Aarogya Setu Goes Open Source

India's Covid-19 tracking app Aarogya Setu

Indian government amid concerns over the security of the Covid-19 tracking app Aarogya Setu, made it open source with the aim of bringing transparency and improvement in the app.
Complete Coverage: Coronavirus

Crux of the Matter

History of Aarogya Setu
The app’s motive is to monitor the live location and trace the travel history of the user. It also has the health record of the user. As per the Government, Aarogya Setu uses the live location and Bluetooth-based proximity to keep track of an individual. More than 100 million people have downloaded the app so far and 98 % of users use it on Android devices.

In a press release, the Ministry of Electronics & Information Technology (MEITY) said that this app tracked around 9 lakh people related to Covid-19 positive cases and helped find 24% Covid-19 positive cases.

However, the app drew criticism and concerns over data security and Terms of Use from Cyberlaw activists and critics. Internet Freedom Foundation (IFF) was at the forefront while addressing the issue. Software developers and experts demanded the government to allow reverse engineering of the app and to publish the source code of the app.

Government’s Action
The government responded to the concerns and have made the Aarogya Setu an open-source software. As of now, only the Android version of the app has been made open source. It is expected that next week the government will make iOS version of the app open source.

Open source means that anyone can open, analyze, change, and use the original code of the software without acquiring the license to do so to develop a separate derivative software. One just has to acknowledge the owner of the app or the original code. VLC media player, WordPress, Mozilla Firefox, etc are some of the open-source software.

The government has said that this is taken in order to promote transparency of the app. The government has also launched a bounty of ₹1 lakh for anyone who can find loopholes and vulnerabilities in the app.

Problem Solved?
By making the app open source, any software developer will be able to go through the code. The move is expected to help find vulnerabilities and loopholes in the app. One can address the problems by writing fresh codes or suggesting these to the government. Cyber experts have also demanded the government to release the server-side code of the app to address the issue effectively. Moreover, it is too early to say whether this move will address security and privacy concerns.

However, open sourcing the code can also be misused by miscreants in multiple ways. It can make any vulnerability easily transparent to the public at large. Also, others can make copycat apps that redirect user data to their servers.

Other Open Source Covid Tracking Apps

  • Czech Republic government’s Covid-19 tracking App eRouška (eFacemask)
  • Singapore’s TraceTogether Covid App
  • Austria’s Stopp Corona App
  • UK’s NHS COVID-19
  • Australia’s COVIDSafe App
  • A 2008 report by the Standish Group stated that the adoption of open-source software models has resulted in savings of about $60 billion per year for consumers.
  • A 1997 paper on analysis of the hacker community and free-software principles received significant attention in the early 1998 and was one factor in motivating Netscape Communications Corporation to release their popular Netscape Communicator Internet suite as free software. This source code subsequently became the basis behind SeaMonkey, Mozilla Firefox, Thunderbird, and KompoZer.
  • Open Source for America is a group created to raise awareness in the United States Federal Government about the benefits of open-source software. Their stated goals are to encourage the government’s use of open-source software, participation in open-source software projects, and incorporation of open-source community dynamics to increase government transparency.