The Aarogya Setu app gained immense popularity in India and crossed five million downloads within the first three days from its launch and consequently, became a target for malware creators.
SonicWall Labs threats research team observed that some of these malicious apps are piggybacked on the legitimate Aarogya Setu app in the resources folder. These malicious apps install the legitimate app in the background, a technique used to fool the user into believing that the user installed the legitimate app. In reality, the malicious app executes its criminal functions in the background.
If the user deletes Aarogya Setu app from the device by long pressing the icon > uninstall method, only the legitimate app is removed, while the malicious app would still be available on the device. The only way to remove the malicious app is to remove it from settings > apps > uninstall. This trick has the potential to fool several users who are not vigilant.It became a target for malware creators. After it has introduced, there was huge controversy against the government that they are mandating to download the app.
The show-cause notices were issued to Central Public Information Officers of Ministry of Electronics and Information Technology (MeitY), National Informatics Centre (NIC) and National E-Governance Division (NeGD).
The clarification came after it emerged earlier today that the government had been served notice by the central information commissioner Vanaja N. Sarna recently took strong exception to the ministry having “no clue” about how the platform came into being, for what it called “evasive answers” on who created the contact tracing app that the government pushed as an essential tool in the fight against the coronavirus.
A question is on how ,the Central agencies involved in the development of the app had claimed to have no information about its origin. What kind of due diligence they have undertaken and what was the urgency to implement so fast. The App has been downloaded by more than 16.23 Cr users and has greatly augmented the efforts of front line health workers in the fight against COVID19. Experts says, if there any data breach who will be held responsible.
Former Supreme Court Judge B N Srikrishna, who chaired the committee that came out with the first draft of the Personal Data Protection Bill, termed the government’s push mandating the use of Aarogya Setu app “utterly illegal”. The statement was hardly listen by anyone in the government,rather there was mandate to install the app ,while anyone want to enter any Government office, Airport or any hotels near by the airport. In some case, if someone doesnot install the app, they are sign a deceleration form.
On May 1, the Ministry of Home Affairs, in its guidelines after the nationwide lockdown was extended, made Aarogya Setu App mandatory for employees of private and public sector offices. It also asked local authorities to ensure 100% coverage of the app in containment zones. The guidelines were issued by the National Executive Committee set up under the National Disaster Management Act (NDMA), 2005.
Documentation done by the IT department (MeitY) comes to a big question mark ,it was questioned by the Central Information Commission (CIC) for claiming not to have information on the origins of the Aarogya Setu app, the same ministry issued a press release saying everything about the app was already in the public domain. The Ministry of Home Affairs had made the contact tracing app mandatory for those travelling and for several other activities during the COVID-19 pandemic. Now a question comes on , whether there could have been a breach of personal data because of the app – the MeitY later issued a clarification, saying the “AarogyaSetu App was launched by Government of India in public private partnership mode”
“The Aarogya Setu app was developed in a record time of around 21 days, to respond to the exigencies of the Pandemic with Lockdown restrictions only for the objective of building a Made in India Contact Tracing App with the best of Indian minds from Industry, Academia and Government, working round the clock to build a robust, scalable and secure app,” said the government.
Now the Central Information Commission for what it called “evasive answers” on who created the contact tracing app that the government pushed as an essential tool in the fight against the coronavirus.The ministry has also said that the “AarogyaSetu has proved to be very useful in India’s fight against COVID19″.
“Denial of information by authorities cannot be accepted,” the top RTI body said in its notice, calling it “extremely preposterous”.The National Informatics Centre reportedly said that the “entire file related to creation of the app is not with NIC”. The IT ministry transferred the query to the National e-Governance Division, which said: “The information sought is not related to (our division).”
The Commission then directed the CPIO, NIC to explain this matter in writing as to how the website was created with the domain name gov.in, if they do not have any information about it. Moreover, it directed that an e-mail be sent by its Registry to the e-mail id support.aarogyasetu.gov.in as mentioned in the website directing them to send the concerned authority to be present before the Commission on the next date of hearing.
The CIC recorded that “now MeitY also has not provided any information relating to the App’s creation and other matters” and how, therefore, the complainant has pleaded that “no one has any information on how this App was created, the files relating to its creation, who has given inputs for this App’s creation, what audit measures exists to check for misuse of the personal data of millions of Indians, whether any anonymisation (sic) protocols for user data have been developed and about who this data is being shared with.”