Tech M ties up with Hinduja CyQureX

Covid-19: Reimagining work with a zero-trust lens

by | Apr 22, 2020 | IT Security

Ensuring business continuity for borderless offices demands more extensive IT security frameworks.
Share to lead the transformation

The COVID-19 pandemic has resulted in widespread lockdowns. Commuting to workplaces has been suspended for all but a few essential-service organizations and personnel. To ensure business continuity, many organizations had to rush almost overnight to implement work-from-home (WFH) policies for their entire workforce. Understandably, when viewed from a ‘zero-trust lens,’ few have found themselves fully equipped to handle the surge in WFH scale, which is testing the robustness of the IT security fabric.

The state of running entire operations remotely is unprecedented! IT heads are scrambling with issues such as infrastructure availability and sizing to meet the growing demands. From a security readiness perspective, CISOs are seen doing comprehensive assessments to map the network usage patterns and risk aspects. With more employees working remotely today than ever before, the odds of potential threats have grown manifold. The biggest challenge for CISOs today is to make necessary tools and resources available to their virtual workforce without compromising confidential data.

The practical and effective strategy that works to address this challenge is ‘zero-trust lens’ approach to information security—a contemporary lens that treats everyone who access organizational network as suspicious and distrustful.

The concept of zero trust security framework distinguishes between what’s necessary and what’s not. It stresses that everything cannot be critical and hence need not require full network access. Contrary to the trust-based perimeter defense approach, zero trust defines users and their job requirements. It provides people with adequate permissions to access applications and tools relevant to perform their job virtually, while withholding the rest of the corporate data. For instance, an HR department employee working remotely need not be given access to the sales department database.

In the current setup, it becomes even more important for CISOs to have visibility on what’s happening on the network. Looking at the fact that many employees may be accessing corporate information through personal and unfamiliar devices remotely, CISOs are expected to incorporate strong multi-factor authentication protocols to strengthen the zero-trust security framework. A strong multi-factor authentication protocol ensures controlled access to data repositories and specifies who may access information and under what conditions.

It is equally important for CISOs to educate their users regularly about not clicking insecure links and staying watchful of phishing emails, thereby preventing easy doorways to hackers and cyber crooks.

Even during these difficult times, organizations can operate to their fullest potential, if they enable their people in a right manner, using a ‘zero-trust lens’ framework to secure the borderless networks.


Telecom deals will transform mobile payments in India

Telecom deals will transform mobile payments in India

Ahead of monsoon’s arrival, the Indian telecom sector is pepping up for an enthralling deals season. While the spotlight is on Jio Platforms, investment speculations are abuzz for Vodafone Idea and Airtel too. These strategic investments (between global internet giants and Indian telcos) have the potential to transform mobile payments in India.

While the Facebook-Jio deal announced on 22 April continues to be a towering one, other significant deals involving Jio Platforms have also taken place. Abu Dhabi-based Mubadala Investment Company has announced to invest ₹ 9,093.60 crore for a 1.85% equity stake in Jio Platforms on a fully diluted basis.

More such investments in Jio Platforms are understood to be brewing.

The Jio Platforms deals have stoked similar developments for other telecom players as well. Earlier, there was a buzz around Google mulling a stake in Vodafone Idea Limited (VIL) and now a likely investment by Amazon in Bharti Airtel is the talk of the industry.

The landfall

It all started with Facebook buying a stake of 9.9% in Jio Platforms, which is a parent to RJio, India’s biggest telco by subscribers as well as revenues. The deal was valued at Rs 43,574 crore.

Four other significant stake purchases in Jio Platforms followed within a month’s time by various global majors, mostly investors. These were: Silver Lake (1.15% stake for Rs 5,656 crore), Vista Equity Partners (2.32% stake for ₹11,367 crore), General Atlantic (1.34% for ₹6,598 crore), KKR (2.32% for ₹11,367 crore), and Mubadala Investment (1.85% for ₹ 9,093.60 crore).

