Aarogya Setu Application

Introduction

Aarogya Setu is a mobile application developed by Indian Govt, to connect essential health services with the Indian people. The main aim of launching this application is to reach out to and inform the users of the app about the risks and relevant advisories related to the global pandemic, i.e., Covid-19. The data is collected from the user and analyzed to push the relevant notifications to the application users. According to Govt. of India, the data is anonymized through the anonymization process. Anonymization is a process through which the personal identifiers, both direct or indirect, are removed, which may lead to an individual’s identification if this step is skipped. Data is then stored into a secure server to protect the data from malpractices. The personal information is removed from the user’s device in 30 days and 45 days from the server. The main concern about this app is its code not being open source. If we talk about similar types of apps that have been launched in other countries, all those apps are open-sourced. Making an app an open source allows researchers to test the app. They can explore the vulnerabilities in the application, can even inform about the bugs to the developer, which may compromise with the user’s data. Talking about the security point of view, the user-id or UID in the Aarogya Setu app is a static number, which is not good. Ideally, it should be a variable number as a static number increases the probability of an identity breach. Tracking a person becomes accessible through the static number, which can be used negatively by the hackers if they get access to the application.

How does it work?

About users safety

Setu app tracks the user’s location 24x7. It also continuously traces the contacts in the background, violating the privacy of the user. For this application to work efficiently, the app should be installed in 60-70% of the population, i.e., 60-70 crore mobile phones. Moreover, this application works on a self-assessment basis, which gives the user right to mark himself/herself fit if they want to do so. Even if a person marks themselves positive since this app is Bluetooth enabled so it will not be straightforward to distinguish if a person lives in the building. The application will mark the whole building as corona positive. The majority of patients are asymptomatic, so self-assessment is of no use.

Setu app – uniqueness

Centralized vs. decentralized model

Centralized Model In a centralized system, anonymized data is collected and stored in the server. In case a person is found positive, then the information is used to warn the other users & contact tracing is done. In this model, the governing body of the application (Govt, in this case) has access to all the information. India has selected this model for this application. France is also using this model.

Decentralized Model In the decentralized model, maximum data is stored in the mobile device, and if a positive case appears, then the phone-to-phone alert is pushed. This model is being used by apple & google to develop the applications. Countries like Australia and Singapore have planned to switch to the decentralized system.

Updates

• This app will continue for at least 1-2 year • Fine of Rs 1000- or 6-months jail – Noida • Updates in the version of the app after researchers reported some crucial bugs related to user’s privacy. • Army has also warned about data security. • According to Govt, data will be only used for medical purposes • Aarogya Setu scores 2/5 stars in MIT technology review for COVID contact tracing applications.

Summary

Aarogya Setu is an excellent initiative started by the government of India to lower the risks of COVID-19. The application needs to collect the relevant data so that it can be analyzed, and notifications can be pushed. The primary intension here is to warn the users, and in case they came in contact with a COVID positive person, then the data can be used to track and isolate the Indian people. It is equally crucial for the government to ensure that the data is safe. In the era of digital India and when there are no clear guidelines about data safety & privacy, efforts should be made to increase trust among the population. The efficiency of the application depends on the number of people active on the use. If we talk about a country like India, the majority of the population doesn’t own a smartphone, so making contact tracing even more difficult. To decrease the trust deficit, Govt should issue a few guidelines that give user trust to install this application though govt has been very efficient in addressing the privacy-related bugs raised by a few security researchers. Similar actions in the future will strengthen this trust.