Aarogya Setu app does not access your data unless you have Covid-19, says NITI Aayog’s Arnab Kumar



[ad_1]

India’s contact tracing app Aarogya Setu, mandatory for those work in private and government offices, has been in the eye of a storm over privacy and security concerns. But NITI Aayog program director and part of Team Aarogya Setu, Arnab Kumar, tells Himanshi Dhawan that not only is the app providing valuable insights into the pandemic, there has been no data breach

Aarogya Setu was among the first contact tracing apps to be developed. How long did it take the team to develop it and how many people were involved in the process?

The concept and initial product design was proposed by a few of us from the government and the private sector in early March. We had a working product ready a week later, after which we refined it and put it through rigorous testing (security, scalability, usability, performance across multiple devices) and released it on April 2. In the last two months of development and scaling up , we have more than 60 of the best from India across engineering, product, system architecture, epidemiology, data science, healthcare, privacy, security, UI design and translation involved in the project – backed by some of the senior-most leaders in the government.

Contact tracing through apps has been used in South Korea, China and states like Kerala. How effective has the strategy been so far?


Contact tracing is absolutely essential in accurately identifying and alerting people who may be at risk of infection. Using technology to do this significantly improves outcomes. Furthermore, aggregate data gathered from such an app is critical in understanding the spread of infection – magnitude as well as direction and velocity. The insights generated by Aarogya Setu in last six weeks have been incredible, more than 100,000 people have been alerted of their possible risk of infection – low, moderate or high based on Bluetooth-based contact tracing, and suitable medical facilities have been extended to them . The efficacy of testing based on initial recommendations from Aarogya Setu is many times higher than any other protocol followed globally. In addition, we have identified several potential emerging and hidden hotspots across the country.

How many people have downloaded the app till now?


The App has seen more than 96 million downloads and registrations from across India. Aarogya Setu is the fastest mobile app globally to garner 50 million users, has made it to top-5 most downloaded apps in PlayStore globally in its first month of release and will be one of the fastest to break into the 100 million club.

Among the concerns that have been raised is that contact tracing done through the app may lead to surveillance of individuals. What is your response? What will happen to the data once the pandemic is over?


The Bluetooth-based contact tracing for Aarogya Setu is done in an anonymous and secure manner, the data is kept on the phone by default and only accessed and analyzed when absolutely needed for Covid-19 intervention. Upon registration, each user is assigned a unique, anonymous and randomized digital identity (DID). All future interactions between two devices with the app installed and between the device and the server is done using this DID only, and no personal information is exchanged. The Bluetooth signature of interaction (DID, time, proximity, location and duration) is securely encrypted using the native keychain of the operating system and stored on the phone itself. Unless you turn Covid-19 positive, this information is never accessed and permanently deleted from the phone in 30 days.

It is only if you turn Covid-19 positive, that your contact tracing data is uploaded (anonymised and encrypted) to the server and the risk that you have infected the people you have met in last 14 days is calculated. Of the 96 million Aarogya Setu users, we have, so far, fetched contact tracing data of only 10,000+ users who tested Covid-19 positive – less than 0.1% of all the Aarogya Setu users.

The app does not use location for contact tracing. It requests for location for very specific purposes: during the time of registration (pushed to the server) to analyze the penetration of the App across India; captured as part of Bluetooth interaction (stored on the device and deleted in 30 days, unless the user turns Covid-19 positive) and as part of self-assessment data (pushed to the server). The location information is not used on an individual level and is aggregated to identify hotspots – for proactive testing and sanitation of these locations. The app does not continuously monitor any user’s location.

Any contact tracing and location information that might have been uploaded to the server is permanently deleted 45 days from the date of upload if you have not tested positive for Covid-19 within that period of time. If you have tested positive, all contact tracing and location information pertaining to you is permanently deleted from the server 60 days after you are declared cured of Covid-19.

Aarogya Setu is a temporary solution to a temporary problem. As such, no data related to Covid-19 will be retained in any manner post the pandemic.

Smartphone penetration in India is only 30%. Even if all Indians were to download the app it may not reach critical mass. Oxford experts say that it can only be effective if 60% or more of the population has the app. How can then this be an effective tool for checking the spread of the disease?


Aarogya Setu has been providing incredibly valuable insights at the current adoption. The intelligence from this app will get even better with more adoption, and hence we are requesting all of Indian smartphone users (~ 450 million) to install the app and join in our combined fight against Covid-19. To increase the penetration, we are also launching the app for a large set of feature phone users – ~ 125 million users Jio phone users. Building an app for these phones, which uses KaiOS, is a tough engineering problem which we have solved. Furthermore, we have launched a toll-free IVRS system (1921) available for all of India to submit their health conditions and receive curated Covid-19 related health advisory.

The app depends on self-reporting. ICMR says 69% of the patients are asymptomatic, so people may be unaware of their Covid status. People may choose not to reveal their Covid status out of fear of stigma. How effective can an app be in such a case?

The app doesn’t depend on self-reporting. The backend of the app is integrated with ICMR database through an API, and information about patients who have tested Covid-19 positive is received in real-time. It is this ICMR database which is the source from which the app receives information about all Covid-19 positive cases. Once the Aarogya Setu engine receives an alert about a new case, contact tracing is run for that user and the risk of infection of all people who have come in contact with this user is calculated. The health authorities are informed of all the users that need medical interventions. The core offering of the app thus is contact tracing.

The self-assessment test in the app, based on ICMR guidelines, is for users to self-report symptoms so that the likelihood of Covid-19 infection can be evaluated and proactive medical help provided. For the users who have self-declared themselves as unwell, we have proactively reached out to them, and through two-stage triaging and tele-consultation by medical staff, suitable recommendations have been communicated.

Ethical hacker Eliot Alderson has revealed that he could hack the app and ‘see’ who was infected including people in the PMO and home ministry. What is your response? Can Aarogya Setu be hacked and if yes, have you been able to fix the problem?

The app has gone through rigorous security testing before launch, which included evaluation by IIT Madras and by a large tech audit firm as well. The beta version was widely distributed to ethical hackers and feedback was suitably incorporated. We continue to do security vulnerability testing before every release. The team is extremely mindful about security and privacy vulnerabilities, and we continuously test and upgrade our systems.

The recent claims about data breach are inaccurate. All the information that this hacker claims has been “leaked” is already public for all locations and hence does not compromise any personal or sensitive data. No personal information of any user has been proven to be at risk. No data or security breach has been identified, and we assure our users that we will proactively thwart any such attempts in the future.

There are a host of technical issues that have been highlighted like data leaks through Bluetooth and effectiveness if the phone is in a bag or a pocket. What is your response.


The smartphone user base in India is extremely diverse – low-end sub-Rs 5,000 phones all the way to the flagship Apple and Samsung phones. Before release, we had tested the app across more than 30 smartphone models and continue to do so. Effectiveness of the app and reliability across multiple parameters, even when the app is running in the background, has been extensively tested and verified.

We haven’t seen any instance of Bluetooth data leaks and are confident that we have no such vulnerabilities.

In addition, The Aarogya Setu app uses Bluetooth Low Energy, a variant that has negligible battery drain. In addition we are continuously working on improving device efficiency and will roll out these features in future updates.

.

[ad_2]