wordpress blog stats
Connect with us

Hi, what are you looking for?

Aarogya Setu now lets you delete your account, share risk status with other apps and users

aarogya setu

Three months after the app was launched, Aarogya Setu finally lets its users delete their account in an update released to the app on iOS and Android devices today. Well, kind of. As per information displayed while deleting the account on an Adroid device (iOS did not tell us what deleting our account would do), deleting the account means erasing information from government servers 30 days after account is deleted, deleting all app data from the phone, and permanently cancelling your registration. So this feature basically does nothing because earlier too, deleting the app meant that all data stored on the device (location and Bluetooth data not yet uploaded to the server) was deleted, but personal information (name, gender, age, profession, travel history), which was uploaded to the government server on registration, would be retained for 30 days even after the app was deleted. The question is whether data of users who are tested for COVID-19 is also deleted from government servers if they request for account deletion because as per the Privacy Policy, if users test negative, the data is retained for 45 days, and if they test positive, it is retained for 60 days after they are declared COVID-19 free.

What it says when you try to delete the account on an Android device. Credit: Aroon Deep

The above information is not displayed on an iOS device. Under the option to delete data, the app says, “You can permanently delete your account and erase all data”. When we chose to delete our account on an iOS device, it immediately took us to the first screen that pops up when you download the app afresh. The app did not ask us to enter our personal information (name, gender, age, travel history, profession, etc.) again and showed our status as “Safe” without us having retaken the self-assessment test after account deletion, thereby suggesting that our data was indeed retained, probably because PII and self-assessment test results are uploaded to government servers on registration and taking the test, respectively.

And in a one step (or rather half step) forward, two steps backwards situation, it introduced two new feature on iOS devices (version 2.0.0) — Status Check and Approvals. Status Check allows users to check the Aarogya Setu status of close ones by adding their account through a QR account. Approvals (hat tip: Aroon Deep, Pranav Dixit) allow external, third party apps to access the user’s Aarogya Setu status. (Update July 17 8:38 pm) Status Check and Approvals have now been introduced for Android devices as well.

iOS version of the app now also offers the option to view recent Bluetooth contacts, a feature that was released on Android on July 3.

Aarogya Setu new features

New features as seen on the iOS client, version 2.0.0.

All this while the Privacy Policy and Terms of Use have not been updated to reflect these new features, data sharing and permissions.

Status Check is ripe for abuse

To check the Aarogya Setu status of a “close one”, the user has to add their number by selecting “Add Account”. It works only if the other user also has Aarogya Setu. The other option is that the use can choose to share their status with another user. This is what we tried. When we choose to “Generate and Share your code”, a code is generated that is valid for 45 minutes which can be shared with another user. Our status was then visible to the other user. This feature is only available for iOS devices as of now. We couldn’t share our code with an Android user since their app did not let them add the code.

Aarogya Setu

Status Check on Aarogya Setu on iOS

Aarogya Setu share status

Aarogya Setu now lets iOS users share their risk status with other iOS users.

While Status Check has been developed to check the Aarogya Setu status of “your close ones from one place”, in a country where despite being voluntary, multiple government departments and private companies have made its use obligatory for employment, access to services, etc., this option can be easily used to create a real-time database of employees’ Aarogya Setu status.

Approvals for third-party apps, users

Aarogya Setu was released on a slippery slope that turned particularly steep when the government made it mandatory for all employees on May 1. It is only after significant criticism that it rolled back its decision in revised instructions for the next phase of the lockdown and “advised” its use on a “best efforts basis”. By allowing access to third-party apps and users to access Aarogya Setu status, it just makes it easier for employers to surveill their employees, and other people to abuse the system. And it also creates an opportunity for third party apps, especially health apps, to access more health data at a later date.

Advertisement. Scroll to continue reading.

Two categories of approvals are available here: apps and users on iOS

We already know that this app is the building block for the National Health Stack that is being developed by private players through a private lobby. And despite its initial claim that it was not involved in developing this app as a company, MakeMyTrip CEO finally acknowledged during the earnings call that the company’s developers developed this app.

Opacity around its development and function creep that is retrospectively legitimised through updated Terms of Use are extremely concerning developments.

Also read: Who made Aarogya Setu? A list

***Update (July 7, 2020 2:18 pm): Updated with more details about Status Check. Links added throughout the article. Originally published on July 6 at 7:59 pm.

Written By

Send me tips at aditi@medianama.com. Email for Signal/WhatsApp.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

While the market reality of popular crypto-assets like Bitcoin may undergo little change, the same can't be said for stablecoins.

News

Bringing transactions related to crypto-assets within the tax net could make matters less fuzzy.

News

Loopholes in FEMA and the decentralised nature of crypto-assets point to a need for effective regulations.

News

The need of the hour is for lawmakers to understand the systems that are amplifying harmful content.

News

For drone delivery to become a reality, a permissive regulatory regime is a prerequisite.

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