This article is more than 1 year old
India makes contact-tracing app compulsory in viral hot zones despite most local phones not being smart
Tech minister says app is 'foolproof'! We imagine Black Hats probably don't agree. And some may have time on their hands at present
India has made use of a COVID-19 contact-tracing app compulsory in some parts of the nation.
The country yesterday extended its national lockdown for two weeks from today. But the extension is not total: regions that have experienced no new cases at all or none in the last 21 days will be designated “green zones”. But locales with known cases or insufficient data will become “red” or “orange” zones subject to ongoing stay-at-home orders and extensive restrictions on business activity.
And in Red or Orange zones, according to the new Order [PDF] from the Ministry of Home affairs, “The local authority shall ensure 100% coverage of the Aarogya Setyu App among residents of the containment zones.”
Aarogya Setyu is India’s national contact-tracing app and has been pushed by officials from the Prime Minister down as not just a handy tool but one it is just-about-unpatriotic to ignore. India’s IT minister has even labelled it “foolproof”, which sounds like a challenge to black hats!
#QuotableQuotes | “@SetuAarogya App is foolproof and a secure app.” - @rsprasad Hon'ble IT Minister @GoI_Meity. Get your own personal bodyguard at your fingertips, download the app now -iOS:https://t.co/eeWB6XDG54
— Digital India (@_DigitalIndia) May 1, 2020
Android:https://t.co/X62xHj6EqJ#DigitalIndia #IndiaFightsCorona pic.twitter.com/IAZge7C6Bm
This new order may well be impossible to enforce because the app doesn’t run on feature phones, which comprise over half of India’s national phone fleet. However it’s not hard to see why India wants more installs: it’s had around 80 million to date, which is not just over six percent of the country’s population and not a particularly useful sample in a nation where mega-cities top the ten-million-resident mark.
Aarogya Setyu uses the now-familiar Bluetooth beacon method for logging users’ activities and its. privacy policy promises data collected will only be used for anonymous heat maps and informing those who encounter COVID-19 sufferers. But the privacy policy also includes a clause saying “All personal information collected from you under Clause 1(a) at the time of registration will be retained for as long as your account remains in existence and for such period thereafter as required under any law for the time being in force.”
That’s not a clause The Register has found in our investigation of similar apps. And now it’s a clause that will bind unknown numbers of users who will be compelled to download the app. ®
Biting the hand that feeds IT
