Did Indian govt really put Covid-19 tracing Aarogya Setu code on Github?


aarogya setu app

(Image credit: National Informatics Centre)

Right from the day Indian government launched Aarogya Setu, the app to trace Covid-19 cases in the country, it has been bedevilled by a plethora of issues.

Most of them pertained to the safety and security of the users’ details. There was also phishing allegation against the app.

And then it was alleged to be a surveillance app.

Privacy-conscious citizens and security researchers claimed that the app collects a lot more data than is required to trace contacts, and its code was opaque and proprietary.

Even amidst this, the app logged in huge numbers in downloads — as of now it has had over 10 crore installs on Google Play Store.

So, in a bid to put an end to all the controversies, the government put the source code of the app on Github.

Amitabh Kant, chief executive of NITI Aayog, a government-led policy think tank that collaborated with the federal ministries to build the app, had said all subsequent updates on it would now be made via open-source through the Github repository. Also the code base for iOS and KaiOS (for JioPhone) would be made open source soon.

Open-sourcing #AarogyaSetu is a unique feat for India. No other Government product anywhere in the world has been open-sourced at this scale: #NITIAayog CEO @amitabhk87 pic.twitter.com/3nmuxkd6WyMay 26, 2020

But Is it really open?

Now, the experts and domain analysts who went through the code have a different, and a major, complaint.

They allege that the code shared in Github is not open source.

According to a Twitter thread by Kiran Jonnalagadda, the co-founder of HasGeek, what is available in Github is just “some random code to keep the public distracted.”

In his twitter thread, Jonnalagadda claims, “While the released code may indeed be for *some* version of Aarogya Setu:

1. It is not the version you’re using. We have no idea what is different.

2. Developers are ignoring reports of serious vulnerabilities.

3. Actual development is elsewhere in a closed source repo.”

⚠️ Aarogya Setu is not open source. We got a press release and some random code to keep the public distracted. The released code is not for the app that everyone is using. ⚠️ https://t.co/dctoFKCpPSMay 31, 2020

Merge history of @SetuAarogya in last 3 days. Is the app dead? Or is this a toy / fake repo like @asdofindia claims? Also, note that the developers have not responded to multiple CVE reports on issues. #AarogyaSetuApp – Dumping code on @github alone isn’t OSS.#MissingDevelopers pic.twitter.com/p2UmI3JelKMay 31, 2020


Now Aarogya Setu app handlers are accused of indulging in ‘openwashing’. 

Openwashing is defined as having an appearance of open-source and open-licensing for marketing purposes, while continuing proprietary practices.

The government is yet to respond to the latest round of controversy surrounding Aarogya Setu.

Share post:




More like this

ESPN’s Jay Bilas suggests severe consequences for court-storming fans

Join Fox News for access to this content Plus...

West Virginia Senate passes bill that would remove marital exemption for sexual abuse

CHARLESTON, W.Va. (AP) — Married people in West Virginia...

Kevin Costner admits ‘Horizon’ was ‘biggest struggle’ as he unveils first look at Western film

Kevin Costner rode off into the sunset from "Yellowstone"...