Aarogya Setu App Code Requires Open Sourced, Bug Bounty Programme Announced

NITI Aayog has open sourced the code of This Aarogya Setu app weeks Following privacy concerns raised by various Pros.
The new move comes days after the contact tracing app crossed the mark of 10 crore registered consumers, 41 days after its launching in April. NITI Aayog has released the source code of Aarogya Setu’s Android version, which it is used by 98 percent of its total users. The state-owned policy think tank, but has plans to open source the code of its own iOS and KaiOS models at a later point as well.
The source code of the Aarogya Setu’s Android version has been dwell on GitHub. Additional the NITI Aayog group specified the source code of the iOS version of the Aarogya Setu program is going to be released within the next two weeks.
“I only need to point this out is quite a very unique thing to be achieved,” said NITI Aayog CEO Amitabh Kant while addressing a press conference pertaining to open sourcing the Aarogya Setu app on Tuesday. “No other government product anywhere in the world was sourced at this scale anywhere on the planet.”
The Aarogya Setu app now has over 11.50 crore registered users across all supported platforms. During the seminar, Kant highlighted the program already helped over 1,40,000 individuals by alerting them about the possible risk of the coronavirus disease using its intrinsic contact tracing technology.
Security experts raised privacy concerns and urged the government to open source the code of their Aarogya Setu program soon after its introduction last month. NITI Aayog, however, up until today pushed the open sourcing process with a view to routinely maintain the present system. Nonetheless, the team is set to launch all subsequent upgrades of this app through its repository GitHub besides releasing the existing code.
“The improvements announced today are a welcome improvement,” said Mishi Choudhary of legal services firm SFLC.in. “Aarogya Setu must always have been open source, right from the get go and that which developed by the Government of India must always be open source as that’s tax payers’ money. We’ll be verifying that all code is open source and global best practices are followed.”
“I am glad that demands I’d made about open source, bug bounties, detailed documentation are being followed,” she added. “Work to ensure that the program does not mutate into some other vehicle that performs with sensitive information about such a massive population should last. GoI must also ensure that the de facto mandatory nature of the program ought to be addressed and people are not discriminated according to it. It has to always remain voluntary.”
Some specialists think that open sourcing the program code is the first step towards improving user confidence and security.
“While the transfer goes a long way in improving user confidence and security, some significant steps remain before the app’s infrastructure can be called really open source,” explained Udbhav Tiwari, Public Policy Advisor, Mozilla. “This includes open sourcing the server-side code and ensuring that the app is built exclusively from its public repository.”
The team behind the Aarogya Setu program has promised to release the server code at the forthcoming weeks. But a definite release date is yet to be announced.
Bounties for finding bugs and vulnerabilities
Aside from open sourcing the code, the government has launched the insect management programme that will be hosted with the MyGov team. The programme will enable security researchers to avail a Rs. 1 lakh worth of bounty for finding security vulnerabilities inside the app. What’s more, there’ll be an extra code improvement bounty of Rs. 1 lakh.
Particulars of this insect program will be recorded online on the MyGov site , although in the time of composing the website didn’t have the details observable.


Share this post

Post Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.