Three months after the app was launched, Aarogya Setu finally lets its users delete their account in an update released to the app on iOS and Android devices today. Well, kind of. As per information displayed while deleting the account on an Adroid device (iOS did not tell us what deleting our account would do), deleting the account means erasing information from government servers 30 days after account is deleted, deleting all app data from the phone, and permanently cancelling your registration. So this feature basically does nothing because earlier too, deleting the app meant that all data stored on the device (location and Bluetooth data not yet uploaded to the server) was deleted, but personal information (name, gender, age, profession, travel history), which was uploaded to the government server on registration, would be retained for 30 days even after the app was deleted. The question is whether data of users who are tested for COVID-19 is also deleted from government servers if they request for account deletion because as per the Privacy Policy, if users test negative, the data is retained for 45 days, and if they test positive, it is retained for 60 days after they are declared COVID-19 free.

What it says when you try to delete the account on an Android device. Credit: Aroon Deep

The above information is not displayed on an iOS device. Under the option to delete data, the app says, “You can permanently delete your account and erase all data”. When we chose to delete our account on an iOS device, it immediately took us to the first screen that pops up when you download the app afresh. The app did not ask us to enter our personal information (name, gender, age, travel history, profession, etc.) again and showed our status as “Safe” without us having retaken the self-assessment test after account deletion, thereby suggesting that our data was indeed retained, probably because PII and self-assessment test results are uploaded to government servers on registration and taking the test, respectively.

And in a one step (or rather half step) forward, two steps backwards situation, it introduced two new feature on iOS devices (version 2.0.0) — Status Check and Approvals. Status Check allows users to check the Aarogya Setu status of close ones by adding their account through a QR account. Approvals (hat tip: Aroon Deep, Pranav Dixit) allow external, third party apps to access the user’s Aarogya Setu status. (Update July 17 8:38 pm) Status Check and Approvals have now been introduced for Android devices as well.

iOS version of the app now also offers the option to view recent Bluetooth contacts, a feature that was released on Android on July 3.

Aarogya Setu new features

New features as seen on the iOS client, version 2.0.0.

All this while the Privacy Policy and Terms of Use have not been updated to reflect these new features, data sharing and permissions.

Status Check is ripe for abuse

To check the Aarogya Setu status of a “close one”, the user has to add their number by selecting “Add Account”. It works only if the other user also has Aarogya Setu. The other option is that the use can choose to share their status with another user. This is what we tried. When we choose to “Generate and Share your code”, a code is generated that is valid for 45 minutes which can be shared with another user. Our status was then visible to the other user. This feature is only available for iOS devices as of now. We couldn’t share our code with an Android user since their app did not let them add the code.

Aarogya Setu

Status Check on Aarogya Setu on iOS

Aarogya Setu share status

Aarogya Setu now lets iOS users share their risk status with other iOS users.

While Status Check has been developed to check the Aarogya Setu status of “your close ones from one place”, in a country where despite being voluntary, multiple government departments and private companies have made its use obligatory for employment, access to services, etc., this option can be easily used to create a real-time database of employees’ Aarogya Setu status.

Approvals for third-party apps, users

Aarogya Setu was released on a slippery slope that turned particularly steep when the government made it mandatory for all employees on May 1. It is only after significant criticism that it rolled back its decision in revised instructions for the next phase of the lockdown and “advised” its use on a “best efforts basis”. By allowing access to third-party apps and users to access Aarogya Setu status, it just makes it easier for employers to surveill their employees, and other people to abuse the system. And it also creates an opportunity for third party apps, especially health apps, to access more health data at a later date.

Two categories of approvals are available here: apps and users on iOS

We already know that this app is the building block for the National Health Stack that is being developed by private players through a private lobby. And despite its initial claim that it was not involved in developing this app as a company, MakeMyTrip CEO finally acknowledged during the earnings call that the company’s developers developed this app.

Opacity around its development and function creep that is retrospectively legitimised through updated Terms of Use are extremely concerning developments.

Also read: Who made Aarogya Setu? A list

***Update (July 7, 2020 2:18 pm): Updated with more details about Status Check. Links added throughout the article. Originally published on July 6 at 7:59 pm.