Govt opens up Aarogya Setu program code, announces reward for finding security flaws

government on Tuesday anunced opening source code of its coronavirus tracking app, Aarogya Setu, for scrutiny by developer community to dress privacy concerns and launching a bug bounty programme for finding security flaws.

NITI Aayog CEO Amitabh Kant asserted that or government in world has been open source at this scale.

government has opened source code to dress concerns around privacy of data being collected by contact tracing app.

"Transparency, privacy and security have been core design principle of Aarogya Setu. Opening source code to developer community signifies Government of India continuing principal to se commitments. or government anywhere in world has been open source at this scale," Kant said.

Meity Secretary Ajay Prakash Sawhney said that thing that is done by human being can be perfect by definition but several developers volunteered for app and me it close to a perfect product.

He said e-commerce and or companies are using this app as a precaution and get alerted about exposure to coronavirus.

National Informatics Centre Director General Neeta Verma said that re will be four categories of rewards for people who find a bug in app and come up with a suggestion to improve programming of app.

"re are three categories of securities vulnerability for which Rs 1 lakh be given in each of categories. n re is Rs 1 lakh prize for code improvement bounty," Verma said.

app was launched on April 2 and has around 11.5 crore users at present.

" source code of Aarogya Setu will be available at Github after 12 am-midnight," Verma said.

vocacy groups have alleged that government is using Aarogya Setu for mass surveillance especially in absence of any legislation around privacy. A cybersecurity expert also me similar allegations that re are loopholes in app.

Following allegations and concern, government on May 11 issued a set of guidelines for data processing of Aarogya Setu app users and ded a few clauses that may le to imprisonment of persons found guilty of violating certain rms.

new rules prohibit  stor of data beyond 180 days and enable individuals to seek deletion of ir data from government's Aarogya Setu related record within 30 days of raising request.

new rms allow collection of only demographic, contact, self-assessment and location data of persons infected by coronavirus or those who come in contact with infected person.