wordpress blog stats
Connect with us

Hi, what are you looking for?

Aarogya Setu’s backend code released on OpenForge

Aarogya Setu, JNU

Aarogya Setu’s backend code has been released on government-owned open source repository OpenForge (available here). With this, the source codes of the Android and iOS apps, and of the backend servers have been placed in open domain; only the source code of KaiOS app remains unreleased.

Anivar Aravind, a public interest technologist and part of SFLC.in’s advisory board, tweeted, “The demand was not forsome [sic] random backend code snippets. It was for server code, deploy functions and verifiable builds from free and open source repositories. This @NICMeity effort looks like an effort to fool people with some nonfunctional code snippets as ‘Backend code’“. Aravind has filed a PIL in the Karnataka High Court seeking a permanent injunction against the app and had also asked for the server side code to be open sourced.

The government of India had put the source code of the Android client in the public domain via GitHub on May 27. However, NIC-CERT had later said that the Aarogya Setu code on GitHub is “test backend code”, not the “production code”. While announcing the open sourcing of Android source code, the National Informatics Centre (NIC) had also announced a Bug Bounty Programme; submissions for which were accepted until June 26. Despite receiving 1,451 submissions through the programme, the NIC has not yet declared the winner(s).

The iOS source code was released in the public domain on August 10 without any such ceremony. Unlike the Android code, the iOS code was released on OpenForge and had no Bug Bounty Programme attached to it. In a Right to Information response to MediaNama on September 30, the NIC said that the results for the Android Bug Bounty Programme would be announced “shortly”, as would a Bug Bounty Programme for the iOS app.

Since its launch on April 2, the Indian government’s contact tracing app has been mired in one controversy after another. Unlike contact tracing apps used in other countries, that only rely on Bluetooth, Aarogya Setu also tracks a users’ location. This, along with other features of the app as well as its iterative Privacy Policy and Terms and Conditions have raised significant concerns around its incursions into people’s privacy. As it is, the app is envisioned as the first building block of India’s National Health Stack.

The Ministry of Home Affairs made the app mandatory for all employees across the country on May 1. In its subsequent lockdown order, however, the MHA made it voluntary. Despite that, a number of public and private entities have been making the app a mandatory requirement for access to services and locations.

Read more:

You May Also Like


The Singapore government has confirmed that data from its coronavirus contact tracing app TraceTogether can be used by law enforcement for criminal investigations. Speaking...


The Bombay High Court on Wednesday issued notice to the central government in response to a plea challenging the de-facto imposition of Aarogya Setu...


The Kerala government has formed a new three-member committee to study a report prepared by a previous committee on the issues related to engaging...


Global smartphone shipments are forecasted to grow 2.4% year-over-year between October and December, followed by 4.4% year-over-year growth in 2021, according to projections from...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to Daily Newsletter

    © 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