scorecardresearch
Follow Us:
Sunday, July 05, 2020

Explained: What making Aarogya Setu open-source means

The IT Ministry's move came in the wake of demands from cyber law experts and critics who had said the app was too closed in nature and without adequate data protection measures.

Written by Aashish Aryan | New Delhi | Updated: May 28, 2020 7:42:51 am
Aarogya Setu, Aarogya Setu app, Aarogya Setu open source, what is Aarogya Setu open source, how to participate Aarogya Setu open source, how to check Aarogya Setu source code, Aarogya Setu bounty programme Aarogya Setu is a contact-tracing app developed by the National Informatics Centre (NIC) under the Ministry of Electronics and Information Technology. (File Photo)

On Tuesday, the Ministry of Electronics and Information Technology announced that it has released the source code of Aarogya Setu app to promote transparency and collaboration with the software developer community. The IT Ministry’s move came in the wake of demands from cyber law experts and critics who had said the app was too closed in nature and without adequate data protection measures.

What does an open-source software mean?

Software can be divided into two broad categories, proprietary and open source.

Any software that has to be bought or licensed from the creator of the software is called a proprietary or closed-source software. Examples include Microsoft Windows, Google Earth and Adobe Photoshop. The intellectual property rights of the software, even if bought or licensed, remains with the creator.

Open-source software requires no licensing and need not be bought. Its source code is open for everyone to download, examine, redistribute, and improve upon if they can, with an acknowledgment to the original software coder or the company. Examples of such software are WordPress, VLC Media Player, and the Mozilla browser.

📣 Express Explained is now on Telegram. Click here to join our channel (@ieexplained) and stay updated with the latest

Why has the source code of Aarogya Setu been made public?

When launching the app on April 2, the IT ministry had explicitly mentioned in the terms of use that no one was allowed to reverse-engineer the app or alter with the coding of the app. This led to critics questioning whether the app could be used for surveillance and go beyond its mandate of contact tracing. Cyber law experts and the software developer community called upon the government to allow reverse engineering and also publish the source code of the app so that it could be seen by anyone.

Read | Mandating use of Aarogya Setu app illegal, says Justice B N Srikrishna

While releasing the source code on Tuesday, the government said it was doing so to promote transparency and ensure security and integrity of the app. The source code, the government said, was released in line with its “Policy on Adoption of Open Source Software for Government of India”.

The source code of Aarogya Setu app was released to promote transparency, the government said. (Express photo: Sneha Saha)

Does that address security and privacy concerns?

It is too early to tell, say experts. Now that the source code has been released, software developers from around the world will be able to go through the code and point out vulnerabilities or fix loopholes, if any, by writing fresh codes and suggesting these to the government, Udbhav Tiwari, Public Policy Advisor at Mozilla said.

Besides, the government has not yet released the server-side code of the app. Kazim Rizvi, founder of policy think-tank The Dialogue, said the server-side code must be released to further assuage privacy and security concerns.

Also read | Aarogya Setu: Who can access your data, and when?

Explained

May help assuage concerns over privacy, security

With the opening up of the source code for developers as well as the announcement of a bounty scheme for finding bugs in the Aarogya Setu app, the government has opened itself to scrutiny of coders across the world. This will, however, restore some faith in skeptical minds as they can now read and understand the code for themselves. It will also help in assuaging the data privacy and security concerns surrounding the app.

What purpose will open-sourcing the server-side code serve?

Any applications or functionalities on mobile phones and other handheld devices need Internet connectivity to run. Sending and processing of such data is done on the server. By having access to the server-side data, individuals can check whether the data provided to the app is flowing directly to the dedicated servers or not. If not, either the discrepancy can be reported or clarifications can be sought from the government.

📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines

For all the latest Explained News, download Indian Express App.

0 Comment(s) *
* The moderation of comments is automated and not cleared manually by indianexpress.com.
Advertisement
Advertisement
Advertisement
Advertisement