Firstpost
  • Home
  • Video Shows
    Vantage Firstpost America Firstpost Africa First Sports
  • World
    US News
  • Explainers
  • News
    India Opinion Cricket Tech Entertainment Sports Health Photostories
  • Asia Cup 2025
Apple Incorporated Modi ji Justin Trudeau Trending

Sections

  • Home
  • Live TV
  • Videos
  • Shows
  • World
  • India
  • Explainers
  • Opinion
  • Sports
  • Cricket
  • Health
  • Tech/Auto
  • Entertainment
  • Web Stories
  • Business
  • Impact Shorts

Shows

  • Vantage
  • Firstpost America
  • Firstpost Africa
  • First Sports
  • Fast and Factual
  • Between The Lines
  • Flashback
  • Live TV

Events

  • Raisina Dialogue
  • Independence Day
  • Champions Trophy
  • Delhi Elections 2025
  • Budget 2025
  • US Elections 2024
  • Firstpost Defence Summit
Trending:
  • Charlie Kirk shot dead
  • Nepal protests
  • Russia-Poland tension
  • Israeli strikes in Qatar
  • Larry Ellison
  • Apple event
  • Sunjay Kapur inheritance row
fp-logo
Aarogya Setu not ‘open source’ in real sense, claim cybersecurity activists, say server code must be made public
Whatsapp Facebook Twitter
Whatsapp Facebook Twitter
Apple Incorporated Modi ji Justin Trudeau Trending

Sections

  • Home
  • Live TV
  • Videos
  • Shows
  • World
  • India
  • Explainers
  • Opinion
  • Sports
  • Cricket
  • Health
  • Tech/Auto
  • Entertainment
  • Web Stories
  • Business
  • Impact Shorts

Shows

  • Vantage
  • Firstpost America
  • Firstpost Africa
  • First Sports
  • Fast and Factual
  • Between The Lines
  • Flashback
  • Live TV

Events

  • Raisina Dialogue
  • Independence Day
  • Champions Trophy
  • Delhi Elections 2025
  • Budget 2025
  • US Elections 2024
  • Firstpost Defence Summit
  • Home
  • India
  • Aarogya Setu not ‘open source’ in real sense, claim cybersecurity activists, say server code must be made public

Aarogya Setu not ‘open source’ in real sense, claim cybersecurity activists, say server code must be made public

Neerad Pandharipande • June 15, 2020, 10:22:50 IST
Whatsapp Facebook Twitter

Cybersecurity activists have termed the Indian government’s claim of making the source code of Aarogya Setu app public as half-truth.

Advertisement
Subscribe Join Us
Add as a preferred source on Google
Prefer
Firstpost
On
Google
Aarogya Setu not ‘open source’ in real sense, claim cybersecurity activists, say server code must be made public

On 26 May, NITI Aayog CEO Amitabh Kant announced in a press conference that the Aarogya Setu app would be made open-source from the midnight of 27 May. However, over two weeks on, some cybersecurity activists have questioned whether this has actually taken place, and have termed the government’s claim as half-truth. The Union government has stated that it has released the source code for the COVID-19 contact tracing on GitHub, a source code sharing platform. As on 12 June, there were 134 pull requests to the code and 257 issues had been flagged on the platform. A pull request is recorded when a user on the platform downloads code from the repository. [caption id=“attachment_8480211” align=“alignnone” width=“640”]A screenshot of the Aarogya Setu app github repository. Image courtesy: github A screenshot of the Aarogya Setu app github repository. Image courtesy: github[/caption] However, Akshay Dinesh, a medical professional and coder, said that the source code that has been made public is on a separate repository from the one that has been used for the current version of the app. Speaking with Firstpost, Dinesh said, “The government did not state that the code that it made public was a snapshot from a repository that was private. They did not give any reason for doing so either. In my opinion, this shows a complete lack of transparency. So, to call the Aarogya Setu app open source is a half-truth, and, in effect, a lie.” He further noted, “The Android app’s source code has been put in the public domain, but the code of the website it loads within the app (web.swaraksha.gov.in/ncv19) is nowhere to be seen. Even a snapshot of the code has not been made available.” The government’s decision to make the source code of the app came after sustained criticism from various quarters. One of these sources of criticism was a review by the  Masachusetts Institute of Technology (MIT), which gave the app only one out of five stars. The app was only given a positive rating on the point of ‘data destruction’, while it failed to meet the MIT’s criteria on limitations on usage of data, minimisation of data, transparency and being voluntary in nature. According to Anivar Aravind, a Bengaluru-based software engineer and public interest technologist, the announcement on making Aarogya Setu ‘open source’ appears to be an attempt to counter criticism from quarters such as the MIT. However, he, too, is not convinced by the government’s claims. Speaking with Firstpost, Aravind said, “A major concern with Aarogya Setu is that it collects more information than perhaps any other such contact tracing app. In this context, for there to be actual transparency, the server code has to be made public, not just the client-side code. Until this happens, the government’s claims of having brought in transparency remain suspect. Open sourcing Aarogya Setu is not an act of charity, but is something that must be done according to existing policies.” The policy that Aravind referred to was the Union Ministry of Communication and Information Technology’s ‘Policy on Adoption of Open Source Software for Government of India’, which was formulated in 2014. Section 3 of the policy states, “Government of India shall endeavour to adopt Open Source Software in all e-Governance systems implemented by various Government organisations, as a preferred option in comparison to closed source software (CSS)”. However, the policy does provide for an exception under Section 7, which states that “in certain specialised domains where OSS solutions meeting essential functional requirements may not be available or in case of urgent / strategic need to deploy CSS based solutions or lack of expertise (skill set) in identified technologies, the concerned Government Organisation may consider exceptions, with sufficient justification". It is not clear whether the Centre provided an official justification for not making the app open source initially, as envisaged in the policy. Aravind has filed a petition in the Karnataka High Court, contending that the government is not adhering to principles of data minimisation on Aarogya Setu. He has also argued that the Data Access Protocol for Aarogya Setu has no force of law, and can be used as an excuse to mandate the use of the app. During a hearing of the petition on 12 June, the Central Government told the court that downloading the app is not mandatory for people travelling by air or rail. However, Additional Solicitor General MB Nargund told the court that people who do not download the app will need to give a self-declaration. Firstpost attempted to get in touch with Ajay Prakash Sawhney, Secretary in the Ministry of Electronics and Information Technology (MEITY), over phone and email, but did not get a response. Nevertheless, a release by the Press Information Bureau (PIB) does state that the server code of Aarogya Setu will be made public, although no exact timeline has been announced yet. The release further states, “The app has over 114 million users as on 26 May, which is more than any other contact tracing app in the world… The key pillars of Aarogya Setu have been transparency, privacy and security and in line with India’s policy on Open Source Software, the source code of Aarogya Setu has now been made open source.” [caption id=“attachment_8480201” align=“alignnone” width=“640”]A screenshot of the Aarogya Setu app listed on the Google Play Store. As per the service, the app has been downloaded more than 10 crore times. Image Courtesy: Google Play Store A screenshot of the Aarogya Setu app listed on the Google Play Store. As per the service, the app has been downloaded more than 10 crore times. Image Courtesy: Google Play Store[/caption] While questions linger on whether the source code of Aarogya Setu has been made public in the real sense of the term, there are several other concerns as well. The Free Software Community of India — a collective of Free Software users, advocates and developers — pointed to the involvement of private players in the development of the app, and said, “Complete transparency would entail disclosure of the extent of such involvement, the processes followed in such public-private collaboration, including disclosure of tenders or contracts given to private companies for the work they contributed in the app, the guarantees available to the public about strict separation of data from the hands of private collaborators, and also details on procedures which allow more stakeholders, including civil society and rights activists, to shape the further development of the platform.” As per media reports, several individual volunteers have worked on the app, including former Google India executive Lalitesh Katragadda and MakeMyTrip founder Deep Kalra. But apart from concerns on security and transparancy, a broader question remains as to whether a contact tracing app would be significantly useful in the fight against COVID-19. Dinesh said, “My personal opinion is that a technological solution is an ill-advised misfit in our country. Our strengths are in community health workers and the decentralised health system that we have built over the decades. We should rely on that rather than assuming that we can mandate our way into making everyone walk around with a smartphone with Bluetooth on all the time.”

