• Home
  • Apps
  • Apps News
  • Aarogya Setu App Code Gets Open Sourced, Bug Bounty Programme Announced

Aarogya Setu App Code Gets Open Sourced, Bug Bounty Programme Announced

The source code of the Aarogya Setu’s Android version is available on GitHub.

Share on Facebook Tweet Snapchat Share Reddit Comment
Aarogya Setu App Code Gets Open Sourced, Bug Bounty Programme Announced

Aarogya Setu app has already over 11.50 crore users in India

Highlights
  • Aarogya Setu code has been open sourced by NITI Aayog
  • MyGov will host a bug bounty programme
  • Aarogya Setu app is touted to have alerted over 1,40,000 people

NITI Aayog has open sourced the code of the Aarogya Setu app weeks after privacy concerns raised by various experts. The new move comes days after the contact tracing app crossed the mark of 10 crore registered users, 41 days after its launch in April. NITI Aayog has released the source code of Aarogya Setu's Android version, which it said is used by 98 percent of its total users. The state-owned policy think tank, however, has plans to open source the code of its iOS and KaiOS versions at a later stage as well.

The source code of the Aarogya Setu's Android version has been live on GitHub. National Informatics Centre (NIC) also announced a bug bounty programme to incentivise researchers finding flaws in the app. Furthermore, the NITI Aayog team specified that the source code of the iOS version of the Aarogya Setu app will be released within the next two weeks.

“I just want to point out that this is a very very unique thing to be done,” said NITI Aayog CEO Amitabh Kant while addressing a press conference pertaining to open sourcing the Aarogya Setu app on Tuesday. “No other government product anywhere in the world has been open sourced at this scale anywhere in the world.”

The Aarogya Setu app currently has over 11.50 crore registered users across all supported platforms. During the conference, Kant highlighted that the app already helped more than 1,40,000 people by alerting them about the potential risk of the coronavirus infection using its intrinsic contact tracing technology.

Security experts raised privacy concerns and urged the government to open source the code of the Aarogya Setu app soon after its debut last month. NITI Aayog, however, up until now pushed the open sourcing process with a view to regularly maintain the existing system. Nevertheless, the team is set to release all subsequent updates of the app through its repository on GitHub aside from releasing the existing code.

"The improvements announced today are a welcome development,” said Mishi Choudhary of legal services organisation SFLC.in. “Aarogya Setu should always have been open source, right from the get go and everything developed by the Government of India should always be open source as that's tax payers' money. We will be verifying that all code is open source and global best practices are followed.”

"I am glad that demands I had made about open source, bug bounties, detailed documentation are being followed,” she added. "Work to ensure that the app doesn't mutate into any other vehicle that plays with sensitive information of such a large population should continue. GoI must also ensure that the de facto mandatory nature of the app should be addressed and people aren't discriminated based on it. It must always remain voluntary."

Some experts believe that open sourcing the app code is the first step towards improving user trust and security.

"While the move will go a long way in improving user trust and security, some significant steps remain before the app's infrastructure can be called truly open source," said Udbhav Tiwari, Public Policy Advisor, Mozilla. "This includes open sourcing the server-side code and ensuring that the app is built exclusively from its public repository."

The team behind the Aarogya Setu app has promised to release the server code in the coming weeks. However, a concrete release date is yet to be announced. 

Bounties for finding bugs and vulnerabilities
Aside from open sourcing the code, the government has launched the bug bounty programme that will be hosted by the MyGov team. The programme will enable security researchers to avail a Rs. 1 lakh worth of bounty for finding security vulnerabilities within the app. Furthermore, there will be an additional code improvement bounty of Rs. 1 lakh.

Details of the bug bounty program will be listed online on the MyGov website, although at the time of writing the site did not have the details visible.


In 2020, will WhatsApp get the killer feature that every Indian is waiting for? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Jagmeet Singh Jagmeet Singh writes about consumer technology for Gadgets 360, out of New Delhi. Jagmeet is a senior reporter for Gadgets 360, and has frequently written about apps, computer security, Internet services, and telecom developments. Jagmeet is available on Twitter at @JagmeetS13 or Email at jagmeets@ndtv.com. Please send in your leads and tips. More
For Some Indian Tech Companies, COVID-19 Has Been an Opportunity
Nokia Shuts Plant in Tamil Nadu After 42 Test Positive for Coronavirus

Related Stories

Read in: हिंदी
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com