Did Indian govt really put Covid-19 tracing Aarogya Setu code on Github?


aarogya setu app

(Image credit: National Informatics Centre)

Right from the day Indian government launched Aarogya Setu, the app to trace Covid-19 cases in the country, it has been bedevilled by a plethora of issues.

Most of them pertained to the safety and security of the users’ details. There was also phishing allegation against the app.

And then it was alleged to be a surveillance app.

Privacy-conscious citizens and security researchers claimed that the app collects a lot more data than is required to trace contacts, and its code was opaque and proprietary.

Even amidst this, the app logged in huge numbers in downloads — as of now it has had over 10 crore installs on Google Play Store.

So, in a bid to put an end to all the controversies, the government put the source code of the app on Github.

Amitabh Kant, chief executive of NITI Aayog, a government-led policy think tank that collaborated with the federal ministries to build the app, had said all subsequent updates on it would now be made via open-source through the Github repository. Also the code base for iOS and KaiOS (for JioPhone) would be made open source soon.

Open-sourcing #AarogyaSetu is a unique feat for India. No other Government product anywhere in the world has been open-sourced at this scale: #NITIAayog CEO @amitabhk87 pic.twitter.com/3nmuxkd6WyMay 26, 2020

But Is it really open?

Now, the experts and domain analysts who went through the code have a different, and a major, complaint.

They allege that the code shared in Github is not open source.

According to a Twitter thread by Kiran Jonnalagadda, the co-founder of HasGeek, what is available in Github is just “some random code to keep the public distracted.”

In his twitter thread, Jonnalagadda claims, “While the released code may indeed be for *some* version of Aarogya Setu:

1. It is not the version you’re using. We have no idea what is different.

2. Developers are ignoring reports of serious vulnerabilities.

3. Actual development is elsewhere in a closed source repo.”

⚠️ Aarogya Setu is not open source. We got a press release and some random code to keep the public distracted. The released code is not for the app that everyone is using. ⚠️ https://t.co/dctoFKCpPSMay 31, 2020

Merge history of @SetuAarogya in last 3 days. Is the app dead? Or is this a toy / fake repo like @asdofindia claims? Also, note that the developers have not responded to multiple CVE reports on issues. #AarogyaSetuApp – Dumping code on @github alone isn’t OSS.#MissingDevelopers pic.twitter.com/p2UmI3JelKMay 31, 2020


Now Aarogya Setu app handlers are accused of indulging in ‘openwashing’. 

Openwashing is defined as having an appearance of open-source and open-licensing for marketing purposes, while continuing proprietary practices.

The government is yet to respond to the latest round of controversy surrounding Aarogya Setu.

Share post:




More like this

Another popular Nigerian TikTok influencer’s private video appears online

Different bloggers have dragged the...

Tinubu’s CSU Certificate: Time for All Nigerians to Voice Concerns – Deacon Afolabi

Deacon Elijah Afolabi, a prominent member of the Peoples...

“I’m not a drug lord, I have no hand in Mohbad’s death” – Naira Marley

Nigerian singer and Marlian Records boss Azeez Fashola aka...

BBNaija should be focused on finding solutions to Nigeria’s problems

Oluseun Anikulapo Kuti, Nigeria's Afrobeat singer, famously known as Seun Kuti,...