Aarogya Setu is now an open-source Indian CoVID-19 Contact tracing, Syndromic mapping and Self-assessment digital service, primarily a mobile application, developed by the National Informatics Centre under the Ministry of Electronics and Information Technology. As on 27 May 2020 there are more than 11.60 Crore users who have downloaded the Aarogya Setu App. MHA in the guidelines has mandated the use of App for people who are in essential service or travelling via Air, Rail or Road.
In a move to address concerns around the privacy of the Aarogya Setu App, the government has released the source code for its Android version. Anyone will be able to see and study the Aarogya Setu code on Github, which brings together the world’s largest community of developers to discover, share, and build better software. As any one can study and download the code, the preliminary reports suggests it is safe app and only Limited information is collected for the purpose of safety of Citizen and tracking of Covid19
- Reference to the convenience services and ePass features
- Clarifications provided as to the consequences of not keeping the phone with you.
- The restrictions on tampering and reverse-engineering have been removed
- It has been made clear that it is only if you delete the App that you will no longer be able to use the Service
- Clarifications as to the liability of the government for certain actions and disclaimers.
- Contact information has been provided for defect reporting.
- Clarifications have been provided as to what data is collected.
- Reference has been made to data processed by pressing the Report button
- Additional clarifications have been provided as to the use of data and that location data for the past 30 days can be uploaded under specified circumstances
- Additional clarifications have been provided as to data retention.
What personal information does Aarogya Setu collect from users?
Answer: To register for the App, you are needed to provide your mobile number. In addition, you are also asked for your name, gender, age, profession, countries visited in last 30 days and willingness to volunteer in times of need. This information is encrypted and stored on the Aarogya Setu server.
When you take the optional Self-Assessment Test, the App collects your response to the Test and records your location. This information is encrypted and stored on the Aarogya Setu server. When your smartphone on which the App is active with mobile, Bluetooth and GPS services turned on, comes within range of another such mobile or handheld device, the App collects from such other device the anonym zed Device ID of the other user and details of the interaction (time, duration, distance and location). This information is encrypted and stored on your device.
How does Aarogya Setu anonymize your personal information?
Answer: When you provide your mobile number at registration, the Aarogya Setu server assigns an anonymous, randomized unique device identity number (DiD) and associates it with your mobile number. This pair – the mobile number and DiD – is securely stored in a highly encrypted server. Other personal information that you have provided at the time of registration is also paired with DiD assigned to your device, and is securely encrypted and stored on the server.
All future interactions between two devices with Aarogya Setu app installed, and between the device and the Aarogya Setu server is done using DiD only. No personal information is used for any future communication or transaction.
– The personal information provided at the time of registration is paired with DiD assigned to your device, and is securely encrypted and stored on the server.
– The exchange of information between two devices for Bluetooth contact tracing is done using DiD only and is encrypted stored on the device.
– The results of the Self-Assessment test and the location is paired with DiD assigned to your device, and is securely encrypted and stored on the server.
– All communications from the Aarogya Setu server, including notifications and update of risk of infection is done using DiD only.
It is only when you test positive for COVID-19 or have a high likelihood of risk of infection, your DiD is re-identified with your personal information to administer necessary medical intervention for you.
What are the privacy features built into Aarogya Setu?
Answer: Contact tracing is a potentially privacy invasive technology solution unless appropriate care is taken. Aarogya Setu has endeavoured to have “privacy-first by design” as a key principle. Given that this technology can help curtail the spread of the COVID-19 pandemic, its use is justified under the current circumstances. Nevertheless, keeping in mind the privacy concerns that such a technology raises, every effort has been taken to enhance the privacy features of Aarogya Setu.
There are four key ways in which Aarogya Setu protects the privacy of its users:
a. Personal information you provide at registration is immediately anonym zed and all subsequent transaction are related to a specific Device Identification Number (DiD) that is assigned to you by the Aarogya Setu server.
b. By default, all contact tracing and location information that is collected is stored locally on your mobile device. This information is only uploaded to the Aarogya Setu server if you have tested positive for COVID-19.
c. All contact tracing and location information stored on the mobile device and not uploaded to the Aarogya Setu servers is permanently deleted from the phone on a rolling 30 day cycle. All your contact tracing and location information that might have been uploaded to the Aarogya Setu server is permanently deleted 45 days from the date of upload if you have not tested positive for COVID-19 within that period of time. If you are infected, all contact tracing and location information pertaining to you is permanently deleted from the server 60 days after you are declared cured of COVID-19.
