A software programmer from Bengaluru hacked the contact tracing app Aarogya Setu, which the Indian Govt. has mandated for public and private sector employees to download it.
The programmer hacked the Aarogya Setu app by simply removing the code from the app to bypass the registration page that required people to sign up with their mobile numbers. He also bypassed the page that requested personal information like name, age, gender, travel history, and COVID-19 symptoms. And then he found a way to disable the permissions requiring access to the phone’s Bluetooth and GPS at all times. Finally, he has his app flashing green badge without having him shared any data, according to the report from Buzzfeed.
Because of the privacy concerns raised by the security experts, the app has become controversial and more users are trying to find work-arounds to not share their personal data. Some less tech savvy users have reported that they have taken screenshots of the green badge to flash instead of putting the app on their devices.
How the app works?
Users are required to provide personal information to register in the app.
The app uses phone’s Bluetooth and location data, and lets users know if they have been near a person with Covid-19 by scanning a database of known cases of infection. And it also recommends measures if the person has got in contact with a positive case. If the person didn’t come in contact with a person, the app shows a green badge indicating the app user is safe.