Thus, in a span of just six weeks, a total of ₹87,655.35 crore has flown into Jio Platforms’ coffers for a stake sale of 18.97%. It is understood that the amount would be used by super parent Reliance Industries Limited (RIL) to pare a sizable chunk of the debt it took for the RJio telecom services subsidiary.

Why so bullish on Indian telcos?

With India’s telecom average revenue per user (ARPU) being among the lowest worldwide and the telcos being neck-deep in debts, the enthusiasm of foreign investors seems mystifying at first sight.

In the last few years, several consolidations and shakeouts have brought down the number of private-sector telecom players from around 15 to just three. A number of foreign investors have lost their monies in the process. There even have been speculations that the sector could end up being a duopoly in the long run.

It is also a well-acknowledged fact that not only voice but even data is now commoditized. This means that investments made into pure-play voice or data networks could take very long periods to recoup. In fact, given the high cost of assets (including spectrum and licenses) and the consistently low ARPUs, it is even likely that those investments may never find a profitable return.

This newfound enthusiasm and rush of foreign investors then can’t imply confidence in India’s telecom story. It has to be something much more promising and bigger.

It’s the mobile payments story

A look at the investments made in Jio Platforms shows that the mobile-payments factor has played a driving role. If Google and Amazon decide to invest in VIL or Airtel, that too would be driven by a mobile payments consideration.

As noted in another Better World story (See: Will FB–Jio deal create magic?), while Reliance Jio already has a UPI license for its Jio Money payments platform, WhatsApp is yet to receive a license for rolling out a payment service for all its users in India.

A 9.9% stake in Jio Platforms opens the possibility for Facebook to process mobile payments over WhatsApp using Jio Money as an enabling platform. This could mean a world of difference for Facebook, which has silently watched Google Pay and Amazon Pay amass significant user base and gross transaction values.

According to the National Payments Corporation of India (NPCI), the UPI payments market, including mobile payments, stood at Rs 2.18 trillion for the month of May 2020 alone. Also, Google Pay is understood to be having more than 65 million active monthly users.

Facebook is eyeing a big slice of the UPI pie in India, which as per Better World estimates, will be more than Rs 25 trillion in FY2020-21.

Clash of titans awaited

Despite a strong foothold in India, Google can’t risk undermining Facebook’s capabilities. It will certainly like to bolster its position further in the mobile payments market. Amazon too would like to protect and grow its market share.

So if Facebook has taken a stake in RJio’s parent Jio Platforms, it may be logical for Google and Amazon to identify strategic investment opportunities with other pan-India telcos. The obvious choices would be VIL and Airtel. However, while Airtel hold a UPI license, VIL doesn’t have one (it surrendered the M-pesa license last year). Nevertheless, VIL continues to be the second-largest telco by number of subscribers.

On the BSE, stocks of VIL and Airtel rose 6.41% and 3.89%, respectively, on 4 June, while the Sensex closed marginally lower by 0.38%.

It is another matter that while a 5% stake sale could get Airtel cash worth USD2 billion, a similar stake sale would get VIL just around USD110 million at current valuations. So while a stake sale would enable Airtel to pare a significant part of its debt, for VIL it would only amount to a short lease of life.

This also means that for a VIL deal to be strategically meaningful, a larger stake sale would be required. It remains to be seen if VIL would embrace such an idea, especially at a time when the telco has witnessed some green shoots in the recent months.

That consideration apart, there is a high potential that telecom deals will transform mobile payments in India. This will also change the dynamics between telcos and over-the-top (OTT) companies at large. More about that later.

India gears up for AI leap in post-Covid-19 era

India gears up for AI leap in post-Covid-19 era

Emerging technologies such as artificial intelligence (AI) and robotic process automation (RPA) are swiftly disrupting almost every aspect of our lives. It is about time that India gears up for AI leap too.

