The Indian Express reports what may be only opening salvos in this story:
The Twitter handle of Aaroga Setu said they were alerted “by an ethical hacker of a potential security issue in the app”, which they discussed with him, but “no personal information of any user has been proven to be at risk”.
The official handle of Aarogya Setu, the contact-tracing app developed by the National Informatics Centre (NIC) under the Ministry of Electronics and Information Technology, asserted late on Tuesday that “no data or security breach had been identified” in the app.
The reply seemingly came in response to a tweet by Elliot Alderson, a French security researcher, earlier in the day, who claimed: “Hi @SetuAarogya, A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private? Regards. PS: Rahul Gandhi was right.”
Read more on The Indian Express.
Note: For the benefit of those who didn’t follow the “Mr. Robot” television series, “Elliot Alderson” is the name of a character in that series. It is not the real name of the French researcher involved.