A few days ago, Congress leader Rahul Gandhi had claimed that the Aarogya Setu mobile application, designed to help users to identify whether they are at risk of the COVID-19 infection and provides people with important information, including ways to avoid coronavirus and its symptoms, is a "sophisticated surveillance system".
Technology can help keep people safe, but fear must not be used to track citizens without their consent, the Congress chief had said.
"The Aarogya Setu app, is a sophisticated surveillance system, outsourced to a pvt operator, with no institutional oversight - raising serious data security & privacy concerns. Technology can help keep us safe; but fear must not be leveraged to track citizens without their consent," Gandhi had tweeted.
Now, a French cybersecurity expert, who goes by the name the name Elliot Alderson borrowed from the popular TV show Mr Robot, has come out claiming that a security issue has been found in the app and added that the Congress leader was right about the app. "Hi @SetuAarogya, A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private. Regards, PS: @RahulGandhi was right," read the tweet.
Later, in another tweet, the cyber expert said: “49 minutes after this tweet, @IndianCERT and @NICMeity contacted me. Issue has been disclosed to them.”
Earlier, Alderson had explored Iran's COVID-19 app to find out what data it collects and who it sends this data to. Alderson showed how the website offering direct downloads of the app was registered by a Mostafa Anoosheh, who was linked to an app developer that had earlier created clones of the popular messaging app Telegram, which were accused of spying on their users.
Alderson had, some time ago, revealed how an estimated 67 lakh Aadhaar numbers could have been leaked by state-owned gas company Indane.