The capabilities of AI, in particular, are being widely tested by global organizations for automating tedious tasks, improving decision-making skills, and providing exceptional experience to their users. AI enables processing of data to provide intelligent insights and identify various prediction models. (See Accenture fortifies AI know-how with Byte Prophecy buy)

With the technology expected to transform several mundane jobs in future, the Indian government too seems to have woken up to the benefits of AI. It is making strong efforts to develop a robust ecosystem around AI, which is also touted to be a technology to watch for in the post-Covid-19 world. The technology has already been leveraged by many countries, including India, to fight the Covid-19 crisis and expediting the search for its treatment or prevention.

A new AI portal is born

Taking a cue from the global governing bodies, India has recently launched a National Artificial Intelligence Portal ( to promote and showcase the local AI-related advancements. The website has been developed by the National Association of Software and Service Companies (Nasscom) in consultation with the National e-Governance Division of the Ministry of Electronics and Communications Technology (MeitY).

This digital platform is part of the Indian government’s extensive focus on AI. It is expected to bring all the stakeholders—MeitY, NITI Aayog, Nasscom, and Department of Telecom (DoT), among others, on a single platform. It’s a much-needed initiative that could enable a regular dialogue with businesses and state departments around AI’s potential. This would also encourage private firms to develop innovative applications and new modules.

“India must be a leading country in the development of Artificial Intelligence in the world, leveraging upon its vast Internet-savvy population and data it is creating. India’s AI approach should be of inclusion and empowerment of human beings by supplementing growth and development rather than making human beings less relevant,” Ravi Shankar Prasad, Minister for Electronics & IT, Law & Justice, said, while addressing the delegates at the launch event of website.

India had earlier announced to launch the AI task force to develop strategies around AI. The government had also committed a significant proportion of Rs 3,063 crore Digital India budget toward AI advancement in the country.

Notably, India is not the first country to have launched a state-sponsored AI platform. In 2019, the USA had launched its website to highlight AI initiatives taken by the Donald Trump government and federal US agencies. Similarly, countries like Singapore and Australia have already established nationwide programs in their respective countries to harness the potential of AI.

Embracing the new world

In the post-Covid-19 world, the adoption of AI-based solutions is expected to be pervasive. Not only could AI help meet new services demand, but also enable enterprises and governments to be ready for any such future crisis and ensure employee safety.

For instance, AI technology can apprise farmers and respective authorities in advance about crop anomalies by interpreting various algorithms through satellite images or sensors in advance. This can help streamline supply chains and enable farmers to take timely actions to protect their yields, especially during unprecedented times like today. Similarly, by using AI-driven predictive models, the government can also gauge the number of hospital beds required in case of the second or third wave of pandemic outbreaks in the future.

There are many enterprises that are ahead of the curve and scaling-up their conversational chat-bot capabilities to address customer queries efficiently and provide a customized experience. An example is Grofers, a leading e-commerce company in India, which has been able to deliver essential goods to its customers and record their complaints efficiently, even during the lockdown period, by investing heavily in machine learning.

Similarly, Apollo, one of the largest healthcare group in India, took some revolutionary AI measures last year that is helping them address diagnosing Covid-19 patients. It has collaborated with Israel-based company Zebra Medical Vision to integrate a machine-learning solution that evaluates computed tomography (CT) of suspected Covid-19 patients and recommends a necessary course of medical care.

In an interesting development, Reliance Industries Limited (RIL) recently unveiled the country’s first AI-enabled chatbot on WhatsApp. The chatbot address queries of stakeholders regarding RIL’s Rs 53,125-crore rights issue, through which the company plans to make its balance sheet debt-free by March 2021.

As social distancing measures and remote working are likely to remain in practice for a long enough time, technology leaders would be keenly looking at AI-based innovations to monitor the health of their employees and adapt their HR strategies in case there are increased risk to lives.

Looks like the AI technology is on an accelerated path to becoming mainstream in India. Let’s hope it helps transform our world into a safer and more prolific.

