The backend code of the Aarogya Setu app is now available at the Open Forge platform set up by the govt to promote sharing and reuse of e-gov app source code. The aim is to encourage collaboration between govt agencies, private firms, and developers to promote innovation in e-gov apps and services. The source code of the Android and iOS versions is already available. Aarogya Setu, launched in April, is downloaded by more than 16.43 cr people.
The government said that it has developed the contract tracing app Aarogya Setu in collaboration with private sector. Earlier, CIC issued a show-cause notice to MEITY, NIC and NeGD for withholding information and providing an evasive reply to a RTI application on Aarogya Setu. In its response, the Centre said the Aarogya Setu was developed in record 21 days in lockdown and was appreciated by WHO. The app has 16.23 cr downloads.
Quick Heal Technologies said it had seen over 143M malware attacks in Q2 2020. Trickbot proved to be an active distributor for multiple malwares through phishing emails. Malware clocked 38% of the total Android detections in this quarter. Quick Heal found malicious apps that looked 100% authentic but infected consumers mobile phones; fake Aarogya Setu app took the lead in this section. June had the highest number of Windows malware detection.
Avast reported that cybercriminals used Aarogya Setu app to hide a stalkerware inside it. The stalkerware gets downloaded along with the Aarogya Setu app, taking the users’ approval. The firm reported that spying, stalking apps have grown by 20% in India and 51% globally, since the lockdown. Also, a number of apps were developed with the intention to spy on users. These apps use the smartphone’s Accessibility Service feature to gain phone features’ access and spy.
SonicWall Labs found a fake Aarogya Setu app with spyware, capable of making phone calls, audio/video recording, and SMSes. While one such fake app with imperfect icon copy, runs in the background without any activity on the screen, the other two are downloaded as add-ons gaining system’s permission. They also install the legitimate app in the background to avoid user suspicion. Even if users uninstall the app, the malicious code still remains in the system.
Aarogya Setu has helped the authorities to identify “more than 3,000 hotspots in 3-17 days ahead of time ” said NITI Aayog CEO, Amitabh Kant. He said that the app has reached to “50 mn subscribers in 15 days and 100 mn subscribers in 40 days.” The CEO revealed that of the over 114 mn users, two-thirds have taken the self-assessment test to evaluate exposure to COVID-19. Aarogya Setu, so far, has helped identify about 500,000 Bluetooth contacts.
Aarogya Setu app has so far helped the authorities to identify around 13,000 COVID-19 patients. It has also alerted over 1.4 lakh people who had come in close contact with any infected persons. The government, following security concerns, issued stringent guidelines for processing of data collected through the app. Storage of data for more than six months is completely barred. The new guidelines also specify jail term if certain rules are violated.
French hacker Robert Baptiste has claimed that there are security flaws with Aarogya Setu app. “A security issue has been found in your app. The privacy of 90 mn Indians is at stake. Can you contact me in private?” he tweeted. Baptiste said CERT-In and NIC got in touch with him after the tweet. Govt may issue a statement on Baptiste’s concerns soon. He had earlier exposed flaws in mAdhaar app and breached then TRAI Chief’s personal information to prove.