Did Indian govt really put Covid-19 tracing Aarogya Setu code on Github?
Another controversy to the fore
Right from the day Indian government launched Aarogya Setu, the app to trace Covid-19 cases in the country, it has been bedevilled by a plethora of issues.
Most of them pertained to the safety and security of the users' details. There was also phishing allegation against the app.
And then it was alleged to be a surveillance app.
Privacy-conscious citizens and security researchers claimed that the app collects a lot more data than is required to trace contacts, and its code was opaque and proprietary.
Even amidst this, the app logged in huge numbers in downloads --- as of now it has had over 10 crore installs on Google Play Store.
- How effective is India’s Aarogya Setu app in Covid-19 detections?
- Indian govt. softens new Aarogya Setu guidelines
- All smartphones need to have Aarogya Setu app
So, in a bid to put an end to all the controversies, the government put the source code of the app on Github.
Amitabh Kant, chief executive of NITI Aayog, a government-led policy think tank that collaborated with the federal ministries to build the app, had said all subsequent updates on it would now be made via open-source through the Github repository. Also the code base for iOS and KaiOS (for JioPhone) would be made open source soon.
Get daily insight, inspiration and deals in your inbox
Sign up for breaking news, reviews, opinion, top tech deals, and more.
Open-sourcing #AarogyaSetu is a unique feat for India. No other Government product anywhere in the world has been open-sourced at this scale: #NITIAayog CEO @amitabhk87 pic.twitter.com/3nmuxkd6WyMay 26, 2020
But Is it really open?
Now, the experts and domain analysts who went through the code have a different, and a major, complaint.
They allege that the code shared in Github is not open source.
According to a Twitter thread by Kiran Jonnalagadda, the co-founder of HasGeek, what is available in Github is just "some random code to keep the public distracted."
In his twitter thread, Jonnalagadda claims, "While the released code may indeed be for *some* version of Aarogya Setu:
1. It is not the version you're using. We have no idea what is different.
2. Developers are ignoring reports of serious vulnerabilities.
3. Actual development is elsewhere in a closed source repo."
⚠️ Aarogya Setu is not open source. We got a press release and some random code to keep the public distracted. The released code is not for the app that everyone is using. ⚠️ https://t.co/dctoFKCpPSMay 31, 2020
Merge history of @SetuAarogya in last 3 days. Is the app dead? Or is this a toy / fake repo like @asdofindia claims? Also, note that the developers have not responded to multiple CVE reports on issues. #AarogyaSetuApp - Dumping code on @github alone isn't OSS.#MissingDevelopers pic.twitter.com/p2UmI3JelKMay 31, 2020
Openwashing?
Now Aarogya Setu app handlers are accused of indulging in 'openwashing'.
Openwashing is defined as having an appearance of open-source and open-licensing for marketing purposes, while continuing proprietary practices.
The government is yet to respond to the latest round of controversy surrounding Aarogya Setu.