Thursday, Aug 06, 2020 | Last Update : 03:40 AM IST

135th Day Of Lockdown

Maharashtra46826530552116476 Tamil Nadu2734602148154461 Andhra Pradesh1864611043541681 Karnataka151449746792804 Delhi1402321261164044 Uttar Pradesh104388605581857 West Bengal83800589621846 Telangana7095850814576 Gujarat65704485612529 Bihar6203140760349 Assam4816233429115 Rajasthan4667932832732 Haryana3779631226448 Odisha3768124483258 Madhya Pradesh3508225414912 Kerala279561629988 Jammu and Kashmir2239614856417 Punjab1901512491462 Jharkhand140705199129 Chhatisgarh10109761369 Uttarakhand8008484795 Goa7075511460 Tripura5520367528 Puducherry4147253758 Manipur301818147 Himachal Pradesh2879171013 Nagaland24056594 Arunachal Pradesh179011053 Chandigarh120671520 Meghalaya9173305 Sikkim7832971 Mizoram5022820
  Technology   In Other news  26 Apr 2020  28 covid apps used by Centre, States not open source, cannot be checked for vulnerabilities

28 covid apps used by Centre, States not open source, cannot be checked for vulnerabilities

THE ASIAN AGE | ADITYA CHUNDURU
Published : Apr 26, 2020, 4:40 pm IST
Updated : Apr 26, 2020, 4:40 pm IST

Privacy concerns abound as independent developers cannot study the code

Apart from Aarogya Setu, the Centre and state governments are using at least 28 mobile applications to tackle the covid-19 pandemic. (Representative Image | AP)
 Apart from Aarogya Setu, the Centre and state governments are using at least 28 mobile applications to tackle the covid-19 pandemic. (Representative Image | AP)

Hyderabad: There has been an explosion of mobile apps since the covid-19 crisis began in the country.

Apart from Aarogya Setu, the Centre and state governments are using at least 28 mobile applications to tackle the covid-19 pandemic.

 

These apps have varied purposes — some disseminate information on cases, deaths and so on to users while others are used by officials to track people under quarantine.

There is one common aspect to all of them: None of them is open-sourced.

One of the most famous apps is the Centre’s Aarogya Setu, which collects users’ Bluetooth and location data to track their whereabouts and alert them if they come in contact with a covid-19 positive patient. The app, which has been controversial given privacy concerns, has been downloaded by over 7.5 crore people.

Open source software (OSS) is often preferred for public utilities since they allow for transparency. Users can access the code and know exactly what the product is supposed to do with their data.

 

In 2015, the Centre had released the ‘Policy on Adoption of Open Source Software for Government of India, which required it to encourage the use of such software in all government institutions.

The Software Law Freedom Centre (SFLC), in a report, analysed these covid apps on privacy, terms of conditions and permissions required. The report noted that many of the apps did not even have terms of service or privacy policy documents like West Bengal’s ‘covid-19 West Bengal Government’ and Arunachal Pradesh’s ‘COVID CARE’.

Though many apps had privacy policies, they were cookie-cutter documents created out of an automated tool. “[These auto-generated documents] lack clauses that cover important aspects such as data retention and purpose limitation for the processing of data collected,” the SFLC report read.

 

Perhaps most of these answers could be found through an OSS model.

Prashanth Sugathan, volunteer legal director at SFLC, said that OSS would allow the developer community to study the code and point out vulnerabilities. “Another advantage is that such software products are reusable. If two states have the same requirement from a software, they can use the same app. This would allow for better cooperation,” he said. He added that having an OSS would improve the trust the general public has in it.

Ranjith Raj, a Hyderabad-based security researcher and member of Sweccha, a group that promotes the use of OSS, said it was essential for government apps to be opensource. “The privacy of an app is impossible to review without the source code being available. We can’t be sure about what’s being tracked, and what’s secure. While the governments assure us the apps are not surveillance tools, keeping the source code hidden leaves much to be desired,” he said.

 

Tags: coronavirus app, aarogya setu, government app, data privacy