Team-BHP > Shifting gears

View Poll Results: Have you / are you going to install the Aarogya Setu app?
Yes, I already have or I will shortly 293 49.00%
No, I do not plan to 305 51.00%
Voters: 598. You may not vote on this poll

Thread Tools Search this Thread
Old 3rd May 2020, 19:49   #1
Senior - BHPian
itwasntme's Avatar
Join Date: May 2007
Posts: 3,959
Thanked: 4,069 Times
Default The Aarogya Setu App : Yes or No?

This poll is to assess how many TBHPian's reaction to the Aarogya Setu app. Have you already / are you going to install it?

If yes, why? If not, why?

I voted yes. Reasons:

1. Cannot enter my workplace without it
2. Feel it is worthwhile given the volatile scenario
3. Already share my life with Amazon, Google and Facebook (via WhatsApp)

Last edited by Gannu_1 : 3rd May 2020 at 21:53. Reason: Back to back posts merged.
itwasntme is online now   (10) Thanks
Old 3rd May 2020, 19:54   #2
v.anand's Avatar
Join Date: Sep 2009
Location: Bangalore
Posts: 326
Thanked: 40 Times
Default re: The Aarogya Setu App : Yes or No?

I voted 'Yes' since it acts as an effective digital census to the Government and protection to self. A lot of thought has gone behind this initiative, which other countries are now copying from India.
v.anand is offline   (1) Thanks
Old 3rd May 2020, 20:07   #3
Senior - BHPian
harry10's Avatar
Join Date: Jul 2008
Location: Faridabad/Delhi
Posts: 2,373
Thanked: 985 Times
Default re: The Aarogya Setu App : Yes or No?

Voted yes.
There are privacy concerns of course. However, the current situation demands to get the information from app. Will delete it as and when Corona situation is dealt with.
harry10 is online now   (1) Thanks
Old 3rd May 2020, 20:25   #4
rajivr1612's Avatar
Join Date: Dec 2012
Location: Chennai
Posts: 422
Thanked: 344 Times
Default re: The Aarogya Setu App : Yes or No?

Voted Yes for the benefits it offers to the public and government. Regarding privacy issues, once this pandemic is under control, our legal system will take care of it.
rajivr1612 is offline   (1) Thanks
Old 3rd May 2020, 21:01   #5
Join Date: Aug 2014
Location: DEL, SFO
Posts: 479
Thanked: 1,096 Times
Default re: The Aarogya Setu App : Yes or No?

Voted no. I currently don’t see any need for it and don’t want to share needless data with the government. If ever I am forced to use it, I will download it, use it and uninstall it immediately. Knowing how many covid patients are near me is useless. As it is, we have to follow basic social distancing precautions regardless of what the app shows. If 1 or 10 or 100 people have contracted the virus in an area, it doesn’t impact me at all as the known patients are likely to be quarantined and not working in establishments. By the time the virus has spread like New York where one has to be more careful, I am sure we would have read about in on the news and won’t learn it from this app.
Lobogris is offline   (49) Thanks
Old 3rd May 2020, 21:06   #6
Senior - BHPian
msdivy's Avatar
Join Date: Aug 2006
Location: Bangalore
Posts: 1,641
Thanked: 1,737 Times
Default re: The Aarogya Setu App : Yes or No?

I have installed the app. It requires location & Bluetooth to be on always. I keep those two off always. So this doesn't work me & planning to uninstall.

For a few days I have used it with location & Bluetooth on. I have met the delivery guys, shopkeepers but the app doesn't seem to do much. I can't see who I met.

If the app is able to figure out who I met & inform me, it will be useful. Otherwise not much use to me.
msdivy is offline   (5) Thanks
Old 3rd May 2020, 21:07   #7
theMandarin's Avatar
Join Date: Jan 2016
Location: Vormir
Posts: 83
Thanked: 309 Times
Default re: The Aarogya Setu App : Yes or No?

