opening-of-source-code-of-aarogya-setu-app

Context: the Ministry of Electronics and Information Technology(Meity) announced that it has released the source code of the Aarogya Setu app to promote transparency and collaboration with the software developer community.

More on news:

  • The IT ministry move came in the wake of demands from Cyber Law experts and critics who had said that the app was too closed in nature and without adequate protection measures.
  • The source code was released in line with its “Policy on Adoption of Open Source Software for Government of India”.

What does open-source software mean?

  • Software can be divided into two broad categories, proprietary and open source.
  • Any software that has to be bought or licensed from the creator of the software is called a proprietary or closed-source software.
    • Examples include Microsoft Windows, Google Earth and Adobe Photoshop. The intellectual property rights of the software, even if bought or licensed, remains with the creator.
  • Open-source software requires no licensing and need not be bought. 
    • Its source code is open for everyone to download, examine, redistribute, and improve upon if they can, with an acknowledgment to the original software coder or the company. 
    • Examples of such software are WordPress, VLC Media Player, and the Mozilla browser.

What are the concerns surrounding the app?

  • Contact tracing apps such as Aarogya Setu require continuous access to location history and Bluetooth. This, combined with the fact that they run on government servers, theoretically makes them tools that a government can use to track and monitor individuals.
  • Privacy advocates, experts and hackers have expressed their scepticism about this, although there is no proof yet that the government is using this data for surveillance purposes.

Why has the source code of Aarogya Setu been made public?

  • To promote transparency and ensure the security and integrity of the app. It will also help in assuaging the data privacy and security concerns surrounding the app.
  • When launching the, the IT ministry had explicitly mentioned in the terms of use that no one was allowed to reverse-engineer the app or alter with the coding of the app.
  • Critics questioned whether the app could be used for surveillance and go beyond its mandate of contact tracing. 
  • Cyberlaw experts and the software developer community called upon the government to allow reverse engineering and also publish the source code of the app so that it could be seen by anyone.

Does that address security and privacy concerns?

  • Too early to say: Now that the source code has been released, software developers from around the world will be able to go through the code and point out vulnerabilities or fix loopholes, if any, by writing fresh codes and suggesting these to the government.
  • The government has not yet released the server-side code of the app. The server-side code must be released to further assuage privacy and security concerns.

Purpose of open-sourcing the server-side code:

  • Any applications or functionalities on mobile phones and other handheld devices need Internet connectivity to run. 
  • By having access to the server-side data, individuals can check whether the data provided to the app is flowing directly to the dedicated servers or not. 
  • If not, either the discrepancy can be reported or clarifications can be sought from the government.

Arogya Setu App

  • The Government of India launched ‘Aarogya Setu’ an app to track the cases of COVID-19 and alert the citizens of the country to keep safe. 
  • Aarogya Setu app has been launched by the Ministry of Electronics and Information Technology (Meity).
  • It will calculate risk based on the user's interaction with others, using cutting edge Bluetooth technology, algorithms, and artificial intelligence.
  • Once installed on a smartphone, the app detects other nearby devices with Aarogya Setu installed.
  • The App will help the Government take necessary timely steps for assessing risk of spread of COVID-19 infection, and ensuring isolation where required. 

“Policy on Adoption of Open Source Software for Government of India”

  • The Government of India (GoI) is implementing the Digital India programme as an umbrella programme to prepare India for a knowledge-based transformation into a digitally empowered society and a knowledge economy.
  • To meet this objective, there is a need to set up a commensurate hardware and software infrastructure, which may require significant resources. 
  • The “Policy on Adoption of Open Source Software for Government of India” (hereinafter referred to as “Policy”) will encourage the formal adoption and use of Open Source Software (OSS) in Government Organizations. 
  • The source code shall be available for the community/adopter/ end-user to study and modify the software and to redistribute copies of either the original or modified software.
  • The source code shall be free from any royalty.

Objective:

  • To provide a policy framework for rapid and effective adoption of OSS
  • To ensure strategic control in e-Governance applications and systems from a long-term perspective.
  • To reduce the Total Cost of Ownership (TCO) of projects.


Source: https://indianexpress.com/article/explained/coronavirus-what-making-aarogya-setu-open-source-means-6430348/

Image Source of image: Aajtak