States should consider indirect sale, home delivery of liquor, says SC

New Delhi, May 6: The government on Wednesday said no data or security breach has been identified in Aarogya Setu after an ethical hacker raised concerns about a potential security issue in the app.

The app is the government's mobile application for contact tracing and disseminating medical advisories to users in order to contain the spread of coronavirus.

On Tuesday, a French hacker and cyber security expert Elliot Alderson had claimed that "a security issue has been found" in the app and that "privacy of 90 million Indians is at stake".

Dismissing the claims, the government said "no personal information of any user has been proven to be at risk by this ethical hacker".

"We are continuously testing and upgrading our systems. Team Aarogya Setu assures everyone that no data or security breach has been identified," the government said through the app’s Twitter handle.

The tweet gave point-by-point clarification on the red flags raised by the hacker.

"We discussed with the hacker and were made aware of the following... the app fetches user location on a few occasions," it said, but added that this was by design and is clearly detailed in the privacy policy.

The app fetches users’ location and stores on the server in a secure, encrypted, anonymised manner - at the time of registration, at the time of self assessment, when users submit their contact tracing data voluntary through the app or when it fetches the contact tracing data of users after they have turned COVID-19 positive, it said.

On another issue that users can get COVID-19 stats displayed on the home screen by changing the radius and latitude-longitude using a script, Aarogya Setu said that all this information is already public for all locations and hence does not compromise on any personal or sensitive data.

"We thank the ethical hacker on engaging with us. We encourage any users who identify a vulnerability to inform us immediately...," it said.

Responding to Aarogya Setu's clarification, Alderson tweeted, "I will come back to you tomorrow".

With the beginning of Ramzan just about 10 days away, Maulana Khalid Rashid Firangi Mahali, the chairperson of the Islamic Centre of India and the Imam of Aishbagh Eidgah has issued an advisory to people on how to observe Ramzan during the lockdown.

In his appeal, the Sunni cleric, who is a member of the All India Muslim Personal Law Board (AIMPLB), has urged people that the holy month of Ramzan is likely to begin from April 25. The lockdown may also be extended beyond April 14.

"In this case, it is advised that people observe roza (fast) and do iftar (meal to break the fast) in the evenings at their homes. There should be no congregational prayers in the mosque but only at homes. Only those who stay or are staying at a mosque should pray there and that too while maintaining adequate social distance," said Maulana Khalid Rashid Firangi Mahali in a video message.

The cleric, in the 12-point advisory, has asked people to fast as is mandatory in Islam and to pray for the end of the pandemic, during the month of worship.

The advisory says that those who used to arrange for iftar of poor and needy persons at the mosque, should continue to do so this year as well but the food should be distributed to the needy.

"Those who conducted Iftar parties in Ramzan should give the money kept for it in charity. Not more than five people should be present at any time at a mosque," the cleric added.

Earlier for April 8 and April 9, both Shia and Sunni clerics had appealed to the people to stay indoors and pray on the occasion of Shab-e-Baraat, respectively. To ensure full compliance of the lockdown, the gates of several graveyards in the city were locked up by the caretakers since traditionally Muslims visit graves of their ancestors on Shab-e-Baraat--the night of Allah's forgiveness, to pray for their ancestors.