Aarogya Setu app data is only shared with government officials working on COVID-19: NITI CEO Aayog


The central government's Aarogya Setu mobile app is based on the principle of "privacy first by design", taking into account the security and privacy of user data, said Amitabh Kant, CEO of NITI Aayog. He added that user data from the app would only be provided to government officials directly responsible for containing the spread of the coronavirus in India.

In an exclusive interaction with ANI, Kant said that the Aarogya Setu mobile app was created to guarantee the confidentiality and security of personal information collected from people. It is based on the principle of "confidentiality first by design".

"Aarogya Setu has a clearly defined protocol for accessing data. The National Center for Computing (NIC) is the data custodian, and the data is only shared with government officials directly involved in medical and administrative interventions related to COVID. -19 when strictly needed – knowledge base and scope limited to your direct work, "said Kant.

Concerns about the Aarogya Setu app arose when a French ethical hacker claimed to have access to user data and pointed out security holes in the app that could be ramifications of confidentiality.

Clarifying the apprehensions that some users may have regarding data security, Kant said: "When someone provides their cell phone number for registration, the Aarogya Setu server assigns an identification number Unique, Random and Anonymous device (DiD) and associates it with your mobile phone device. This pair: cell phone number, DiD and other personal information is securely stored on a highly encrypted server. "

After registration, the app prompts you for your name and mobile phone number (any name by which you want to be called, not your legal name). In addition, they ask their age and gender (both have a direct link to the impact of COVID-19), the profession (to ensure that people in essential services receive proactive assistance) , countries visited in the past 30 days and willingness to volunteer. if needed.

"All contact location and location information that could have been uploaded to the Aarogya Setu server is permanently deleted 45 days after the upload date if it has not tested positive for COVID-19 during this Infected, all your contacts and location information are permanently deleted from the server 60 days after being declared cured of COVID-19, "added Kant.

Although the app asks users to share the location, the app does not use location data for contact tracking. "The app has clearly defined and delimited how location information is used, only anonymously or aggregated, and for the specific purpose of identifying access points so that testing and proactive disinfection of these locations can be performed, "he said, adding that the app does not continuously monitor the location of a user.

According to government data to date, the Aarogya Setu app has registered around 9.6 million users since its launch on April 2. However, contact tracking data was obtained from only 12,000 users who tested positive for COVID-19, which represents less than 0.1% of all users. "Unless someone tests COVID-19, this information is never viewed or sent to the server and is permanently deleted from the phone 30 days after it is collected," he said.

"The main feature of the app is the Bluetooth-based location history and contact tracking in the fight against coronaviruses. The Bluetooth interaction between two phones on which the app is installed is done anonymously, using a secure random device identification (DID) number that was assigned to the devices at the time of registration, "added Kant.

Along with the user's location history, which is sampled sparingly (once every 30 minutes), this information is securely encrypted using the native keychain of the system. Operating the phone and stored on the phone itself.

"The Aarogya Setu engine is designed to respect the privacy of patients with a positive COVID-19. The application backend is integrated into the ICMR database via an API and information about patients who have given The positive with COVID-19 is received in real time. "This is the ICMR database which is the source from which the application receives information on all positive cases of COVID- 19 ", added Kant.

"Only if individual medical intervention is required to re-identify anonymous personal information. The team is exploring the possibility of switching from a single DID to dynamically generated DIDs for each user, to further improve privacy. " Kant added in an interview with ANI.

Explaining the important predictions made by Aarogya Setu, Kant said: "In the past 6 weeks, the Aarogya Setu app has become a key technological solution aimed at fighting COVID-19. Thanks to this app, several critical points were identified emerging and potential hidden The engine provided 130 access points across India at post offices between April 13 and 20. Since then, each planned point has been declared point of # 39; royal access and the Ministry of Health acted on it. "


Is my 10 an expensive OnePlus 8 or a budget S20 Ultra? We talk about it on Orbital, our weekly technology podcast, which you can subscribe to via Apple podcasts or RSS, download the episodeor just hit the play button below.

Leave a Reply

Your email address will not be published. Required fields are marked *