Tags
India privacy Bluetooth GPS Amitabh Kant Corona Location Location Tracking lockdown Open Source Niti Aayog Github coronavirus Coronavirus outbreak COVID 19 contact tracing COVID Aarogya Setu Aarogya Setu app MIT review of Aarogya Setu app
End of Article
Latest News
Find us on YouTube
Subscribe
End of Article

Impact Shorts

News18 SheShakti 2025: Voices of cinema, sport and music redefine nation-building

News18 SheShakti 2025: Voices of cinema, sport and music redefine nation-building

At News18 SheShakti 2025 Delhi, women from sports, cinema, and music discussed breaking barriers. Kriti Sanon and Sanya Malhotra focused on equity in cinema, Mira Erda and Ashalata Devi on sports challenges, and Kavita Krishnamurti stressed humility and perseverance for lasting success.

More Impact Shorts

Top Stories

Charlie Kirk, shot dead in Utah, once said gun deaths are 'worth it' to save Second Amendment

Charlie Kirk, shot dead in Utah, once said gun deaths are 'worth it' to save Second Amendment

From governance to tourism, how Gen-Z protests have damaged Nepal

From governance to tourism, how Gen-Z protests have damaged Nepal

Did Russia deliberately send drones into Poland’s airspace?

Did Russia deliberately send drones into Poland’s airspace?

Netanyahu ‘killed any hope’ for Israeli hostages: Qatar PM after Doha strike

Netanyahu ‘killed any hope’ for Israeli hostages: Qatar PM after Doha strike

Charlie Kirk, shot dead in Utah, once said gun deaths are 'worth it' to save Second Amendment

Charlie Kirk, shot dead in Utah, once said gun deaths are 'worth it' to save Second Amendment

From governance to tourism, how Gen-Z protests have damaged Nepal

From governance to tourism, how Gen-Z protests have damaged Nepal

Did Russia deliberately send drones into Poland’s airspace?

Did Russia deliberately send drones into Poland’s airspace?

Netanyahu ‘killed any hope’ for Israeli hostages: Qatar PM after Doha strike

Netanyahu ‘killed any hope’ for Israeli hostages: Qatar PM after Doha strike

Top Shows

Vantage Firstpost America Firstpost Africa First Sports
Latest News About Firstpost
Most Searched Categories
  • Web Stories
  • World
  • India
  • Explainers
  • Opinion
  • Sports
  • Cricket
  • Tech/Auto
  • Entertainment
  • IPL 2025
NETWORK18 SITES
  • News18
  • Money Control
  • CNBC TV18
  • Forbes India
  • Advertise with us
  • Sitemap
Firstpost Logo

is on YouTube

Subscribe Now

Copyright @ 2024. Firstpost - All Rights Reserved

About Us Contact Us Privacy Policy Cookie Policy Terms Of Use
Home Video Shorts Live TV