A couple of things to ponder over when you decide :
  • Such an initiative where you are using your personal asset should be voluntary
  • Similar initiatives which have been started by other countries(which was probably an inspiration for our app) are a lot more transparent in their scope and the governments have made an effort to assuage their citizens that its not going to be a permanent feature in their lives after the pandemic has been handled
  • Other implementations are a lot more minimal by design where the app is relying on Bluetooth rather than the more focused use of GPS. Apps used by Singapore and the joint initiative by Apple & Google are prominent examples which proves such a design is feasible. Privacy-Preserving Contact Tracing
  • Many among us would be comfortable in using it until the pandemic situation subsides, but it is debatable whether the authorities will drop the app later on considering the reach that would have been established in the coming weeks in terms of the installed base. It is a different matter if the Govt. clearly comes out and states a defined shelf life for the app
  • While the app was confirmed to be a voluntary initiative initially, it is now becoming a mandatory feature (e.g. it is now mandatory for all public/private employees working at any level/capacity). This can become more and more overarching by the addition of features such as a pass system and more in the coming months
  • The more skeptical among us may have concerns about the legitimate usage of this data for only handling the pandemic because of recent events(Government clears policy to sell vehicle registration data)
  • Other apps such as FB/Google maybe equally or even more invasive but knowledgeable/conscious users can choose not to use them. Even for those who are not as concerned about the privacy aspect, access to data on these platforms is governed by specific laws and legal mechanisms (e.g. a court ordered data extraction request).
  • Going by the prevailing state of paranoia about this disease, the scope of this app is likely to extend beyond being a personal reference tool to a gate pass for different activities (malls, public transport, gated communities, local shops)
  • Furthermore, the rules have already made its usage mandatory in specific scenarios without considering people who do not own a compatible device and therefore might end up being excluded(e.g. how does a person who has been hanging on to their old Windows Phone or a basic phone enter their workplace?. I wouldn't want to be on the other end convincing a police officer why my old Blackberry cant run this app.) It is irrelevant how small this group of people may be, an official policy should be inclusive from the start or at the very least, should not be forced when such outliers exist.

I’d further urge everyone to go through the following resource which offers an interesting perspective:
Is Aarogya Setu privacy-first?
For A Billion Indians, The Government’s Voluntary Contact Tracing App Might Actually Be Mandatory

You may not have anything to hide but that doesn’t mean you don’t draw the curtains in your house.

Last edited by theMandarin : 3rd May 2020 at 21:11. Reason: typos
theMandarin is online now   (40) Thanks
Old 3rd May 2020, 21:21   #8
Senior - BHPian
humyum's Avatar
Join Date: Feb 2006
Location: Mumbai
Posts: 2,526
Thanked: 3,421 Times
Default re: The Aarogya Setu App : Yes or No?

I voted No, I don't trust this government and I will not install it.
humyum is offline   (62) Thanks
Old 3rd May 2020, 21:23   #9
Senior - BHPian
Join Date: Jul 2008
Location: Bangalore
Posts: 2,090
Thanked: 608 Times
Default re: The Aarogya Setu App : Yes or No?

Originally Posted by msdivy View Post
If the app is able to figure out who I met & inform me, it will be useful. Otherwise not much use to me.
As per updated description in latest version of app they generate an anonymous id using one way hash function. And this is used to generate social graph. So you won't know whome you met but just that the person whome you met was positive or not and if the place you visited was earlier visited by some positive person.

This is to protect the privacy.

So far so good the question arises how the app is updated to know if person is corona-positive ?

I presume if one is corona positive the authorities may put phone number in some sort of RED list on a server and this server will ping the app to update the status and inform people in social graph of that phone number.

What I am not clear is how the cases such as multiple phone numbers or using SIM cards of family members , or corona positive people leaving phone at home and roaming around etc will be dealt with.

However as no such system can be foolproof until and unless they are putting some sort of BT enabled ankle tags which person can not cut himself off like done in few countries.

The app can be only a good supplementary device with above restrictions.
amitk26 is offline   (4) Thanks
Old 3rd May 2020, 21:43   #10
Distinguished - BHPian
Hayek's Avatar
Join Date: Jul 2011
Location: Bombay
Posts: 1,086
Thanked: 4,669 Times
Default re: The Aarogya Setu App : Yes or No?

I am not a privacy freak (happy to share the locations of my runs publicly on Strava) but I don’t trust Arogya Setu. Why? While I am not a tech expert, a friend who is into Infosec gave me a 5 minute lecture (and he could have gone on for hours) on why it’s architecture was very unsafe compared to similar apps in Singapore or the app that Google and Apple are collaborating to build.

For the foreseeable future, I will be working from home - so this won’t be necessary. If it becomes compulsory, I may look at the possibility of downloading it on a supplemental phone that I will use only while going to work or to places which require that app. I may not have reacted so vehemently under normal circumstances, but the bullying tone of the GOI’s circular yesterday has pushed me in that direction.
Hayek is online now   (40) Thanks
Old 3rd May 2020, 21:45   #11
Join Date: Jun 2012
Location: Gurgaon
Posts: 128
Thanked: 217 Times
Default re: The Aarogya Setu App : Yes or No?

I voted no and there are many reasons

(1)The effeteness of the app and similar apps is not proven yet . I would have been more comfortable if the app was built by tech companies like Google/Facebook/Apple because there may be many security loopholes which may be exploited .

(2) It may wrongly send you to quarantine as reported below.

A Mumbai resident, who was moved to a quarantine facility despite an absence of symptoms or medical history, based on an alert generated by the Aarogya Setu App has tested negative and was released from quarantine on Sunday, 19 April.

