wordpress blog stats
Connect with us

Hi, what are you looking for?

Indian government releases COVID-19 contact tracing app

aarogya setu

Update (6:31 pm): The government of India issued a press release, announcing the launch of Aarogya Setu. Arnab Kumar, the Program Director of Frontier Technologies at NITI Aayog, confirmed its authenticity to MediaNama. As per the press release, the app has been developed through a public private partnership (PPP) under the guidance of National Informatics Centre. Kumar refused to tell us who the private partners for this app are. The app has “privacy-first by design and as an essential element”.

Earlier: As the number of positive cases soar in the country, the Indian government today quietly released a COVID-19 contact tracing app for Android and iOS devices. The Aarogya Setu app — meaning “bridge of health” — uses Bluetooth and location services to track if a user came into contact with a person “who could have tested COVID-19 positive”. If a user of this app tests positive, the government will contact all other registered users that the infected person came in contact with over the last 30 days. According to its terms of use, the government cannot be held liable for the app’s accuracy.

The app was developed by developed by National Informatics Centre (NIC). This might be the CoWin-20 app that NITI Aayog was developing. NITI Aayog refused to comment whether it is the same app and which companies were involved.

The government is racing to trace contacts of COVID-19 positive people, especially as the Health Ministry has identified 20 existing and 22 potential “hotspots” of the virus in the country. At the time of publication, 1,965 had been diagnosed with the virus and 50 people had died because of it, according to the Health Ministry. Authorities are prepping for Stage 3 (community transmission), even though the government has maintained that community transmission of the virus has not taken place yet.

Other countries, such as Singapore, have developed similar contact tracing apps to contain the pandemic and its spread through community transmission.

Advertisement. Scroll to continue reading.

A close look at the app

MediaNama tested the app on iOS and here are our observations:

  • Uses Bluetooth and location services: The app recommends that device location and Bluetooth be always switched on. For some reason, the app also wanted us to allow it to connect to Bluetooth accessories. In settings, the app says, “Accessed by GoI only to enable relevant and timely medical intervention for COVID-19”.
  • Personal data stored locally on the device: As per Terms of Use, “all necessary information” about the other registered user is collected and stored on the app on your device. As per the Privacy Policy, this includes name, phone number, age, sex, profession, countries visited in the last 30 days, and whether or not you are a smoker, along with time and exact GPS location. We weren’t asked about smoking when we tested the app. All data stored in the apps of other users is encrypted, and cannot be accessed by the other user.

    The app requires access to Bluetooth and location services to operate. Mobile number is mandatory. Data is only shared with government of India. Screenshots from Aarogya Setu.

  • Only mobile number is compulsory for contact tracing: Giving a mobile number is must for “contact tracing”, but details such as name, age, gender, profession (restricted to essential services such as healthcare workers, law enforcement, delivery, etc.), and international travel history/contact with COVID-19 positive patients are not.
  • On testing positive, advisory sent to all registered user the infected person was in contact with: The mobile number will be used to trace back all the active devices that were in close radius of the person in the last 14 days. If someone tests positive, all such contacts will be sent an advisory on whether they need to self-isolate or get themselves tested. It is not clear what kind of personal information will be shared in the advisory.
  • Self-assessment test can easily be manipulated: The app also allows you to take a self-assessment test through a chat bot. Apart from our phone number (to get the OTP), we did not submit any personally identifiable information and were still able to take the test. Depending on your gender, age, symptoms, medical history, and potential exposure to the virus (as a healthcare worker, or via international travel, or through proximity to a known COVID-19 patient), the app evaluates your risk and recommends if you need to isolate yourself, log temperature, or get tested immediately.

Depending on the responses to the chat bot, the app recommends further course of action. Screenshots from Aarogya Setu.

  • Device must be with the person at all times as per the Terms of Use. They cannot not share it with anyone else, or allow them to use it.

Anonymised data shared with the government of India, except in COVID-19 positive cases: The app states, “Your Data will be shared only with the Government of India. The App does not allow your name and number to be disclosed to the public at large at any time”. As per the Privacy Policy, all personal information is stored locally on the user’s device, and will be used by the Government of India (via the cloud) “in anonymized, aggregated datasets for the purpose of generating reports, heat maps and other statistical visualisations for the purpose of the management of COVID-19 in the country” or if the user tests positive for COVID-19, or comes in contact with someone who has tested positive. In the latter case, personal information may she shared with other people “to carry out necessary medical and administrative interventions”. Data is not shared with any other third party.

Use of data limited to medical reasons: The Privacy Policy makes it clear that personal information will not be used for any other purposes except to “comply with a legal requirement”.

Data deleted after 30 days, but with caveats: The Privacy Policy says that data will be deleted 30 days after deletion of account. However, it is not clear how the account can be deleted. Is deleting the app enough? Location information of other registered users who come in contact with will be deleted and “purged from the App” after 30 days, so long as neither of the users test positive for COVID-19. This data retention policy does not apply to anonymised/aggregated data or reports/heat maps/visualisations created through anonymised data.

***Update (6:31 pm): Updated with press release from the government.

***Update (4:48 pm): Prashant Tandon, the co-founder of 1mg, has categorically denied the involvement of the company in the development of Aarogya Setu. The story has been edited accordingly to reflect this. The headline has also been updated. Originally published on April 2 at 3:09 pm.

Advertisement. Scroll to continue reading.
Written By

Send me tips at aditi@medianama.com. Email for Signal/WhatsApp.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

News

In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...

News

By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

News

By Stella Joseph, Prakhil Mishra, and Yash Desai The Government of India circulated proposed amendments to the Consumer Protection (E-Commerce) Rules, 2020 (“E-Commerce Rules”) which...

You May Also Like

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