Ever since an app to trace coronavirus patients in India, called AarogyaSetu, was launched by the Indian government in April. privacy and security experts had been calling on the government to publicly release the source code of its contact-tracing app. The Indian government has now conceded to the demand.
Calling the move to as an effort of “opening the heart” of the AarogyaSetu app to allow engineers to inspect and tinker with the code, the announcement was by the country’s Ministry of Electronics and Information Technology Secretary Ajay PrakashSawhney earlier this week. In less than two months, more than 114 million people have downloaded the app which is virtually unparalleled globally.
The source code of AarogyaSetu’s Android app was published on GitHub while the government will release the code of iOS and KaiOS apps in a “few weeks”. Almost 98% of the users of the app are Android platform users in India.
Cash prizes of up to $1,325 will be offered by the government to any security experts who manage to identify and report bugs and vulnerabilities in the app, Sawhney said.
Demand for the release of the code of the app for public auditing was raised by several privacy and security advocates, as well as India’s opposition party. There were reports of some lapses in the app which the Indian government had then claimed to be features of the app.
The concerns of people over the app should now be allayed with the release of the codes, Sawhney said. “The government was not open-sourcing AarogyaSetu, as it worried that it would overburden the team, mostly comprising volunteers, that is tasked to develop and maintain it,” Sawhney had said earlier this month.
The self-assessment test to evaluate their risk of exposure had been taken by about two-thirds of AarogyaSetu users, the ministry said. It further said that alters about users having made contact with someone who is likely ill with the disease had been sent to more than half a million Indians so far.
The ministry has also said that more than 900,000 users had also been to quarantine themselves or get tested for the disease by the app which uses both Bluetooth and location data to function. It said that about 24% of such users have confirmed to be positive with Covuid-19.
“Opening the source code to the developer community signifies our continuing commitment to the principles of transparency and collaboration,” the Ministry of Electronics and Information Technology said in a statement. “AarogyaSetu’s development has been a remarkable example of collaboration between government, industry, academia and citizens.”
Some specific data is stored in a centralized server by the AarogyaSetu app unlike some of the other contact-tracing technologies developed by smartphone vendors Apple and Google. But this approach could result in leakage of sensitive details of several Indians if there was hack of the servers, several privacy experts, including researcher Baptiste Robert, had argued.
“Open-sourcing AarogyaSetu is a unique feat for India. No other government product anywhere in the world has been open-sourced at this scale,” said Amitabh Kant, chief executive of government-run think-tank NITI Aayog.
(Source:www.techcrunch.com)
Calling the move to as an effort of “opening the heart” of the AarogyaSetu app to allow engineers to inspect and tinker with the code, the announcement was by the country’s Ministry of Electronics and Information Technology Secretary Ajay PrakashSawhney earlier this week. In less than two months, more than 114 million people have downloaded the app which is virtually unparalleled globally.
The source code of AarogyaSetu’s Android app was published on GitHub while the government will release the code of iOS and KaiOS apps in a “few weeks”. Almost 98% of the users of the app are Android platform users in India.
Cash prizes of up to $1,325 will be offered by the government to any security experts who manage to identify and report bugs and vulnerabilities in the app, Sawhney said.
Demand for the release of the code of the app for public auditing was raised by several privacy and security advocates, as well as India’s opposition party. There were reports of some lapses in the app which the Indian government had then claimed to be features of the app.
The concerns of people over the app should now be allayed with the release of the codes, Sawhney said. “The government was not open-sourcing AarogyaSetu, as it worried that it would overburden the team, mostly comprising volunteers, that is tasked to develop and maintain it,” Sawhney had said earlier this month.
The self-assessment test to evaluate their risk of exposure had been taken by about two-thirds of AarogyaSetu users, the ministry said. It further said that alters about users having made contact with someone who is likely ill with the disease had been sent to more than half a million Indians so far.
The ministry has also said that more than 900,000 users had also been to quarantine themselves or get tested for the disease by the app which uses both Bluetooth and location data to function. It said that about 24% of such users have confirmed to be positive with Covuid-19.
“Opening the source code to the developer community signifies our continuing commitment to the principles of transparency and collaboration,” the Ministry of Electronics and Information Technology said in a statement. “AarogyaSetu’s development has been a remarkable example of collaboration between government, industry, academia and citizens.”
Some specific data is stored in a centralized server by the AarogyaSetu app unlike some of the other contact-tracing technologies developed by smartphone vendors Apple and Google. But this approach could result in leakage of sensitive details of several Indians if there was hack of the servers, several privacy experts, including researcher Baptiste Robert, had argued.
“Open-sourcing AarogyaSetu is a unique feat for India. No other government product anywhere in the world has been open-sourced at this scale,” said Amitabh Kant, chief executive of government-run think-tank NITI Aayog.
(Source:www.techcrunch.com)