Twitter went berserk on Wednesday as it demanded Aarogya Setu app open source for greater transparency and inspiring public confidence after a French cybersecurity researcher, Robert Baptiste, who goes by the pseudonym Elliot Alderson on the micro-blogging site, listed out a various failures of the app in detail. A previous attack made by the hacker claimed that “a security issue has been found in your app. The privacy of 90 million Indians is at stake.” Also Read - Chess Keeps Ticking, Moves Online Amid Coronavirus Pandemic
Asking the authorities to contact him in private, Baptiste promised to come back after the government-owned coronavirus contact-tracing mobile application issued a clarification on Wednesday, regarding liability concerns over privacy issues raised by him. Within a couple of hours, Baptiste was back with a a piece detailing the issues with the app, explained in a post on Medium. Also Read - We Are Hopeful And Optimistic of IPL Happening This Year: KXIP Head Coach Anil Kumble
He titled it “Aarogya Setu: The story of a failure” and explained how “with only 1-click an attacker can open any app internal file, included the local database used by the app called fight-covid-db.” He began by updating readers on how On Tuesday, the Uttar Pradesh government made it mandatory for smartphone users in Noida to have Aarogya Setu app downloaded when out in a public place. Not installing the app will be considered a violation of the coronavirus-forced lockdown and attract punishment, according to new guidelines issued by the UP police. Also Read - Viral Video: Family Picnic Turns Sour as 12-Year-Old Boy Comes Out of Woods Followed by Bear, Here's What Happened Next
Pointing out that the issue he had brought to light recently “had been fixed silently by the developpers”, Baptiste wrote that within 49 minutes of his initial tweet, National Informatics Centre (that developed that app under the Union Ministry of Electronics and Information Technology) and the Indian Cert contacted him.
Baptiste claimed that the developers issued a statement of clarification on behalf of Team Aarogya Setu on Wednesday, only after he “sent them a small technical report”. Satisfied with the quick response, Baptiste rounded off his report by musing, “I’m happy they quickly answered to my report and fixed some of the issues but seriously: stop lying, stop denying.”
Off late, the demand to open source the application has been a constant one from the privacy advocates. #OpenSourceAarogyaSetu was trending on Twitter on Wednesday.