top of page
Writer's pictureAbhijeet Srivastav

How Does India's Contact Tracing App, Aarogya Setu Works!


Amid nation-wide lockdown, the Government of India released their contact tracing app, Aarogya Setu.


Three days past its release, it crossed 5 million downloads. It was ranked the world’s fastest-growing app, overtaking Pokemon Go as it’s users surged to 50 million within 13 days of launch and over 75 million till date.

But what matches the pace of its growth, is the growth of privacy concerns around the app. The app’s initial Privacy Policy had too many issues brought to notice by forums like the Internet Freedom Foundation.


The app’s Privacy Policy was updated sometime later. Still, the new one has some unaddressed issues.

How The App Works?

It takes just basic information like your name, phone number, age, sex, profession, travel history and whether or not you are smoker to register to the Aarogya Setu app.

You’ll be asked some questions for the self-assessment test for COVID-19 infection.

All collected data will be uploaded to servers of Government Of India, where they will be encrypted with a unique digital ID called your DiD.

The app also takes your phone’s location and Bluetooth access.


When you meet someone (say X), you bring your phone within the Bluetooth range of X’s phone.


If both the phones have Aarogya Setu installed and working, they will automatically exchange DiDs and record the exact GPS location and the time of the meet.




This will help the government to
  • Notify, test and maybe quarantine everyone he met.

  • Sanitize the places he went to.

  • Test people of the neighborhood he lives in.

That means you’ll be notified if someone you have crossed path with previously has been tested positive for COVID19.


More Of A Surveillance?

The self-assessment test in the app will search for symptoms to figure out the probability of you being infected with the corona virus infection.


Based on this, you’ll be graded into colors:

  • Yellow or Orange means you have a higher risk of getting infected with the Novel Corona virus.

  • Green means you have relatively less probability of being so.

The app keeps tracking your location every fifteen minutes. It also keeps a record of everyone’s DiD you met.

But the Privacy Policy of the app states this information will only be uploaded to the servers if:

  • You test positive for COVID 19

  • Your self-declared symptoms indicate you’re likely to be infected with the virus

  • The result of your self-assessment test is either YELLOW or ORANGE.

The information will be kept securely on your phone if you are not unwell or if the result of your self-assessment test is GREEN.

If your results stay GREEN for 30 days, the following data collected in the past 30 days will be deleted from the phone:

  • The places you visited & location collected every 15 minutes.

  • The DiDs of people you met.

  • Results of the self-assessment tests.


Fundamental Rights Are Endangered.

Journalism site, The Hindu, reports that in China a similar app was started as a voluntary service for informing users of their potential exposure to infected persons, but it soon began to be used as an e-pass for allowing access to public transport.

Situations seem similar in India, where the Aarogya Setu app shows a tab titled “E-pass coming soon”.


The app, which is based on voluntary consent, can thus violate the fundamental rights if it is used an E-pass required for moving around.

Individuals will be forced to download and use the app to be allowed to use basic amenities. Citizens will be bound to give up their fundamental rights of privacy to use government benefits.


Aadhar was too initiated as an optional programme to provide government benefits to citizens based on their voluntary consent. But was made compulsory for even private services such as banking and mobile phone registrations.


The App Once Exposed Location Data Of Users To YouTube

The app noted, “When a user filled a self-assessment in the app, and then immediately scrolled down to the YouTube iframe, a referral header containing latitude-longitude information with no other personal identifier was visible to Google”.

Though, this was fixed on 26 April.


Conclusion

This app is quite good for surveillance the spread of the corona virus and could be better if privacy concerns are resolved..and its under process as government has released the base code of the app for bug bounty programs.



 
8 views0 comments

Recent Posts

See All

Comments


bottom of page