Aarogya Setu needs to overcome more privacy issues

Aarogya Setu needs to overcome more privacy issues

Aarogya Setu

Dr. Pavan Duggal

Many governments across the globe have launched contact-tracing apps as part of their several measures to contain the Covid-19 spread. These apps use Bluetooth and location-based technologies to identify people who may have been exposed to the pandemic and raises awareness among others. On 2 April 2020, India too launched a homegrown contact tracing app, Aarogya Setu, to fight the Covid-19 spread. While experts agree that the intention behind Covid-19 is good, there has also been criticism around issues related to privacy. Some have even termed the healthcare app as a sophisticated surveillance system.

In an exclusive interaction with Better World’s Jatinder Singh, Dr. Pavan Duggal, one of the top cyber law experts in the country, throws light on the overall issue and explains how the new guidelines around Aarogya Setu are a start in the right direction.

Excerpts from the interview:

Better World: The Government of India has recently made Aarogya Setu app for Android open source. Does this make Aarogya Setu less intrusive and quell the concerns being raised over privacy?

Dr. Duggal: I think making this app open source is a first step towards transparency. However, that alone doesn’t mean that it is now completely secure and transparent. I’ve yet not seen any privacy terms in the privacy module of the app describing how it (Aarogya Setu app) complies with the requirements on cyber security under the Indian IT law. Users are still not sure whether the government is putting the reasonable security practices and procedures in place with respect to their data.

It is also not clear how the app complies with ISO 27001, an information security standard that systematically examines an organization’s information security risks, threat possibilities, vulnerabilities, and impacts. So, still, a lot needs to be done.

Better World: So, in the hindsight, is it that the app was launched hurriedly and the government is now trying to play catch-up?

Dr. Duggal: I think it’s [Aarogya Setu app] a work in progress. The intention of the government is noble. In fact, everyone’s intention is wise and revolves around defeating Corona. However, the earlier approach adopted by the government was neither prudent nor feasible. It was trying to compel smartphone users to download an app, which was insecure and had little attention to privacy. Now, by taking these steps, the government has become sensitive to the criticism it has received and is constructively trying to identify ways to better the Aarogya Setu app.

Better World: The government has also announced the launch of ‘Bug Bounty’ program, which states that anyone who identifies and submits a bug or suggests improvements in the Aarogya Setu app will be rewarded. How will this make the app more secure in future?

Dr. Duggal: Well, this is an implicit diversion from the earlier stand that Aarogya Setu was completely safe and secure. Realistically, no computer system across the world is completely and comprehensively secure. The announcement of the Bug Bounty program is an attempt by the government to track and identify the loopholes in the Aarogya Setu app, which are many. Once the program provides cues to more vulnerabilities, the government will potentially work on addressing those loopholes.

It is important to note that the bug bounty program has no connection with the intrinsic architecture of the Aarogya Setu app. The program just says that here is my program and here is an open source code, please attack and let me know the vulnerabilities. It doesn’t say how I can alter my architecture.

Better World: From a cybersecurity perspective, what should be the next steps that the government should take to make Aarogya Setu truly reliable?

Dr. Duggal: Right now, the challenge is that this app is speaking less and hiding more. When you read those terms and conditions before downloading the app, you know that the app is capturing data every 15 minutes. However, it says that the data will be submitted to the server only when you will be identified as distinct Covid-19 positive. Let’s suppose, you download the app today and you become Covid-19 positive after 18 days. From today, till the next 18 days, the app is collecting data every 15 minutes. But where is the data going? Where will it be stored? Who is accessing it? Nobody has an answer to these questions.

Moreover, if you look at the Aarogya Setu app, it has no end date. That means it is going to continue for a long, long time. Also, it is logical to expect that the government will keep the app active even after winning the first phase of corona. So, I believe that the privacy related issues need to be dealt with separately and independently, specifically in connection with the architecture of the Aarogya Setu.

Huawei refreshes OceanStor Pacific mass storage

Huawei refreshes OceanStor Pacific mass storage

Shenzen, China-headquartered information and communications technology (ICT) infrastructure major Huawei has announced the launch of its next-generation flash-based OceanStor Pacific mass storage series.

