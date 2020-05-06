A few hours ago, a French cybersecurity expert and hacker under the alias "Elliot Alderson" claimed that Aarogya Setu, the official contact-tracing app of the Government of India, carries a security issue. Now, the developers of Aarogya Setu have responded to the allegations, saying that the app does not pose any threat to the privacy or security of its users. Here's all about it.

Allegation Alderson's allegation of security issue

In a series of tweets on May 5, Alderson claimed to have discovered a security issue in the Aarogya Setu app. The hacker did not share the specifics of the flaw but claimed that the issue risked the privacy of 90 million Indians who have installed the app to keep themselves informed about close contact with a COVID-19 positive patient.

Response Contact with Indian Computer Emergency Response Team

Within an hour of tweeting, Alderson was contacted by the Indian Computer Emergency Response Team and National Informatics Centre, the developer of the app. The hacker said the authorities have been informed about the flaw but he would disclose it publicly after a reasonable deadline, if it remains unpatched. "Putting the medical data of 90 million Indians is not an option," Alderson emphasized.

Response Aarogya Setu's team responded on the matter

Hours after Alderson's remarks, the Aarogya Setu team shared a statement acknowledging the flagged issues. However, they emphasized that the problems raised by the hacker do not pose a security threat of any kind. "No personal information of any user has been proven to be at risk by this ethical hacker," the team said, adding that "no data or security breach has been identified".

Twitter Post Here is the complete response

Statement from Team #AarogyaSetu on data security of the App. pic.twitter.com/JS9ow82Hom — Aarogya Setu (@SetuAarogya) May 5, 2020

Response No response from Alderson yet

So far, Alderson has not responded to the Aarogya Setu team's clarification. The hacker had identified flaws in the Aadhaar mobile application in 2018 and will likely share some evidence to prove his point in the case of Aarogya Setu, as well. Apart from Alderson, other organizations, including the Internet Freedom Foundation and Mozilla, have also raised questions over the app's privacy and security.

Person But, who is Elliot Alderson?