Update (April 17 9:38 am): We received a notification from Aarogya Setu at 9:04 am this morning, notifying us of changes made to the Privacy Policy on April 12. This notification was sent 5 days after the privacy policy was actually updated. [caption id="attachment_213476" align="aligncenter" width="550"] Notification by Aarogya Setu sent this morning. Credit: Aroon Deep[/caption] Just as quietly the government of India launched its COVID-19 contact tracing app, Aarogya Setu on April 2, it updated its privacy policy without notifying users. The government also updated the app and introduced new features. Since Prime Minister Narendra Modi has urged everyone to download this app and it has already been downloaded 10 million times from the Google Play Store since its launch, it is necessary to examine whether this app preserves people's privacy or squanders it. Readers can find the old policy (here), new policy (here), and our word-by-word comparison of the two policies here. Most importantly, the privacy policy does not mention anywhere that this is a temporary app meant to be used only for contact tracing during the COVID-19 pandemic. This suggests that the app and underlying technology could be used for purposes beyond contact tracing. Note that, in the updated app, once a user gives permission to access location and Bluetooth data, we could not find the Privacy Policy again, and had to re-install the app to get to it again. Some points to note about the changes: 1. Users not notified of the change in privacy policy:…