OceanStor Pacific mass storage

Shang Haifeng, President of Huawei Mass Storage Domain

The refreshed series delivers efficient, cost-effective, and reliable services for artificial intelligence, high-performance computing, videos, and other mass data scenarios. It claims to achieve new architectural, service, and performance boundaries, by leveraging multi-protocol interworking, next-generation elastic EC algorithm, and a series of dedicated hardware. The solution targets telecom carriers, among other industries including finance and manufacturing.

From telecom carriers’ point of view, the refresh for the OceanStor Pacific mass storage series could address their growing high-density storage needs in view of the surge in video and other data-intensive content on their networks.

OceanStor Pacific mass storage

Peter Zhou, President of Huawei Data Storage and Intelligent Vision Product Line,

The upgraded flash-based storage system has been designed in view of meeting the new-age mass data storage needs of enterprises. It enables them to collect, store, and process different types of structured as well as unstructured data. Key application examples are structured data from core services and mass unstructured data from 5G, IoT, and ultra-high density (UHD). Enterprises use AI technologies to analyze and process the massive amounts of data to convert data into knowledge and services, improving production efficiency.

Peter Zhou, President of Huawei Data Storage and Intelligent Vision Product Line, said, “Mass data will play an increasingly important role in enterprise digital transformation. Today, only 2% of global data is stored, and only 10% of the data is being mined for further value. Enterprises are facing insufficient capacity, data silos, and complex management when dealing with mass data. Our OceanStor Pacific Series is designed to answer these pain points, setting a new benchmark for efficient, economical, everlasting mass data storage, and helping us become the trusted choice for mass data.”

The Chinese technology multinational released its first generation of file storage in 2009 and has continuously invested in mass data storage ever since. Huawei says OceanStor storage has been deployed in more than 150 countries for more than 12,000 customers in a variety of sectors, including carriers, finance, government, energy, healthcare, manufacturing, and transportation.

Contact tracing apps have room to build more user trust

Contact tracing apps have room to build more user trust

Technology has been indispensable in dealing with disasters with increased efficiency, expediting relief measures, and providing humanitarian support. Now, when the world is reeling under a massive outbreak of the coronavirus, Covid-19 contact tracing apps have emerged as a key recourse for governments.

These Bluetooth-enabled apps and platforms have the capability of tracking even small movements of people in a bid to secure lives from this dangerously contagious respiratory disease.

India among early movers

Australia, Singapore, Ghana, Israel, India, South Korea, and Saudi Arabia are among the countries that have already launched their respective coronavirus tracing apps. Many others are working to create similar tools. Apart from individual countries, global internet giants such as Apple and Google are also marshaling their resources to build tools to locate any potential virus carriers.

India launched its coronavirus contact tracing app Aarogya Setu on 2 April 2020. Better World spoke to Dr. Pavan Duggal, one of the top cyber law experts in the country and security and cyber law consultant Anuj Agrawal in this regard. They generally agree with the view that India has made a good start and taken some key steps in the right direction (click here to read full interview of Dr. Duggal).

Dr. Pavan Duggal: Good intentions, but it’s work in progress.

Anuj Agrawal: Data is only for Covid-19 control.

Dr. Duggal is of the opinion that it is a work in progress. “The overall intention of everyone is noble. It’s about defeating coronavirus. The earlier approach adopted by the government was neither prudent nor feasible (launching an app that was insecure and had concerns about privacy). Now, by taking these steps, the government has shown that they are taking criticisms seriously and are constructively trying to identify how to make it better. Making it open source is just a first step toward transparency. By announcing the Bug Bounty program, the government is also encouraging people to come forward and share the app vulnerabilities,” he observes.

Security and cyber law consultant Anuj Agrawal also feels that the new approach is definitely in the right direction. “Initially, many people were skeptical to use this app as they feared that this might put them under the government’s surveillance radar. But the government has made it clear that their intentions are truly wise, and they are concerned about user privacy as well. One also needs to remember that users are incidentally at risk of sharing their data with almost every downloaded application, and here the government has promised that they will only use this information to combat a severe disease,” he emphasizes.

More questions than answers?

The app development efforts globally, for tracing and containing the spread of the virus, are prima facie, laudable. However, critics allege, there is more to these apps than meets the eyes. The big worries are that these apps have started gathering the humongous amount of confidential data of billions of people worldwide, keeping track of their every movement and leaving their crucial information vulnerable to misuse.

Concerns around privacy and security are raising eyebrows and many industry experts have noted that these contact-tracing applications could end up putting sensitive personal information at risk. Some key questions in this regard are: Are these apps efficient to serve the intended purpose? How will the government process user data? What will be done with the data once the pandemic is over? Is there a surety that user data cannot be hacked and used for fraud and identity theft?

Contact tracing apps

Privacy and security concerns

Amnesty International, a UK-based non-governmental human rights organization recently disclosed a critical lacuna in the configuration of Qatar’s Ehteraz contact-tracing app. It says that the bug could be exploited by cyber attackers to access highly sensitive personal information, including the names, national IDs, health status, and location data of more than a million users.

“Currently more than 45 countries have, or plan to, roll out Covid-19 contact tracing apps. Governments around the world, including Australia, France, Italy, the Netherlands, and the UK, are rushing to embrace digital tools which undermine privacy, have not yet been proved to be effective, and could put individuals’ security at risk,” it adds.

Besides, critics say it is not proven that these apps are helping authorities to restrict the outspread of Covid-19. Since the success of such apps is highly dependent on correct responses submitted by an individual user, one cannot be fully sure whether the information shared is veracious.

Moreover, these apps are not designed to work on the basis of sample denominators and require a large population to download and use it for accomplishing effective results.

For instance, Singapore’s TraceTogether, which was initially considered one of the best contact-tracing apps in the world, failed to highlight the revival of Covid-19 cases in many localized areas because only 20% of the country’s population was using it. Most of the smartphone users in Singapore cited data privacy as a major concern which was prohibiting them to use the application.

Clearly, a significant amount of effort is required to address the challenges related to ailing security architectures of such apps to encourage people at large to use them.

India setting an example?

India launched the Aarogya Setu mobile app as part of its efforts to limit the spread of Covid-19. According to the Government of India, the app has already been downloaded by over 114 million users as on 26 May, surpassing any other contact tracing downloads in the world. India has also made the usage of this app compulsory for all its citizens while using public transport or going to offices.

The Aarogya Setu app too has invited criticism from many corners because of its mandatory information collection diktat by seeking continuous Bluetooth access and location data from users. Moreover, incomprehensible terms and conditions escalated fears that the government was trying to take advantage of the Covid-19 situation and use data for other purposes, which could compromise the freedom of individuals.

The Indian government has said that all data will remain anonymous and used only for the purpose of identifying positive Covid-19 cases. However, it could not give satisfactory answers related to the possibility of data theft and proceedings of collected information in the post-pandemic situation.

Facing criticism and backlash, the authorities went back to their boardrooms to address some of the issues. Recently, they have come up with a slew of improvements. Not only has the government rolled back the mandatory directive, but it has also opened the source code of the app’s Android version, thus enabling developers to inspect the source code and suggest modifications. Countries like the UK, Australia, Singapore and Israel also have open-source apps, making them transparent and verifiable.

In a first, the Government of India has also launched a ‘Bug Bounty’ program with the aim of identifying any security loopholes that may be exploited by potential hackers. (Read: Govt opens source code for Aarogya Setu, launches rewards program)

Dr. Duggal, however, adds that in spite of these positive steps, a lot still needs to be done to make this app truly secure. “This app still hides more than it speaks and when you read the terms and conditions, it clearly states that it is capturing data every 15 minutes and only sending the data to the server if the user is found Covid-19 positive. The question is: where does the sensitive personal information go if the user isn’t established as a Covid-19 patient?”

Steps ahead

There is no doubt that digital technologies offer whopping benefits and could play a strong role in identifying and controlling Covid-19 cases. However, none of these benefits could be translated into success if people start fearing these apps and see them as the government’s way of intruding into their private lives.

Throughout the world, we’ve witnessed numerous instances of cyberattacks on government databases. For example, recently, it was widely reported that hackers leaked on the dark web sensitive details of 18 lakh Indian citizens, including Aaadhar card numbers. Well-informed citizens cannot be allured to share crucial information on the pretext of a crisis. They need a strong assurance and concrete plan with respect to the privacy of their data.

Hence, countries need to find a way out to collect data anonymously and store it in a way that it does not get leaked to hackers or marketers.

Authorities also need to update their citizens whether and how these apps are helping them flatten the Covid-19 curve. Else, they will continue to be criticized as tools that could be exploited easily by hackers. To effectively utilize the benefits of technological innovations, governments need to safeguard the privacy of their citizens.

Govt opens source code for Aarogya Setu, launches rewards program

Govt opens source code for Aarogya Setu, launches rewards program

In a press notification released by Press Information Bureau (PIB), the Government of India has made the source code open for its Covid-19 contact tracing app Aarogya Setu. The government has also launched an Aarogya Setu rewards program, called ‘Bug Bounty,’ with the aim of identifying any security loopholes that may be exploited by potential hackers.

The twin announcements could be seen as trust-building exercises to make end users more comfortable with downloading and using the app. The move also comes in the wake of a spate of criticisms of the app on issues related to privacy and security. There are an estimated 114 million users of the app.

The decision to open the app’s source codes is in line with India’s policy on open source software. The source code for the Android version of the application is available for review and collaboration at The iOS version of the application will be released as open source within the next two weeks and the server code will be released subsequently, the PIB release said. Almost 98% of Aarogya Setu Users are on Android platform.

Of the more than 114 million registered users, two-thirds have taken the self-assessment test to evaluate their risk of exposure to Covid-19. The app could not just recommend an affected user to go into self-quarantine but also send alerts to the concerned health authorities in the area. This could lead to very timely and targeted responses by the healthcare officers as well as the local administration (see How smartphones could be Covid-19 testing game changers.)

The process of supporting the open source development will be managed by National Informatics Centre (NIC). All code suggestions will be processed through pull request reviews. Aarogya Setu’s source code has been licensed under Apache License.

Any reuse of the source code with changes to the code requires the developer to carry a notice of change. More details can be found in the Frequently Asked Questions document available at

Through the Bug Bounty program, the government aims to partner with security researchers and Indian developer community to test the security effectiveness of Aarogya Setu and also to improve or enhance its security and build user’s trust. Details of the Bug Bounty Program is available on the innovate portal of MyGov at

The Aarogya Setu app was launched on 2 April 2020, and is available in 12 languages and on Android, iOS, and KaiOS platforms. The key pillars of Aarogya Setu have been transparency, privacy, and security.

The app has helped identify about 500,000 Bluetooth contacts. So far, the platform has reached out to more than 900,000 users and helped advise them for quarantine, caution or testing. Amongst those who were recommended for testing for Covid-19, it has been found that almost 24% of them have been found Covid-19 positive.

Analytics of Bluetooth contacts and location data has also helped identify potential hotspots with higher probability of COVID cases allowing State Governments and District Administration and Health authorities to take necessary steps for containment of the pandemic, early, which is critical for controlling the spread of the pandemic.

The Aarogya Setu data, fused with historic data, has shown enormous potential in predicting emerging hotspots at sub post office level and around 1,264 emerging hotspots have been identified across India that might otherwise have been missed.


Submit a Comment

Your email address will not be published. Required fields are marked *

Join to get the latest updates from Better World.

You have Successfully Subscribed!