The above information is not displayed on an iOS device. Under the option to delete data, the app says, “You can permanently delete your account and erase all data”. When we chose to delete our account on an iOS device, it immediately took us to the first screen that pops up when you download the app afresh. The app did not ask us to enter our personal information (name, gender, age, travel history, profession, etc.) again and showed our status as “Safe” without us having retaken the self-assessment test after account deletion, thereby suggesting that our data was indeed retained, probably because PII and self-assessment test results are uploaded to government servers on registration and taking the test, respectively.
And in a one step (or rather half step) forward, two steps backwards situation, it introduced two new feature on iOS devices (version 2.0.0) — Status Check and Approvals. Status Check allows users to check the Aarogya Setu status of close ones by adding their account through a QR account. Approvals (hat tip: Aroon Deep, Pranav Dixit) allow external, third party apps to access the user’s Aarogya Setu status. (Update July 17 8:38 pm) Status Check and Approvals have now been introduced for Android devices as well.
iOS version of the app now also offers the option to view recent Bluetooth contacts, a feature that was released on Android on July 3.
Status Check is ripe for abuse
To check the Aarogya Setu status of a “close one”, the user has to add their number by selecting “Add Account”. It works only if the other user also has Aarogya Setu. The other option is that the use can choose to share their status with another user. This is what we tried. When we choose to “Generate and Share your code”, a code is generated that is valid for 45 minutes which can be shared with another user. Our status was then visible to the other user. This feature is only available for iOS devices as of now. We couldn’t share our code with an Android user since their app did not let them add the code.
While Status Check has been developed to check the Aarogya Setu status of “your close ones from one place”, in a country where despite being voluntary, multiple government departments and private companies have made its use obligatory for employment, access to services, etc., this option can be easily used to create a real-time database of employees’ Aarogya Setu status.
Approvals for third-party apps, users
Aarogya Setu was released on a slippery slope that turned particularly steep when the government made it mandatory for all employees on May 1. It is only after significant criticism that it rolled back its decision in revised instructions for the next phase of the lockdown and “advised” its use on a “best efforts basis”. By allowing access to third-party apps and users to access Aarogya Setu status, it just makes it easier for employers to surveill their employees, and other people to abuse the system. And it also creates an opportunity for third party apps, especially health apps, to access more health data at a later date.
We already know that this app is the building block for the National Health Stack that is being developed by private players through a private lobby. And despite its initial claim that it was not involved in developing this app as a company, MakeMyTrip CEO finally acknowledged during the earnings call that the company’s developers developed this app.
Also read: Who made Aarogya Setu? A list
***Update (July 7, 2020 2:18 pm): Updated with more details about Status Check. Links added throughout the article. Originally published on July 6 at 7:59 pm.