Until June 26 midnight, cybersecurity researchers residing in India can be rewarded up to ₹1,00,000 per security vulnerability that they find in Aarogya Setu's Android app and up to ₹1,00,000 for suggesting code improvements. MyGov CEO Abhishek Singh and National Informatics Centre (NIC) Director General Dr Neeta Verma had announced the bug bounty programme at the press conference on May 26 announcing the open-sourcing of Aarogya Setu's Android code. MyGov released the details for the bounty on its website. This comes at the heels of an update to the app's Terms of Service, which removed a prohibition on reverse engineering the app and created a mechanism for people to report defect and bugs in the app that they find. The programme allows researchers to report two things: security/privacy flaws, and improvements that can be made to the source code. How can security researchers report bugs and improvements?To report security/privacy flaws, researchers can send an email to as-bugbounty@nic.in with the subject "Security Vulnerability Report". The Aarogya Setu team will first verify the existence of the vulnerability and then patch it. Only such responsible disclosures that haven't been revealed publicly before resolution will be eligible for reward. To suggest improvements to the source code, researchers can send an email to as-bugbounty@nic.in with the subject "Code Improvement". Researchers must send detailed program code change, test data and a proof of concept (PoC) showing the impact of the change, and ensure that the change should work on all supported devices (Android v 5.0 and later) with…
