Coronavirus | Aarogya Setu app is now open source, says government

It has been a long-standing demand of privacy and security experts

Updated - December 03, 2021 06:36 am IST

Published - May 26, 2020 10:26 pm IST - New Delhi

Researchers can suggest improvements to the source code of the app.

Researchers can suggest improvements to the source code of the app.

Amid concerns over privacy of data being collected by its coronavirus contact tracing app, the government on Tuesday said it was open sourcing Aarogya Setu — a long-standing demand by privacy and security experts.

Also read: Coronavirus | What are the concerns around the Aarogya Setu app?

The government has also launched a Bug Bounty programme wherein financial rewards will be given to security researchers for finding any vulnerability in the application or suggesting improvements to the source code.

With open sourcing, developers can look at the code of the application, suggest improvements and also use it to develop similar products.

“With the release of the source code in the public domain, we are looking to expanding collaboration and to leverage the expertise of top technical brains amongst the talented youth and citizens of our nation and to collectively build a robust and secure technology solution to help support the work of frontline health workers in fighting this pandemic together,” the government said.

Android version

While the source code for the Android version of the application will be available for review on GitHub, the iOS version of the application will be released as open source within the next two weeks, the Ministry of Electronics and IT said in a statement.

Almost 98% of over 11.4 crore users of Aarogya Setu users are on Android platform.

“...the step will have a positive impact on the privacy of Indian users. This will improve transparency on how the data is used, improve security by minimising bugs and empower experts to improve the app via public contributions,” said Udbhav Tiwari, Policy Adviser, Mozilla Corporation.

The bug bounty programme will be open to Indian and foreign nationals, but only Indians will be eligible for rewards offered under the scheme. Anyone who points out a security vulnerability in the app source code will be eligible for a reward of up to ₹3 lakh, and up to ₹1 lakh for pointing out a suggestion or improvement in the source code.

Aarogya Setu’s Bug Bounty Programme has been prepared with the goal to partner with security researchers and Indian developer community to test the security effectiveness of the app and to enhance its security and build user’s trust, the government said.

Welcoming the move, Mishi Choudhary, technology lawyer, said, “The Government of India has an amazing policy on adoption of Open Source software that encourages formal adoption and use of open source software in government organisations. We will be verifying that all code is open source and global best practices are followed.”

She added that the government must also ensure that the mandatory nature of the app should be addressed. It should only be voluntary and not create classes of citizens based on their having an app or not.



0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.