Elliot Alderson (pseudonym) writes:
In order to fight Covid19, the Indian government released a mobile contact tracing application called Aarogya Setu. This application is available on the PlayStore and 90 million Indians already installed it.
This application is currently getting a lot of attention in India. In Noida, if people doesn’t have the app installed on their phone, a person can be imprisoned up to 6 months or fined up to Rs 1000.
Alderson started evaluating the app and its security and was concerned by what he found. And then he was not happy with the developers’ response to his criticisms and concerns.
Read his full article on Medium. To his credit, he did not accept their answers and pursued his disclosure to make more people aware of the privacy and data security risks. As a result of his efforts, some of the concerns have been addressed. But had he not had the skills and guts to pursue the disclosure, this would not have happened.