Bhopal: A week after Congress President Rahul Gandhi alleged that the ‘Aarogya Setu’ mobile application is a threat to privacy and called it a "sophisticated surveillance system", the Madhya Pradesh government’s mobile-based application, Sarthak, designed to keep track of Covid-19 patients, has exposed personal details of thousands of individuals.
The leaked data included real-time location and personal details of around 5,500 individuals before the app was pulled down on Sunday after a French computer programmer highlighted the breach in a tweet.
Sharing the screenshot of the application, the French hacker, with a Twitter handle ‘Elliot Alderson’ exposed the breach in the tweet.
He said, “In India, the state of Madhya Pradesh created a #Covid19 dashboard with:
- name of quarantined people
- their device id and name
- os version
- app version code
- the gps coordinates of their current location
- the gps coordinates of their office” He added, “This is what a surveillance system looks like.”
The Union government had in an advisory on April 8, 2020 said that those affected by Covid-19 or under quarantine should not be identified. The hacker has also exposed a purported breach in Arogya Setu app, backing Congress leader Rahul Gandhi’s claim.
Replying to Alderson’s tweet, the official Twitter handle of Madhya Pradesh Agency for Promotion of Information Technology (MAP-IT), which has developed the app said, “We have taken cognisance of this issue and is being examined in detail. Till then, the dashboard has been brought down. Thank you.”
Both the applications, Sarthak and Aarogya Setu have been designed to help users to identify whether they are at risk of the Covid-19 infection and provide people with important information.
The Sarthak application has an additional feature: it contained the names of the people who are meant to be quarantined, information about the type of phone they used and their last known location – at times as accurate as within 5 metres – and was available for download on an mp.gov.in website.
Confirming the same, Nand Kumaram, the Chief Executive Officer (CEO) of MAP-IT, said, “The application has some personal information about the patients which should not have been there. Hence, we are going to remove it and make it more secure.”
MAP-IT is a part of Madhya Pradesh government’s Department of Science and Technology.
“Sarthak App is to help us in Covid management and keep track of patients. The information stored in the app is confidential and is not meant to be made public. Nevertheless, we are trying to verify if the names being made public on the portal are real ones,” Kumaram added.
Commenting over the issue, MP-based public health expert SR Azad demanded inquiry into the matter. “The information on patients is for analysis and follow-up, not to stigmatise people and create terror among them. There should be a detailed inquiry and action should be taken against officials responsible,” he added.
Also read: How Pandemics are Linked with Ecological Crises