Aarogya Setu App Goes Open Source, Announces Rs 1 Lakh Prize For Finding Bugs
Govt announced releasing the source code of Aarogya Setu Android app on GitHub
Aarogya Setu -- India¡¯s contact tracing app has been the talk of the town recently, especially due to its privacy concerns. Even MIT Technology Review reduced its rating of two starts to just one, out of five, last week.
However, looks like Aarogya Setu wants to change things, wants to earn back people¡¯s trust.
Yesterday, the government announced that it will be releasing the source code of Aarogya Setu Android app on GitHub. This basically means that the government is putting the skeleton, the insides of the app on display for anyone online to peruse or look into.
This is being done to help privacy advocates and ethical hacking community to better understand the process of the app and display how safely it is conducting its operations to better help the citizens of the nation.
The source code of Aargogya Setu¡¯s Android app is available on GitHub. The iOS app will take some more time.
The app has also made quite a few changes in its policies in the last few weeks. Most noteworthy ones are the changes in the guidelines which doesn¡¯t make the app mandatory anymore -- even for people living in containment zones. The exception to this includes travellers migrating back home in train and flights. It is compulsory for them to be signed up to the app.
Another cool update that app developers made was to remove restrictions on tampering or reverse-engineering the app. The app now allows a developer to look for vulnerabilities within the app, if any and report them to the authorities. This has also paved the way for bug bounty programmes for the app.
Bug bounty programme
Government has announced the bug bounty programme for the Aarogya Setu app. It will be hosted by the MyGov team where researchers can avail up to Rs 1 lakh worth of bounty for finding security vulnerabilities within the app. Moreover, there will be an additional code improvement bounty of Rs 1 lakh.
People in tech were surely surprised by this unprecedented step.
Udbhav Tiwari, Public Policy Advisor at Mozilla, issued a statement while also stating some areas of improvement, "Mozilla welcomes the decision to open source the Aarogya Setu app. While the move will go a long way in improving user trust and security, some significant steps remain before the app¡¯s infrastructure can be called truly open source. This includes open sourcing the server-side code and ensuring that the app is built exclusively from its public repository. Indians are still awaiting a comprehensive data protection law which would better protect them from the inherent privacy risks of exposure notification technology."