Tuesday, December 24, 2024
Advertisement
  1. You Are At:
  2. News
  3. Fyi
  4. Why Aarogya Setu app tracks user's location and why it's not a security risk

Why Aarogya Setu app tracks user's location and why it's not a security risk

Aarogya Setu has responded to claims of a potential security issue with respect to monitoring of user's location via the app that has been specifically designed to curb the spread of coronavirus in India. The team responsible for running the app discussed the issue of privacy with an ethical hacker.

Edited by: India TV News Desk New Delhi Published : May 06, 2020 10:10 IST, Updated : May 06, 2020 13:18 IST
Aarogya Setu responds to ethical hacker on questions of

Aarogya Setu responds to ethical hacker on questions of potential security issue 

Aarogya Setu has responded to claims of potential security issue with respect to monitoring of user's location via the app that has been specifically designed to curb the spread of coronavirus in India. The team responsible for running the app discussed the issue of privacy with an ethical hacker. "Earlier today, we were alerted by an ethical hacker of a potential security issue of Aarogya Setu. We discussed with a hacker and were made aware of the following," team Aarogya Setu tweeted from the app's official twitter handle.

The hacker reportedly raised concerns of the App fetching user location on a few occasions. To this the Aarogya Setu team responded -- "This is by design and is clearly detailed in the privacy policy. Reproducing the same for everyone's benefit. We fetch a user's location and store on the server in a secure encrypted, anonymized​ manner at the time of registration, at the time of self-assessment and when a user submits their contact tracing data voluntary through the app or when we fetch the contact tracing data of a user after they have turned COVID-19 positive."

India Tv - Aarogya Setu responds to ethical hacker on questions of potential security issue

Image Source : AAROGYA SETU

Aarogya Setu responds to ethical hacker on questions of potential security issue 

The second concern raised by the hacker was -- User can get the COVID-19 stats displayed on the hom screen by changing the radius and latitude-longitude using a script. Team Aarogya Setu responded to this with a detailed clarification. 

"The radius parameters are fixed and can only take one of the five values: 500 meters, 1km, 2km, 5km and 10km. These values are standard parameters poster with HTTP headers. Any other value as part of the 'distance' HTTP header gets defaulted to 1km. The user can change the latitude/longitude to get the data for multiple locations. The API call though is behind a Web Application Firewall, and hence bulk calls are not possible. Getting data for multiple latitude, longitude this way is no different than asking several people of their locations' COVID-19 statistics. All this information is already public for all locations and hence does not compromise on any personal or sensitive data," the team clarified. 

 

Advertisement

Read all the Breaking News Live on indiatvnews.com and Get Latest English News & Updates from Fyi

Advertisement
Advertisement
Advertisement
Advertisement