French researcher flags Aarogya flaws, govt denies
NEWDELHI: The Union government’s Aarogya Setu application has vulnerabilities that could compromise the identity and movement of the millions of Indians who use it, according to a French computer researcher who posted a technical analysis of the flaws on Wednesday, and ostensibly illustrated how he could determine whether someone reported being infected at sensitive locations such as Parliament. The developers of the application dismissed the findings as a risk and said it was part of the application’s design that is meant to allow users to determine who in their vicinity is unwell, infected or healthy. But the defence was dismissed by the Frenchman – who goes by the nom de guerre of Elliot Alderson --- and a second cyber expert HT spoke to.
The government also said the platform is “absolutely robust, safe and secure”.
“This is a technological invention of India — ministry of electronics and information technology, our scientists, NIC, Niti Aayog and some private (entities) — whereby it is a perfectly accountable platform to help in the corona fight,” Union minister Ravi Shankar Prasad told PTI.
The posts by Alderson add to the misgivings expressed by privacy experts around apps such as Aarogya Setu, which has been made mandatory for an increasing number of Indians as officials push it as a crucial tool to contain the Covid-19 outbreak.
According to Alderson, the application’s location functionality can be paired with a technique called triangulation, which could allow anyone who can manipulate the programme at a technical level to determine who is infected in a specific, 1-metre area. Triangulation refers to use of multiple data points to zero in on a precise information or location that is otherwise available on a more vague scale.