Bangalore-Based Engineer Hacked Aarogya Setu App To Appear Safe At All Times

Jay, a Bangalore-based software engineer, has hacked India’s mandatory contact tracing app Aarogya Setu to express oppression against the rule forcing everyone to use it.

Jay started working on his rebellious project on Saturday morning and found a way to get through the registration page that requires users to register with their own phone number.

The next thing he did was to remove the permission section which asks people for their consent to let the app monitors their GPS and Bluetooth at all times.

By 1 P.M the same day, Jay had turned Aarogya Setu into a shell that is unable to collect any data but still shows a green badge, assuring him that he is safe. 

He shared that he had accomplished his goal. Now he could go anywhere appearing safe from infection with the green badge showing on the app and no one can tell that it has been hacked.

According to the IT Ministry of India, ever since Aarogya Setu was released in April, it has been downloaded more than 100 million times, which translates to about a fifth of India’s number of smartphone users.

However, its aggressive approach which involves users sharing some of the most sensitive data has drawn concern over Indians’ privacy. Many experts warn that after the pandemic is over, the app can be used as a state surveillance tool.

While initially, installing Aarogya Setu is optional, it has slowly become mandatory. Last week, Noida authority warned that people might face jail time if they failed to install the app. Last month, some of India’s most popular food delivery apps announced that gig workers must have Aarogya Setu on their phones.

These requirements follow a federal mandate forcing all private and government employees to install the app. In the future, those who do not have it might not be able to board trains, airplanes, buses, go to pharmacies, or work for food delivery companies.

Jay and other hackers like him have been trying to avoid this. Jay himself had made a version of Aarogya Setu and shared it with 15 friends. While this sounds like a small number, any leak from this circle might wash away the government’s effort to trace contact and curbs the spread of COVID-19.

Those who are not as tech-savvy as Jay have found other ways to get green badges. The most common method is to screenshot it and then show it anywhere they go.

What Jay and many others worry about is another incident just like that of Aadhaar ten years ago. When it was first rolled out, this biometric ID system was optional. But soon, the government made it mandatory.

Jay said his greatest concern was Aarogya Setu becoming the second Aadhaar. People would be unable to go anywhere without it. Even if the government lay down no rule requiring every citizen to install it, people like cinema owners may do it themselves. Jay stressed that it was the culture India had.

To answer people’s concerns over their own privacy, on Monday, the government announced a new set of rules which assures the data the app collected would be used to fight off COVID-19 only.

Jay said he would not stop hacking the app, even if the government updated it, he would find other workarounds.

>>> How To Use Aarogya Setu App, India's Official Tracking App For The CO.VID-19 Pandemic