A Twitter handle of Elliot Alderson, has flagged some security issues with the ‘Aarogya Setu’, a coronavirus tracking application of the government. A tweet by the handle states that a security issue has been found and the privacy of 90 million Indians is at stake.
The developers of the application in its clarification said that no personal information of any user has been proven to be at risk but did acknowledge some of the issues raised by the Twitter handle of French cybersecurity expert and hacker.
— Aarogya Setu (@SetuAarogya) May 5, 2020
The Twitter handle had pointed out that the app fetches locations of a user on a few occasions and that users can get the Covid19 stats displayed on home screen by changing the radius and latitude-longitude using a script.
As to the second allegation that the radius and latitude-longitude can be changed, the developers said that the radius parameters are fixed and can only take one of the five values- 500 mts, 1 km, 2km, 5km and 10 km.
The application is developed by the National Informatics Centre (NIC). Alderson said that the response of the application developers was ‘nothing to see here’. He also said that the concerns raised by Rahul Gandhi were indeed right.