Indian Government now offering Rs 4 lakh to users who can find flaws and vulnerabilities in Aarogya Setu app

By Digit NewsDesk | Published on 30 May 2020
Indian Government now offering Rs 4 lakh to users who can find flaws and vulnerabilities in Aarogya Setu app

Researchers and experts can now win Rs 4 lakh by finding bugs and vulnerabilities in Aarogya Setu.

This was tweeted out by the Indian government.

There a few guidelines to follow


Access Open Source Technology

Innovate w/ IBM and Discover New Open Source Technology Today. Learn More.

Click here to know more

If you’re a hacker or someone who knows coding in regards to apps can now help find bugs in India’s own contact-tracing app Aarogya Setu. In a tweet that was published bu the government, researchers and experts who have the technical knowledge regarding apps are being offered Rs 4 lakhs to help find bugs and issues with Arryoga Setu. This bug bounty is open to all comers including people on Aarogya Setu. The government says, “Everyone, including researchers and users of Aarogya Setu, are encouraged to report any vulnerability impacting the privacy and information security posture of Aarogya Setu application.”

A few weeks ago, French security researcher Robert Baptiste who goes by the pseudonym Elliot Alderson (a character from the TV show Mr Robot) posted a tweet saying that Aarogya Setu has a few flaws that may lead to a leak in the information collected. After that kerfluffle, the government has now decided to make Aarogya Setu open source. This essentially means that anyone can now inspect and check the source code for the app and make necessary changes where they see fit. This was a necessary move for the government as the public backlash getting worse. 

Researchers who do find bugs in the app will be asked to responsibly disclose those vulnerabilities and even get paid for it. The government has also laid down a few guidelines for people to follow. Basically, the reported vulnerability should only be present in the Aarogya Setu app or its source code or back-end server. They further added that the bug or vulnerability should be able to be exploited by “an unrooted phone running a version of Android supported by Aarogya Setu, with ADB Disabled and with all default Android security features in place.”

In other Aaryoga Setu news, the app is now mandatory for people who are flying. You can read more about that here. There has been a new contact-tracing app called SwissCovid which is based on Google and Apple’s UPI as well, you can check out how it compares to our own Aarogya Setu app here

Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry. Protection Status