Aarogya Setu app now ‘mandatory’ in all workspaces: Govt

In containment zones, the government has mandated “100 per cent Aarogya Setu app”, without clarifying whether the order will also be applicable to residents in such areas or be limited only to office and workspaces.

“The pandemic is global, making contact tracing aided by technology attractive to every country. While everywhere else these apps are voluntary, India is the only country to mandate such a measure. This app is not secure, its source code is not open for examination and its security vulnerabilities are already being exploited,” technology lawyer and founder of Software Freedom Law Centre, Mishi Choudhary, said.

Aaroyga Setu, the government’s contact tracing app for tracking patients with Covid-19, and alerting others if they came in the proximity of those patients, has been under the lens for being invasive and violating data privacy norms.

According to a statement released on April 2 by the Ministry of Electronics & Information Technology, the app will track its users’ “interaction with others”, and will alert the authorities if there was any suspicion of the user having been in contact with an infected person.

“Once installed in a smartphone through an easy and user-friendly process, the app detects other devices with Aarogya Setu installed that come in the proximity of that phone. The app can then calculate the risk of infection based on sophisticated parameters if any of these contacts are tested positive,” the government had then said.

With the latest notification directing the mandatory installation of the app on smartphones, the privacy concerns with regards to the app have resurfaced.

“The privacy concerns are being highlighted again more so in relation to the uncanny similarities between Aarogya Setu and Fleming, the new Covid-19 tracking product developed by the NSO group, the infamous spyware maker and developer of Pegasus,” Salman Waris, a partner at TechLegis and head of their TMT (Technology, Media and Telecommunication) and IP (Internet Protocol) practices, said.

The NSO group’s app Fleming uses an advance mapping tool to track the spread of Covid-19 in real-time.

“It is clear that the Aarogya Setu app uses a similar mechanism as Fleming for tracking Covid-19. The app also tracks where people go, who they meet and for how long they stay at a particular place. Both can filter the movements of a certain patient by their last location or whether they visited any meeting places like public squares or office buildings,” Waris said.

IT ministry officials had last week also hinted at using the app as an e-pass for movement during the curfew hours. It had during the last week mandated that all employees in the government sector install the app.

“Most countries have opted for a data minimalistic and decentralised approach, whereas Aarogya Setu app goes against these accepted principles. By mandating all employers to ensure the adoption of the app by their employees, the government has made a mockery of the consent principle as the terms and the privacy policy of the app are now enforced on the people and they do not have any choice,” Prasanth Sugathan, legal director at SFLC told The Indian Express.