Aarogya Setu app exposed some user information to YouTube, defect fixed now

Aarogya Setu app exposed some user information to YouTube, defect fixed now

Aarogya Setu has grown one of the critical means for the government in its aims to curb coronavirus infections in the country through contact-tracing.

The government is performing a lot of effort to familiarise the app and has repeatedly requested Indians to download it on their phones. But there are privacy concerns as well, around the usage of the app.

Aarogya Setu, the contact-tracing app, which is the gossip of the town and has gotten over 75 million downloads, recently exposed some users’ data, including location data, to YouTube. The security bug got to light when the New York Times wrote about it. It has now been fixed, Aarogya Setu wrote in a statement.

The app probably exposed location data, including longitude and latitude, of a user in certain usage conditions. “Recently, Team Aarogya Setu was made informed that if a user performed an extraordinary set of actions, YouTube could obtain the anonymized latitude and longitude of the user,” the report by Aarogya Setu noted.

But it stated that only the location data was exposed. No other data, and particularly no data that could have shared the identity of a user was leaked to YouTube.

“When a user named a self-assessment in the app, and then quickly scrolled down to the YouTube iframe, a referral header containing latitude-longitude information with no other personal identifier was noticeable to Google,” noted the app.

The statement stated that the Aarogya Setu team knew the source of the vulnerability and fixed it at 4 AM on April 26.

Unlike the contact-tracing apps that many additional countries are adopting, the Aarogya Setu app captures both Bluetooth and location data. Many other such apps, including the ones based on Google and Apple’s connection tracking technology, only use Bluetooth.

At the very time, there are statements that the government intends to use the Aarogya Setu app as an access control app through its e-pass feature, which is deemed to be rolled out soon.

The e-pass feature is likely to rate people into Green, Orange, and Red categories, with people with the Green e-pass getting access to all public areas, while people in Red and Orange will be required to go in self-quarantine.

Recently, there was a report that the app will be managed by Central Industrial Security Force (CISF) and Delhi Metro to screen people who want to use the service once lockdown is lifted. Also, recently Zomato and Urban Company made the app compulsory for their delivery and service executives.

Microsoft co-founder Bill Gates has praised the Indian government for using technology in the fight for COVID-19. “I’m glad (Indian) government is fully utilizing its exceptional digital capabilities in its COVID-19 response and has launched the Aarogya Setu digital app for coronavirus tracking, contact tracing, and to join people to health services,” the Microsoft co-founder stated in a letter. If you remember, Bill Gates is also a fan of India’s Aadhaar project and has appreciated it, although many specialists believe Aadhaar too has privacy implications.

Source: India Today

Leave a Reply

Your email address will not be published. Required fields are marked *