In a press notification released by Press Information Bureau (PIB), the Government of India has made the source code open for its Covid-19 contact tracing app Aarogya Setu. The government has also launched an Aarogya Setu rewards program, called ‘Bug Bounty,’ with the aim of identifying any security loopholes that may be exploited by potential hackers.
The twin announcements could be seen as trust-building exercises to make end users more comfortable with downloading and using the app. The move also comes in the wake of a spate of criticisms of the app on issues related to privacy and security. There are an estimated 114 million users of the app.
The decision to open the app’s source codes is in line with India’s policy on open source software. The source code for the Android version of the application is available for review and collaboration at https://github.com/nic-delhi/AarogyaSetu_Android.git. The iOS version of the application will be released as open source within the next two weeks and the server code will be released subsequently, the PIB release said. Almost 98% of Aarogya Setu Users are on Android platform.
Of the more than 114 million registered users, two-thirds have taken the self-assessment test to evaluate their risk of exposure to Covid-19. The app could not just recommend an affected user to go into self-quarantine but also send alerts to the concerned health authorities in the area. This could lead to very timely and targeted responses by the healthcare officers as well as the local administration (see How smartphones could be Covid-19 testing game changers.)
The process of supporting the open source development will be managed by National Informatics Centre (NIC). All code suggestions will be processed through pull request reviews. Aarogya Setu’s source code has been licensed under Apache License.
Any reuse of the source code with changes to the code requires the developer to carry a notice of change. More details can be found in the Frequently Asked Questions document available at https://www.mygov.in/aarogya-setu-app/.
Through the Bug Bounty program, the government aims to partner with security researchers and Indian developer community to test the security effectiveness of Aarogya Setu and also to improve or enhance its security and build user’s trust. Details of the Bug Bounty Program is available on the innovate portal of MyGov at https://innovate.mygov.in/.
The Aarogya Setu app was launched on 2 April 2020, and is available in 12 languages and on Android, iOS, and KaiOS platforms. The key pillars of Aarogya Setu have been transparency, privacy, and security.
The app has helped identify about 500,000 Bluetooth contacts. So far, the platform has reached out to more than 900,000 users and helped advise them for quarantine, caution or testing. Amongst those who were recommended for testing for Covid-19, it has been found that almost 24% of them have been found Covid-19 positive.
Analytics of Bluetooth contacts and location data has also helped identify potential hotspots with higher probability of COVID cases allowing State Governments and District Administration and Health authorities to take necessary steps for containment of the pandemic, early, which is critical for controlling the spread of the pandemic.
The Aarogya Setu data, fused with historic data, has shown enormous potential in predicting emerging hotspots at sub post office level and around 1,264 emerging hotspots have been identified across India that might otherwise have been missed.
0 Comments