Amid the privacy and security concerns around the central government’s contact tracing application Aarogya Setu, Madhya Pradesh government’s Saarthak app has come under the scanner for exposing the stored data of quarantined people in the state.
French computer programmer Robert Baptiste (popularly known as Elliot Alderson) tweeted that the information collected by the Saarthak app and stored on Madhya Pradesh state government’s website is publicly accessible.
As per information shared by the Baptiste, the Covid-19 dashboard on the state government’s website revealed the name of the quarantined people, their device ID and name, OS version, app version code, GPS coordinates of their current locations, as well as the GPS coordinated of their office. He also shared the link of the site along with the screenshots of the leaked data.
In India, the state of Madhya Pradesh created a #Covid19 dashboard with:
– name of quarantined people
– their device id and name
– os version
– app version code
– the gps coordinates of their current location
– the gps coordinates of their officehttps://t.co/lRKaqGmc8P pic.twitter.com/EKgdhKqL7p
— Elliot Alderson (@fs0c131y) May 10, 2020
The application developed by the state Department of Science and Technology’s MAP-IT or Madhya Pradesh Agency for Promotion of Information Technology is aimed at keeping a record of people asked to stay in home quarantine in the state.
Soon after the hacker tweeted about the mishap with the stored data, MAP-IT replied that they have taken cognisance of the issue and examining it in detail. It also said that they have brought down the dashboard until the issue is resolved.
Notably, the central government had issued an advisory regarding the protection of the identity of CoOVID-19 patients and the people who have been quarantined.
Speaking to the Hindustan Times, MAP-IT CEO Nand Kumaram said that Sarthak App is to help the state in COVID management. He said that the portal has some information which should not have been there and they are removing the dashboard and working on a new access strategy to grant access to data only to authorised people.
Express Tech is now on Telegram. Click here to join our channel (@expresstechnology) and stay updated with the latest tech news
The website geoportal.mp.gov.in/ is no longer accessible to the public. If you try to open the link, it asks for authorisation.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines