Home » News » Tech » Aarogya Setu Android App Now Open Source, Rs 1 Lakh Bug Bounty Programme Announced
2-MIN READ

Aarogya Setu Android App Now Open Source, Rs 1 Lakh Bug Bounty Programme Announced

By: Shouvik Das

News18.com

Last Updated: May 26, 2020, 19:55 IST

A photo illustration of the Aarogya Setu app logo.

A photo illustration of the Aarogya Setu app logo.

The source code of the Android app of Aarogya Setu will be released on GitHub after midnight tonight, and code improvement programme has also been introduced for the app.

The government of India has finally open sourced the source code of the Android application of the Aarogya Setu contact tracing app. Earlier today, Amitabh Kant, CEO of Niti Aayog, stated that the source code of the iOS version of Aarogya Setu will also be opened up “soon”. The code was released by Kant, along with K Vijay Raghavan, the principal scientific advisor of India, and Dr Neeta Varma, the director general of the National Informatics Commission of India.

The source code of the Android app of Aarogya Setu will be uploaded to GitHub after midnight tonight. Speaking at the launch, Kant said that “opening the source code to developers' community signifies Government of India's commitment to the core design principles of transparency, privacy and security.” He further added that Aarogya Setu was the fastest app in the world to reach 15 million users in 13 days, and 100 million in 41 days.

Alongside releasing the code, Ajay Prakash Sawhney, the secretary of the Ministry of Electronics and IT (MeitY) emphasised on how the app was developed as a public private partnership basis, and was largely developed by “volunteers”, who came together to build the app. On this note, Varma of NIC also announced a bug bounty programme, which will offer cash rewards of up to Rs 1 lakh to everyone that will report bugs, code frailties and improvements to the government. The bug bounty programme will be run by MyGov, as its chief executive Abhishek Singh stated.



The bug bounty programme will offer three different kinds of privacy bug bounties, and one code improvement programme, all of which will offer prizes worth up to Rs 1 lakh. On this note, Varma also stated that while this is the first bug bounty programme, it may also spell a future where all tech integrations made by official government deployments can go through similar checks.

Talking at the launch, government of India officials claimed the effort of open sourcing the Aarogya Setu code to be the “first of its kind” in the world, where an app’s source code was opened up after over 100 million downloads. The officials stated that Aarogya Setu has now been installed on 115 million devices, of which an overwhelming majority has come from Android devices. While the officials were quick to talk about the benefits of the Aarogya Setu app, it is important to note that India is not setting the precedent here – Singapore has already open sourced its official Covid-19 contact tracing app, months ago.

Many cyber security and cyber law experts had already called out for open sourcing the source code of the Aarogya Setu app, in order to accommodate developers to independently inspect all the privacy issues of the Aarogya Setu app. The government officials further stated that the move will set a major precedent – not just for all Indian government apps in the future, but also for other governments across the world to follow.