Aarogya Setu App: Life-Saving or Privacy Invasion

In the continuing combat against the existing pandemic, contact tracing apps are proving to be an effective tool helping to limit the spread of the contagion. Governments and health bodies across the globe have been launching such apps to assist health officials track down individual and community exposure. So far, around 45 covid-19 contact-tracing apps have been launched worldwide in over 25 countries. The surge of such apps has also invited significant controversies around the privacy infringements of citizens and data security, questioning the cyber-hygiene practices that are being adopted in data collection and data utilisation by these apps.

Aarogya Setu: India’s Contact Tracing App

On April 2, India launched its official contact tracing app – Aarogya Setu . The app has witnessed steady downloads since its launch reaching to 115 million downloads by 26 th May, making it the most downloaded contact tracing app in the world (and the seventh most downloaded app worldwide in April). It is available in 12 languages across both android and iOS platforms. According to the Indian government, the app has successfully predicted 3,000 coronavirus hotspots at a sub-post office level and alerted more than 140,000 users about possible infections. It is mandatory to install this app if you have to use the recently opened airline services in India. Employees of few private organisations and public sector units have been compulsory asked to use the app while entering the office premises.

How does the app work?

Around 70% of the contact tracing apps run on a centralised system which effectively means that the location and the data processed by the app is funnelled into a centrally run database maintained by the government or a local health body. India’s app also functions on this centralised system and requires continuous access to location history through Bluetooth and GPS. The entire data collected via the app is stored and managed on the government servers. MIT recently downgraded the rating of the app (1 out of 5) as the app does not follow the principle of ‘data minimalization’ – meaning that it collects far more data points from the user than actually required for contact tracing. The data that the Aarogya Setu app collects is divided into four categories—demographic, self-assessment, contact and location. The collected information includes person’s name, mobile number, age, gender, profession, travel history, locations of individuals around you etc. The app can constantly access your location.

Privacy Infringement Concerns

Ever since its launch, the Aarogya Setu app has faced constant ire by privacy advocates and cybersecurity experts for privacy and transparency issues. Some have alleged that this app can be used in future for mass surveillance to control and monitor the movements of the population. The concerns also stem from the fact that India lacks...