Useful Android Apps

adsatinder

Plz Help Himabuj (Amit Tyagi) in Corona Fighting
Lockdown 3.0: Aarogya Setu App made mandatory in Containment Zones, government offices
Aarogya Setu App will have to be downloaded by all people living inside the Containment Zones


Covid 19,Coronavirus,Lockdown
District officials will have to determine if an area has to be declared a containment zone after considering several parameters.(HT Photo)Updated: May 01, 2020 22:37 IST
By HT Correspondent , Hindustan Times, New Delhi
The government, on Friday, made the Aarogya Setu App mandatory for people living in the coronavirus Containment Zones inside the 130 districts identified as the Red Zones. The government considers the App to be a handy coronavirus containment tool which can be used to assess the level of risk an individual is exposed to viz a viz Covid-19 infection. The App, developed by the ministry of electronics and information technology (MEITY), uses cell phone tracking technology to put individuals in low-risk, moderate and high-risk categories by tracing if the person came in contact with a virus-infected patient or a person suspected to be infected.
The government notification released on May 1, which announced the extension of the national lockdown by another two weeks beginning May 4, divides the 733 districts across the country into three zones—Red, Orange and Green—based on the risk of further spread of the virus and specifies graded restrictions for each of the zones. Most restrictions apply to Red Zones that house Containment Zones or virus hotspots, which have to face the maximum restrictions including on movement outside one’s home.
“The most sensitive areas of the country, from the spread of COVID-19 point of view, and falling within the Red and Orange Zones, are designated as Containment Zones. These are areas where there is a significant risk of spread of the infection.,” says the government notification.
The compulsory use of Aarogya Setu application will help the authorities monitor the status of each individual in the containment zone from a distance and will allow it to take necessary and timely action including quarantining or home isolation of suspected cases, if necessary.

“The local authority shall ensure 100% coverage of Aarogya Setu app among the residents of the Containment Zone,” the latest government guidelines state.
It also makes it clear that the Containment Zones would see the implementation of additional surveillance protocols including contact tracing, house to house surveillance and home or institutional quarantining.
“Strict perimeter control would need to be ensured, so that there is no movement of people in and out of these Zones, except for medical emergencies, and for maintaining the supply of essential goods and services. No other activity is permitted within the Containment Zones,” the latest notification says.

It adds that the containment areas would be defined by respective district administrations taking into account the total number of active cases, their geographical spread, and the need for well-demarcated perimeters for the enforcement of containment measures, says the government.
ALSO READ: Red Zone classification with the list of activities permitted and prohibited during Lockdown 3.0
The application in Containment Zone is the second instance of the government’s use of the Aarogya Setu App as a necessary containment tool. Earlier, a news agency reported that it had instructed all government staff to download the App and check their risk status every day before reporting to work. They were advised to not report to work if the App indicates that they are in the moderate or the high-risk category.

For Coronavirus Live Updates
The App will continue to play an important role in the containment efforts as all government offices will resume work from May 4 with limited manpower—up to 33% of the total strength, barring senior officials who will be required to be present in full strength.



 
Last edited:

adsatinder

Plz Help Himabuj (Amit Tyagi) in Corona Fighting
Making Aarogya Setu app mandatory can lead to legal challenges: Experts

Around 45 organisations and more than 100 individuals on Saturday wrote to Prime Minister Narendra Modi, home minister Amit Shah and IT minister Ravi Shankar Prasad against the mandatory use of the Aarogya Setu app for workers in both private and public workplaces.

[https://m]Eight crore people, including almost all government officials had downloaded the Aarogya Setu app till Friday.(ANI PHOTO.)Updated: May 02, 2020 23:24 IST

By Neeraj Chauhan and Amrita Madhukalya | Edited by Sohini Sarkar , Hindustan Times, New Delhi

The Government’s move to make Aarogya Setu application mandatory for everyone, particularly for private companies and individuals, may have legal complications and misuse of its data for monitoring activities other than Covid-19 cannot be ruled out, according to experts.

Pavan Duggal, one of the top cyber law experts in the country, told HT that – “First of all, the intention of the government to do contract tracing through Aarogya Setu app is indeed noble. However, there is no law passed by the Parliament authorizing the creation and making mandatory of this app which is in contravention of the Information Technology Act, 2000 and Act and rules and regulations. So, while it could be used as an emergency measure (in this case for tracing Covid-19 patients), it could open up a Pandora ’s Box of legal challenges for the government.”

Duggal pointed out that when this application was launched, it had uploaded both terms and conditions and privacy policy, but now terms and conditions that stated that ‘government won’t be responsible for any unauthorized leakage of data’ have been removed, at least from Apple store.


“The privacy policy also doesn’t give any clarity on how secure your data is. There is no mention of any cyber security parameters and it doesn’t explain how it complies with the IT Act 2000 and IT Rules 2011. The app still doesn’t tell us who all might be able to access my data in terms of governmental agencies. So, the chances of this data being used for monitoring people cannot be ruled out,” he added.

Tarun Wig, co-founder of Innefu - data analytics and cyber security company, said “Aarogya Setu app can definitely be made a little less intrusive but I personally feel that in such times, privacy can somewhat take a back seat.”

Around 45 organisations and more than 100 individuals on Saturday wrote to Prime Minister Narendra Modi, home minister Amit Shah and IT minister Ravi Shankar Prasad against the mandatory use of the Aarogya Setu app for workers in both private and public workplaces, as mentioned in the ministry of home affairs order.

“While the government initially claimed that the use of Aarogya Setu would be purely voluntary, downloading the app was soon made mandatory for all Central Armed Police Forces personnel and employees of Prasar Bharati,” the letter signed by the groups stated. The move could also violate privacy laws as well as the Puttaswamy privacy judgement, the letter says.

The government representative, however, denied that there were privacy issues.

Abhishek Singh of MyGov termed the concerns as non-issues and said that the app is mandatory only till the pandemic exists. “Till the epidemic law is in force, only those who are travelling to offices will have to download the app. Once the epidemic is over, a user can delete the app,” Singh said.

He said that due to demand from all quarters to open business, which brings in the possibility of contamination, offices were asked to ensure that the app is downloaded. “Commercial organisations have not raised the issue, neither have industry bodies like FICCI, ASSOCHAM or NASSCOM,” said Singh.

Congress leader Rahul Gandhi too called the app intrusive. He tweeted – “The Aarogya Setu app is a sophisticated surveillance system, outsourced to a private operator, with no institutional oversight -- raising serious data security and privacy concerns. Technology can help keep us safe; but fear must not be leveraged to track citizens without their consent.”

In a directive issued on Friday as part of the third phase of lockdown, which begins from Monday with graded easing of curbs, the ministry of home affairs (MHA) stated that “use of Aarogya app shall be made mandatory for all employees, both public and private” and that “head of the respective organizations to ensure 100% coverage of this app among the employees”.

For containment zones, which are high risk areas sealed in a particular district, the local authorities have been asked to ensure 100% coverage of the app among all residents.

The government order states that anybody violating the latest guidelines could face action invoking the Disaster Management Act and Indian Penal Code.

Eight crore people, including almost all government officials had downloaded the government app till Friday.





 
Last edited:

adsatinder

Plz Help Himabuj (Amit Tyagi) in Corona Fighting
To track citizens’: Rahul Gandhi on compulsory use of Aarogya Setu app

The government, on Friday, made the Aarogya Setu App mandatory for people living in the coronavirus Containment Zones inside the 130 districts identified as the Red Zones

[https://m]Congress leader Rahul Gandhi. (PTI photo)Updated: May 02, 2020 20:53 IST

By Edited by Ashutosh Tripathi , Hindustan Times, New Delhi

Former Congress president Rahul Gandhi on Saturday said the compulsory use of the Aarogya Setu app, with no institutional checks, is bound to raise data and privacy concerns for the citizens. He added it is akin to spying on citizens.

“The Arogya Setu app, is a sophisticated surveillance system, outsourced to a pvt operator, with no institutional oversight - raising serious data security & privacy concerns. Technology can help keep us safe; but fear must not be leveraged to track citizens without their consent,” tweeted Gandhi this evening.

Soon after the Congress leader’s tweet, IT minister Ravi Shankar Prasad, dismissing the snooping charge, underlined how the app helps protect people in their fight against the coronavirus.

“Daily a new lie. Aarogya Setu is a powerful companion which protects people. It has a robust data security architecture. Those who indulged in surveillance all their lives, won’t know how tech can be leveraged for good!,” tweeted the minister.

The government, on Friday, made the Aarogya Setu App mandatory for people living in the coronavirus Containment Zones inside the 130 districts identified as the Red Zones. The government considers the App to be a handy coronavirus containment tool which can be used to assess the level of risk an individual is exposed to vis-a-vis Covid-19 infection.

The App, developed by the ministry of electronics and information technology (MEITY), uses cell phone tracking technology to put individuals in low-risk, moderate and high-risk categories by tracing if the person came in contact with a virus-infected patient or a person suspected to be infected.

Around 45 organisations and more than 100 individuals on Saturday wrote to the Prime Minister Narendra Modi, home minister Amit Shah and IT minister Ravi Shankar Prasad against the mandatory use of the Aarogya Setu app for workers in both private and public workplaces.

“While the government initially claimed that the use of Aarogya Setu would be purely voluntary, downloading the app was soon made mandatory for all Central Armed Police Forces personnel and employees of Prasar Bharati,” the letter signed by the groups stated. The move could also violate privacy laws as well as the Puttaswamy privacy judgement, the letter says.

The government representative, however, denied that there were privacy issues.

Abhishek Singh of MyGov termed the concerns as non-issues and said that the app is mandatory only till the pandemic exists. “Till the epidemic law is in force, only those who are travelling to offices will have to download the app. Once the epidemic is over, a user can delete the app,” Singh said.

He said that due to demand from all quarters to open business, which brings in the possibility of contamination, offices were asked to ensure that the app is downloaded. “Commercial organisations have not raised the issue, neither have industry bodies like FICCI, ASSOCHAM or NASSCOM,” said Singh.



 

adsatinder

Plz Help Himabuj (Amit Tyagi) in Corona Fighting
Covid-19: How The Aarogya Setu App Handles Your Data BloombergQuintOpinion Anand Venkatanarayanan @iam_anandv Apr 17 2020, 12:46 PM Apr 17 2020, 1:40 PM Situational awareness is prized in difficult situations as being aware of the environment around and the threats and opportunities. Governments around the world use contact-tracing as a means to improve their situational awareness to manage the




 

adsatinder

Plz Help Himabuj (Amit Tyagi) in Corona Fighting
9 Crore User Data has Security Threat.


Govt 'thanks' French ethical hacker who flagged Aarogya Setu, but dismisses security concern

theprint.in

May 6, 2020 12:20 PM

[https://res]

A screenshot of the error message ethical hacker Elliot Alderson posted on Twitter

New Delhi: The Narendra Modi government Wednesday said no data or security breach has been identified in Aarogya Setu, after an ethical hacker raised concerns about a potential security issue in the app.

Aarogya Setu is the government’s mobile application, launched last month, to help in contact-tracing Covid-19 cases and disseminating medical advisories to users.

“Hi @SetuAarogya, A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private? Regards, PS: @RahulGandhi was right,” posted Elliot Alderson, a French hacker and cyber security expert.

In a series of tweets thereafter, he claimed that the National Informatics Centre (NIC) and the Indian Computer Emergency Response Team (ICERT), both government bodies, had contacted him and he had disclosed the issue to them. However, he said, he was waiting for a fix from their end and would disclose the issue if it was not fixed within a reasonable amount of time. He also posted a screenshot of an error page.

[https://pbs]

Elliot [email protected]

· 23h

Replying to @fs0c131y

After that, I will be ready to publish what I found [https://abs]

[https://pbs]

Elliot [email protected]

Is the app working on your side?

[https://pbs]

339

6:20 PM - May 5, 2020

Twitter Ads info and privacy

86 people are talking about this

Dismissing the claims, the government said “no personal information of any user has been proven to be at risk by this ethical hacker”.

“We are continuously testing and upgrading our systems. Team Aarogya Setu assures everyone that no data or security breach has been identified,” the government said through the app’s Twitter handle.

The use of the Aarogya Setu app, designed to warn a user if an infected person is in the vicinity, has been increasingly deployed to help track and limit the spread of Covid-19. The Centre on 4 May mandated that the app be downloaded on the phones of everyone stepping out or returning to offices from this week, while in Noida, not having the app is a punishable offence, with a jail term of up to six months.

What the government says

In a statement, the Aarogya Setu team released a point-by-point rebuttal to Alderson, who posted the document on his Twitter timeline as well.

In it, the government addressed concerns over the app fetching user location and privacy risk to user data among other issues. On location data, the statement clarified that it was design and this information is detailed in the app’s privacy policy.

The app fetches users’ location and stores on the server in a secure, encrypted, anonymised manner — at the time of registration, at the time of self assessment, when users submit their contact tracing data voluntary through the app or when it fetches the contact tracing data of users after they have turned Covid-19 positive, it added.

[https://pbs]

Aarogya Setu

@SetuAarogya

Statement from Team #AarogyaSetu on data security of the App.

[https://pbs]

14.3K

1:03 AM - May 6, 2020

Twitter Ads info and privacy

4,197 people are talking about this

On the issue that users can get Covid-19 stats displayed on the home screen by changing the radius and latitude-longitude using a script, Aarogya Setu said all this information is already public for all locations and hence does not compromise on any personal or sensitive data.

The government underscored that no personal information of any user was at risk and said they were continuously testing and upgrading their systems.

“We thank the ethical hacker on engaging with us. We encourage any users who identify a vulnerability to inform us immediately…,” it said.

Responding to Aarogya Setu’s clarification, Alderson tweeted: “Basically, you said ‘nothing to see here’. We will see. I will come back to you tomorrow.”

Alderson’s tweets created a flutter on Twitter, with several asking him questions about the alleged security issue. One Twitter user asked if Alderson believed the issue was intentional and done by design, to which he replied in the affirmative.

[https://pbs]

Elliot [email protected]

· 21h

Hi @SetuAarogya,

A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private?

Regards,

PS: @RahulGandhi was right

[https://pbs]

[email protected]

Do you believe it is intentional and by design?

425

9:25 PM - May 5, 2020

Twitter Ads info and privacy

77 people are talking about this

On 2 May, Rahul Gandhi had said the app was a sophisticated surveillance system, which has no institutional oversight, as he raised concerns over data security and privacy.

“Technology can help keep us safe; but fear must not be leveraged to track citizens without their consent,” he posted on Twitter.



 

adsatinder

Plz Help Himabuj (Amit Tyagi) in Corona Fighting
The story of a failure': French hacker finally publishes article on 'issues' in Modi govt's Aarogya Setu app

freepressjournal.in

May 6, 2020 9:56 PM

[https://res]

Aarogya Setu

Alderson begins his article by describing the situation of people in Noida. If people do not have this app installed on their phones, they can be imprisoned up to six months or fined up to Rs 1000.

He went on to explain that with no host validation, any potential attacker can access internal files of the app causing a potential breach in the privacy of a user.

According to Alderson, the app developers 'silently' fixed the aforementioned issue.

But the ethical hacker continued his analysis on a rooted device -- a device which is jailbroken -- but could not use the application due to security reasons.

He bypassed the root detection features by simply writing some codes and once he could access the app, he discovered the ability of the users to know how many people have self-assessed themselves in their area.

The radius of the area can be selected between 500m, 1km, 2kms, 5kms or 10kms.

With that said, Alderson concluded his 'findings' by revealing how any potential hacker can access a lot of information about:

#Number of infected people

#Number of unwell people

#Number of people declared as bluetooth positive

#Number of self assessment made around the hacker's area

#Number of people using the app around the hacker's area

"Thanks to this endpoint an attacker can know who is infected anywhere in India, in the area of his choice. I can know if my neighbour is sick for example. Sounds like a privacy issue for me," he wrote.

He went on to reveal the number of infected people in some areas. Check it out below:



 

adsatinder

Plz Help Himabuj (Amit Tyagi) in Corona Fighting
Radhika Kajarekar

15 hours ago

6 Months Jail For Not Installing Aarogya Setu App; Hacker Claims Security Issues In Aarogya App

[data:image/svg+xml;charset=utf-8,/trak.in/tags/business/2020/05/06/6-months-jail-for-not-installing-aarogya-setu-app-hacker-claims-security-issues-in-aarogya-app/amp/[/URL]
 

adsatinder

Plz Help Himabuj (Amit Tyagi) in Corona Fighting
Stop lying, denying': Ethical hacker lashes out at Indian govt for defending Aarogya Setu app

ibtimes.co.in

May 7, 2020 2:48 AM

Aarogya Setu app is being hailed for its benefits in combating the COVID-19 crisis in India through the contact tracing system. With 9 million+ installs and with the government mandating it on citizens, the user base is only going to grow. But there's also a rising concern related to the government's contact-tracing app, and recently a French ethical hacker said a security issue exists in the app.

Soon after the Robert Baptiste, who goes by Elliot Alderson, tweeted about the security lapse in Aarogya Setu app, the NIC and CERT India contacted the ethical hacker and after reviewing the technical report, the developers released a statement, which essentially said there was no privacy risk in the app. By then, Alderson hadn't shared the security issues in the app publicly and the way the Aarogya Setu app developers described it, everything was normal.

[https://res]

Aarogya Setu risks

Ethical hacker spills the beans

Alderson had said regardless of whether or not the issues were fixed, he would reveal them publicly. As promised, in a Medium blog post, Alderson explained everything that's worrisome with the app and asked the developers to "stop lying" and "denying."

Alderson summarised the issues with Aarogya Setu in three points:

It was totally possible to use a different radius than the 5 hardcoded values, so clearly they are lying on this point and they know that. They even admit that the default value is now 1km, so they did a change in production after my report.

The funny thing is they also admit a user can get the data for multiple locations. Thanks to triangulation, an attacker can get with a meter precision the health status of someone.

Bulk calls are possible, my man. I spent my day calling this endpoint and you know it too.

To further strengthen his claims, Alderson revealed some details extracted from the app, according to which 5 people felt unwell at the PMO office, 2 were unwell at the Indian Army Headquarters, 1 infected person at the Indian parliament, and 3 were infected at the Home Office.

[https://res]

Aarogya Setu appTwitter

Government's defense

The government defended the Aarogya Setu app and said it is foolproof. In response to the accusations of the ethical hacker, the government released a six-page document that highlights the measures taken to protect users' data, privacy, and security.

These measures include assigning each user with a unique randomized anonymous device ID used for communications between devices and the Aarogya Setu server, data is not stored permanently, location data is accessed only in case of a positive case, personal identity is hidden, and no security breach has been identified.



 

adsatinder

Plz Help Himabuj (Amit Tyagi) in Corona Fighting
Five in the PMO and two at Army HQ unwell on Tuesday, says ethical hacker from Europe

nationalheraldindia.com

May 6, 2020 6:38 PM

The French ethical hacker using the pseudonym Eliot Alderson was able to hack into the Arogya Setu App on Tuesday and find out how many, who and where were reporting symptoms

[https://res]

Photo courtesy- social media

“If you love your country @SetuArogya, publish the source code” said the French ethical hacker Eliot Alderson (pseudonym) on Wednesday after suggesting that the app had a security issue, which was denied by the Government and Arogya Setu team.

Alderson claimed that after he shared the issue with the Arogya Setu team, the latter had “quietly” fixed the issue before releasing a statement saying late on Tuesday that there was no issue with the app.

On Wednesday Alderson promised to write a technical report on the app and tweeted :

“I don't know why people are still asking what were the issues, everything is already public: 1) In the previous version of the app, an attacker was able to get the content of any internal file of the app, local database included.

2) Yesterday, an attacker was able to know who is infected, unwell and made a self-assessment in the area of his choice.

3) Basically, I was able to see if someone was sick at the PMO office or the Indian parliament. I was able to see if someone was sick in a specific house if I wanted.

These are the issues.

And yes, yesterday: * 5 people felt unwell at the PMO office * 2 unwell at the Indian Army Headquarters *1 infected people at the Indian Parliament * 3 infected at the Home Office Should I continue?

Earlier Alderson had addressed another message to the Arogya setu team:

“The source code of @SetuAarogya needs to be open source. When you ask (force) people to install an app, they have the right to know what the app is really doing. If you love your country @SetuAarogya, publish the source code.”

Singapore did it.

Israel did it.

Iceland did it.

DP^3T, the contact tracing protocol, did it.

[https://pbs]

Elliot [email protected]

I don't know why people are still asking what were the issues, everything is already public:
1) In the previous version of the app, an attacker was able to get the content of any internal file of the app, local database included.
2) Yesterday, an attacker was able to [..]

Elliot [email protected]

Replying to @fs0c131y

It can be considered as a security issue [https://abs]

[https://pbs]

3,662

4:46 PM - May 6, 2020

Twitter Ads info and privacy

1,964 people are talking about this





 

adsatinder

Plz Help Himabuj (Amit Tyagi) in Corona Fighting
Aarogya Setu team contacts hacker claiming security risk in India's flagship Covid app

republicworld.com

May 6, 2020 8:41 AM

The Centre on has issued a statement on data security of the Aarogya Setu App after a French hacker claimed that there are security issues with the application.

[https://res]

The Centre on Wednesday has issued a statement regarding data security of the Aarogya Setu App after a French hacker Robert Baptiste, who goes by Elliot Alderson on Twitter, claimed that there are security issues with the government’s flagship Covid contact tracing platform. In its statement, Aarogya Setu Team assured the citizens that no security or data breach has been identified, and thanked the 'Ethical hacker'.

'No data or security breach has been identified'

"No personal information of any user has been proven to be at risk by this ethical hacker. We are continuously testing and upgrading our systems. Team Aarogya Setu assures everyone that no data or security breach has been identified," the statement reads, adding technical details.

It added, "We thank this ethical hacker on engaging with us. We identify any users who identify a vulnerability to inform us immediately at [email protected]. Your continuous support will help us keep the App even more secure."

The statement also included a detailed clarification on the points of the 'app fetching user locations on a few occasions' and 'User can get the COVID-19 stats displayed on Home Screen by changing the radius and latitude-longitude using a script'. The hacker raised his concerns on these points during the conversation with the Aarogya Setu Team.

'Sophisticated surveillance system'

The hacker on Tuesday claimed that a security issue has been found in the app and added that Congress leader Rahul Gandhi 'was right' about the app. A few days ago, Rahul Gandhi had claimed that the Aarogya Setu mobile application, designed to help users to identify whether they are at risk of the COVID-19 infection and provides people with important information, including ways to avoid coronavirus and its symptoms, is a "sophisticated surveillance system". The hacker went on to claim that the lapse may have been by design.

Technology can help keep people safe, but fear must not be used to track citizens without their consent, the Congress chief had said.

Aarogya Setu was launched by the Indian government on April 2 as the official app to help with contact tracing efforts. The app has been promoted by Prime Minister Narendra Modi and other BJP leaders and has been downloaded over 9 crore times already. The Centre has recently made the app mandatory for individuals in containment zones for COVID-19, and for all government officials.




 
Top