and a half ago.
India has made it compulsory for government and private part employees to download it.
However, users and experts in India and around the globe state the application raise colossal data security concerns.
Aarogya Setu stores location information and requires consistent access to the mobile Bluetooth which, experts state, makes it obtrusive from a security and privacy perspective.
In Singapore, for instance, the TraceTogether application can be utilized solely by its health ministry to get to the information. It guarantees peoples that the information is to be utilized carefully for disease control and won’t be imparted to the law enforcement agencies for implementing lockdowns and quarantine.
“Aarogya Setu holds the adaptability to do only that, or to guarantee consistency of lawful requests, etc,” says the Internet Freedom Foundation, a digital rights and liberties advocacy group in Delhi.
Concerns have also been raised over how much data the app collects. It asks its users to share their name, phone number, age, gender, profession, and details of countries visited in the last 30 days.
In addition, it asks users to self-assess for any possible COVID-19 symptoms and enter that data daily. The app shows users how many people have symptoms in a particular radius, and how many have tested positive. It sends alerts when a new person near you tests positive, or if someone who was near you previously tests positive.
India has no national data privacy law, and it’s not clear who has access to data from the app and in what situations,” researchers at the Massachusetts Institute of Technology (MIT) have said in a review. The team at MIT ranks various COVID tracing tracker apps around the world for their transparency and other factors, and Aarogya Setu met just two of its five criteria.
There are no strong, transparent policy or design limitations on accessing or using the data at this point,” the researchers say while noting that India is the “only democracy making its app mandatory for millions of people.
Some fear India’s app could be used in a way that would violate civil liberties, including by helping to build a state surveillance system that could be exploited after the app outlives its coronavirus-tracking purpose.
The government, meanwhile, is considering expanding the mandate for the app. It already covers all train travellers, and it may also apply to air passengers once the world’s biggest COVID-lockdown lifts and flights resume.
Violation of the law laid down by the Supreme Court– It is important to note that the Aarogya Setu app has been launched in the time of an ongoing pandemic, when the Governments are trying to maximise data collection, often at the cost of privacy rights of citizens. India does not have a law dealing with personal data protection which should be limiting data collection and processing. SFLC.IN, along with a coalition of lawyers, social activists, entrepreneurs, and concerned citizens, had recently sent a joint letter to various ministries of the Central Government and also the heads of states and union territories expressing concerns over the unwarranted and excessive collection of personal data during the ongoing COVID-19 pandemic urging the various governments to follow law enunciated in various Supreme Court judgments. If you haven’t signed on the campaign letter.
“Aarogya Setu” is not open source – Though the Central Government has a prevailing policy on adoption of open source software the Aarogya Setu app’s code has not been made open source. Making the source code available enhances transparency and this also improves security as the code is open to community audit. The app primarily collects personal data from user cellphones and cellphones are an immense repository of personal data of users and sometimes, of a user’s contacts and acquaintances. In this scenario, keeping the source code of such an app proprietary is not advisable.