(3) It will become tool for future governments to spy on its citizens if valid concern are not raised now.
born_free is offline   (18) Thanks
Old 3rd May 2020, 21:59   #12
Distinguished - BHPian
Sahil's Avatar
Join Date: May 2004
Location: Bombay
Posts: 5,726
Thanked: 4,019 Times
Default re: The Aarogya Setu App : Yes or No?

An analysis of the app by Defensive Lab Agency, a Paris-based cybersecurity consultancy, offers disturbing insights: The app gathers a user’s identity, tracks their movement in realtime, and also continuously checks if other people who have downloaded the app are in the proximity of the user.

This allows Aarogya Setu to create a social graph of a user by tracking everyone they have been close to. Combining this data with existing government databases — many of which are already seeded with the mobile numbers of citizens — can significantly expand the government’s powers of surveillance, privacy experts said.

Last edited by GTO : 4th May 2020 at 08:23. Reason: Please always add an excerpt for external links :)
Sahil is offline   (6) Thanks
Old 3rd May 2020, 22:28   #13
Join Date: May 2014
Location: Pune
Posts: 77
Thanked: 149 Times
Default re: The Aarogya Setu App : Yes or No?

Voted for yes.
I have installed the app, but have permissioned gps access only when in use. I plan to start the app when I am moving out. Will uninstall it once we get passed covid -19 situation.
INJAXN is online now   (1) Thanks
Old 3rd May 2020, 22:39   #14
Senior - BHPian
pjbiju's Avatar
Join Date: Apr 2006
Location: Pune
Posts: 1,216
Thanked: 662 Times
Default re: The Aarogya Setu App : Yes or No?

I have installed it and used it a couple of times by turning on the bluetooth and location services. But in my opinion, it is a very poorly designed app that gives me very little useful information. I do not mind it tracking my location etc. if it would have provided me some useful information like:
  1. If it could color code my location (green, orange or red) based on the number of +ve tested patients that are present in that area or had visited the place I am currently at e.g. a shop. It should warn me to be careful if I am moving to an area that is risk prone.
  2. If it was integrated with the state level information (daily updates for my ward/locality)
  3. If it had utilities like applying for a travel permit etc. as per my state of residence
  4. If it had the relevant healthcare contact details for my locality in case of COVID-19 like symptoms
  5. If it had information about clinics/hospitals available and open for non-COVID related treatment
  6. It should have had an option to see the content in at least most of the major languages spoken in India.

There are a lot more information that could have been made available but unfortunately it is not there. Does it help the government? I have no idea since they have not come forth with any information related to this. And the government had plenty of time since the first case was reported sometime in January in Kerala.

Last edited by pjbiju : 3rd May 2020 at 22:43.
pjbiju is offline   (8) Thanks
Old 3rd May 2020, 23:00   #15
bj96's Avatar
Join Date: Dec 2008
Location: Pune
Posts: 851
Thanked: 604 Times
Default Re: India on full lockdown. Edit: Now further extended till May 17, 2020

Originally Posted by mohansrides View Post
...given a choice, I think that I respectfully won't. Constantly looking at the risk next ....
Very rightly said, Sir. By profession I am a cyber security architect with a leading US company. Before this I was a lead development engineer for a network security appliance used by fortune 100 enterprise. I also hold a US patent in data security. Why I would not like to install this app:

1. It is basically a location tracking app. I don’t know what level of testing it has gone through different versions of OS (android/iOS) and hardware combinations. I also don’t know what permissions it ask before installing or running successfully. Location tracking apps are usually power hungry and precise location demand can drain battery very fast due to constant gps fix.

2. My experiences with other govt portal (except Incometax) and apps like mParivahan App, digilocker and most recently Pune’s eGov portal has not been good. I was able to crash these apps And portals revealing juicy details. As is norm in ethical hacking community, I have notified them with proper disclosure on the email addresses mentioned. Some of the issues are still not fixed.

3. Any client app which needs a persistent network communication with server provides significant attack surface and easy attack vectors for a motivated attacker to abuse the app or compromise it’s integrity and use as a vehicle to inject advance threats. I don’t know what level of penetration or other testing it has gone through considering how hurriedly it has been rolled out.

4. Disclosing security vulnerabilities and dealing with govt agencies is a PITA. Also, there won’t be any possibility for reward or recognition for such disclosures from govt agencies. Hence, such apps may not get enough attention from ethical hackers community leaving undetected zero day exploits.

5. Being a govt sponsored app, there will be enemy state sponsored hackers in constant pursuit to break it. They may succeed but we may not even know of the breach until a long time.

We are going off-topic. In a nutshell I am not confident about security posture of this app. Hence purely on technical reasons I will stay away.


Last edited by bj96 : 3rd May 2020 at 23:27. Reason: Improve sentence
bj96 is offline   (63) Thanks

Most Viewed
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Copyright 2000 - 2020,
Proudly powered by E2E Networks