wordpress blog stats
Connect with us

Hi, what are you looking for?

Aarogya Setu vulnerability gave up users’ precise location data to Google

Aarogya Setu

COVID-19 contact tracing app Aarogya Setu had a vulnerability that released users' precise location data to Google, the government disclosed on April 26. In its statement, the government said that it patched the vulnerability at 4am that day. The statement said developers were tipped off about the vulnerability by The New York Times. The vulnerability kicked in when users filled out a self-assessment questionnaire to determine their COVID-19 infection risk based on symptoms and contacts. The app leaked users' location data to Google if they clicked on a YouTube link in a part of the questionnaire. The government did not say how many people took assessment tests so far, saying only that the number was "less than once per user" on average. https://twitter.com/SetuAarogya/status/1254392896096100352 Of late, the government has been on the defensive when it comes to the app's privacy. Before making this vulnerability public, the government pushed a notification to Aarogya Setu users informing them about a privacy policy change. But this only came three days after our report that the policy was changed without notice. However, privacy concerns still linger, as this disclosure underlines. Professor Subhashis Banerjee of IIT Delhi had said in a discussion about Aarogya Setu's privacy that the app's code should have been made public. “Making the source code open should be mandatory," he said. "When you are making a public application, it has to be eyeballed by many people. Basic ethics and propriety demands that to have happened.” Read: Aarogya Setu’s privacy risks and challenges to effectiveness, and how…

Please subscribe/login to read the full story.
Written By

I cover the digital content ecosystem and telecom for MediaNama.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

Studying the 'community' supporting the late Sushant Singh Rajput (SSR) shows how Twitter was gamed through organized engagement

News

Do we have an enabling system for the National Data Governance Framework Policy (NDGFP) aiming to create a repository of non-personal data?

News

A viewpoint on why the regulation of cryptocurrencies and crypto exchnages under 2019's E-Commerce Rules puts it in a 'grey area'

News

India's IT Rules mandate a GAC to address user 'grievances' , but is re-instatement of content removed by a platform a power it should...

News

There is a need for reconceptualizing personal, non-personal data and the concept of privacy itself for regulators to effectively protect data

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