These features implement anonymization, data minimization, purpose and use limitation and data retention principles in accordance with widely accepted privacy principles and represent a reasonable restriction on the personal privacy of Aarogya Setu users.
How does Aarogya Setu secure your information?
Answer: All information stored on your mobile device is Advanced Encryption Standard (AES) protected. All the data stored on the device is AES encrypted using the key chains of the operating system: Key Store for Android and Key Chain for iOS.
All the data transmission from the device to server and back is anonymised, RSA protected and transmitted securely. Every single request from the app to the server is authenticated. The backend data storage at rest is encrypted using AWS tools and global best practices.
The Aarogya Setu team has done end-to-end testing of the system from reputed academic institutions, tech audit firms and multiple ethical hacker groups for security vulnerabilities. The team does security audit before every release, as a practice.
If GPS information is not required for contact tracing (the Singapore Trace Together app does not collect GPS information) why does Aarogya Setu collect GPS information?
Answer: Unlike Trace Together and the various other apps like that, Aarogya Setu is more than just a contact tracing app. In a country with the population density of India’s, the Government of India believes it is necessary to not only identify users who have come in contact with each other but also to trace the paths that infected persons have walked in order to be able to sanitise areas potentially infected with the disease and identify persons in those areas who might have been infected even though they have not been identified as contacts on the Aarogya Setu app.
In addition, when you take the self-assessment test on the Aarogya Setu app, by co-relating the symptoms that you report with your location information, the Government of India will have the ability to identify hotspots where disease may be spreading early enough to be able to prevent it from spreading too far.
It is for these reasons that Aarogya Setu collects GPS information.
How long is the information stored on my mobile phone?
Answer: Contact and location information of all unique interactions are stored on your mobile phone and, if it has not been uploaded to the cloud within 30 days of being collected, is permanently deleted.
If the contact and location information stored on my phone is uploaded to the Aarogya Setu server, for how long is it stored on the server?
Answer: If your contact and location information has been uploaded to the Aarogya Setu server and even after 45 days from the date on which it was uploaded you have not tested positive for COVID-19, the data is permanently deleted from the Aarogya Setu server.
If your contact and location information has been uploaded to the Aarogya Setu server and you have tested positive for COVID-19, then the data is permanently deleted from the Aarogya Setu server 60 days after you have been declared cured of COVID-19.
If I test positive for COVID-19, will Aarogya Setu inform other users of the App that I have tested positive?
Answer: Aarogya Setu WILL NOT reveal your personal identity or your medical condition to any other user of the App or to the public at large. The Government of India may, for the purpose of implementing suitable medical and administrative interventions, contact persons you have come in contact with but will not inform them of your condition. Your information is safe with us.
Why am I requested to keep my Bluetooth switched at all times?
Answer: Aarogya Setu relies on Bluetooth technology to identify instances of your interactions with other devices that have the App installed. Currently, Bluetooth provides most accurate measure of your close proximity with other devices. If you keep it switched on it will be able to collect those you come in contact with at all times.
If I keep my Bluetooth switched on at all times, will it not drain the battery of my mobile phone?
Answer: The Aarogya Setu app uses Bluetooth Low Energy, a variant that has negligible battery drain. In addition we are continuously working on improving device efficiency and will roll out these features in future updates.
Why am I requested to keep set my location sharing to “Always”? Is my location being continuously monitored?
You need to keep your location sharing set to “Always” for the following specific reasons:
A. To pinpoint the locations where you may have come in contact with persons who have tested positive for COVID-19;
B.To allows the Government of India to implement appropriate and necessary medical and administrative interventions at various specific locations in India based on information as to where epidemic hotspots are developing. All location information whether stored on your device or uploaded to the Aarogya Setu server is associated with your Device ID and not your personal information.