French hacker Robert Baptiste, who goes by Elliot Alderson on Twitter, has claimed that there are security issues with the government’s contact tracing app, Aarogya Setu. “A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private?" the hacker wrote on Twitter tagging the official account of the app.
In a postscript on his tweet, the hacker added that Rahul Gandhi was right. The Congress MP had called the app a “sophisticated surveillance system" and said it raised “serious data security and privacy concerns", on May 2 via Twitter. On the same day, Baptiste sent out a tweet saying, “Rahul Gandhi tweeted about the Arogya app. I guess I’m forced to look at it now."
Baptiste also confirmed that both the Indian Computer Emergency Response Team (CERT-In) and the National Informatics Centre (NIC) got in touch with him 49 minutes after his initial tweet. Sources at Niti Aayog said that they will be putting up an official statement about Baptiste’s concerns soon.
The hacker has been in the news earlier for exposing flaws in the Indian government’s mAdhaar app earlier. He found that developers of the app were saving users’ biometric information in a database that could be easily breached. He was also amongst many hackers who breached Telecom Regulatory Authority of India (TRAI) chief R.S. Sharma’s personal information after Sharma put his Aadhaar number on Twitter asking people to show “one concrete example" where harm could be done to him.
Aarogya Setu was launched by the Indian government on April 2 as the official app to help with contact tracing efforts. The app has been promoted by Prime Minister Narendra Modi himself and has been downloaded over 9 crore times already. It also holds the record for the fastest any app has reached a 50 million download base, which it reached only 13 days after the launch.
The government has recently made the app mandatory for individuals in containment zones for covid-19, and for all government officials. Many companies have also made the app mandatory for their employees, including delivery services Zomato and Swiggy, who ask their rides to download the app.