Did Indian govt really put Covid-19 tracing Aarogya Setu code on Github?

aarogya setu app
(Image credit: National Informatics Centre)

Right from the day Indian government launched Aarogya Setu, the app to trace Covid-19 cases in the country, it has been bedevilled by a plethora of issues.

Most of them pertained to the safety and security of the users' details. There was also phishing allegation against the app.

And then it was alleged to be a surveillance app.

Privacy-conscious citizens and security researchers claimed that the app collects a lot more data than is required to trace contacts, and its code was opaque and proprietary.

Even amidst this, the app logged in huge numbers in downloads --- as of now it has had over 10 crore installs on Google Play Store.

So, in a bid to put an end to all the controversies, the government put the source code of the app on Github.

Amitabh Kant, chief executive of NITI Aayog, a government-led policy think tank that collaborated with the federal ministries to build the app, had said all subsequent updates on it would now be made via open-source through the Github repository. Also the code base for iOS and KaiOS (for JioPhone) would be made open source soon.

But Is it really open?

Now, the experts and domain analysts who went through the code have a different, and a major, complaint.

They allege that the code shared in Github is not open source.

According to a Twitter thread by Kiran Jonnalagadda, the co-founder of HasGeek, what is available in Github is just "some random code to keep the public distracted."

In his twitter thread, Jonnalagadda claims, "While the released code may indeed be for *some* version of Aarogya Setu:

1. It is not the version you're using. We have no idea what is different.

2. Developers are ignoring reports of serious vulnerabilities.

3. Actual development is elsewhere in a closed source repo."

Openwashing?

Now Aarogya Setu app handlers are accused of indulging in 'openwashing'. 

Openwashing is defined as having an appearance of open-source and open-licensing for marketing purposes, while continuing proprietary practices.

The government is yet to respond to the latest round of controversy surrounding Aarogya Setu.