On Wednesday, 6 May, the French cybersecurity expert and hacker “Elliot Alderson” claimed on twitter that a security vulnerability in the app allows an attacker to “know who is infected, unwell, made a self-assessment in the area of his choice”.
He also said that the app is allegedly exposing sensitive health data of millions of Indian citizens but IT minister Ravi Shankar Prasad as well as the Aarogya Setu team denied this.
According to the hacker, the Aarogya Setu app fetches location data and on a few occasions and the same has been acknowledged by the developers of the app saying “it is by design and is clearly mentioned in the privacy policy” of the app.
The team acknowledges some of the issues but they don’t ready to accept it. IT minister Ravi Prasad told us that “This is a technological invention of India, Ministry of Electronics and Information Technology, our scientists, NIC, Niti Aayog and some private entities” and it is the right platform which helps in fighting from COVID 19.
Last week the Congress leader Rahul Gandhi also raised the data security concerns related to the app. He called the app ‘a sophisticated surveillance system’.
After Rahul’s tweet, Anderson requested on Twitter that ” I need to do one final test, If you have a valid Indian phone number and never created an account on Aarogya Setu, can you send me a DM now?”
In another tweet, Anderson told that
“To be super clear:
-I’m waiting for a fix from their side before disclosing publicly the issue. Putting the medical data of 90 million Indians is not an option,
-I have very limited patience, so after a reasonable deadline, I will disclose it, fixed or not”.
From starting the Aarogya Setu app comes under the criticism for security and privacy as well as the lack of audit and transparency.
[zombify_post]