No personal info of any user has been proven to be at risk; no data or security breach: Aarogya Setu app team
May 06, 2020
New Delhi [India], May 6 : The Aarogya Setu app team on Wednesday assured that no personal information of any user has been proven to be at risk and there has been "no data or security breach". The statement came after claims regarding data security issues were made by an ethical hacker.
A statement by Aarogya Setu team on its official Twitter handle said the app fetches user location by design and this "clearly detailed in the privacy policy." Aarogya Setu app is a mobile application for contact tracing and dissemination of medical advisories to contain the spread of COVID-19
It added that the location is fetched, stored and reproduced in a "secure, encrypted, anonymised manner" for the benefit of others at risk of contracting the disease.
An ethical hacker had alerted about "potential security issue" of the app.
The points raised by the ethical hacker included the app fetching user location and users being able to get the COVID-19 stats displayed on the home screen by changing the radius and latitude-longitude using a script.
The statement added that the COVID-19 stats are already public for all locations and hence, it does not compromise on any personal or sensitive data.
"No personal information of any user has been proven to be at risk by this ethical hacker. We are continuously testing and upgrading our systems. Team Aarogya Setu assures everyone that no data or security breach has been identified," it added.
The Aarogya Setu app, launched earlier last month, enables people to themselves assess the risk for their catching the coronavirus infection.
The app makes its calculations based on a person's interaction with others, using Bluetooth technology, algorithms and artificial intelligence.