Coders flag host of issues, offer tips to improve Aarogya Setu
NEW DELHI: In less than 48 hours since the Android code of the Aarogya Setu mobile application was thrown open for review, at least 176 issues of various levels of severity was flagged by the software developer community to help the government identify and plug holes -- from the way it uses Bluetooth for contact tracing to typos in the text.
The number and nature of suggestions that poured in could make Aarogya Setu, now being used by over 100 million Indians, one of the first big government projects to be improved through public inputs, experts said.
“People have raised a lot of issues and while among these, many may be minor, what it really shows is participatory governance in the making,” said Srinivas Kodali, an independent researcher working on technology, data and governance.
“But it needs to be extended to other governance applications and IT systems,” he added.
The code of Aarogya Setu application for Android phones was shared at 12am on Wednesday on code-sharing website GitHub. A review of issues posted by people varied from concerns over the way the app deployed Bluetooth, typos in the text displayed by the application and suggestions for improvements.
“All suggestions are under review by the technical team,” said Abhishek Singh, CEO of MyGov.
An IT ministry official, who asked not to be named, added that the technical team has been instructed to notify MyGov in case of a serious issue .
So far, no “significant” development has been flagged, added the official.
However, some posts said that the version available for users to download through the Google Play store is not the version for which the code was made public.
One of the more serious concerns, flagged by Sydney-based developer Jim Mussared, concerned the way contact-tracing applications use Bluetooth to determine whether people have been in close contact with another person.
The vulnerability, which has at least been identified in Australia’s COVIDSafe application, allows for long-term tracking of users and possibly enables other Bluetooth-based attack vectors, the global vulnerability listing of the problem showed.
“We have not confirmed that the issue exists in the Aarogya Setu app, we just wanted to reach out to the team so they could clarify for sure. Given that it affects other apps it seemed important to check with them, but we haven’t been able to get a reply by email yet,” said Mussared in an email.
The researcher added that there have been several issues in contact-tracing apps from multiple nations, and that many of these are due to using Bluetooth in this manner