Aarogya Setu has revealed the source code of the Android version of the application to the public. On Tuesday, Aarogya Setu team announced to make the app source code and provide an opportunity for the developers to review the code and suggest improvements and also find vulnerabilities if any.
“Those identifying vulnerabilities, bugs or code improvement stand to get recognized and win cash awards too,” Aarogya Setu said. Prize money of 1 lakh has been announced for the country programme.
“I just want to point out that this is a very very unique thing to be done,” NITI Aayog CEO Amitabh Kant said. “No other government product anywhere in the world has been open-sourced at this scale anywhere in the world.”
Here are five more things you can do on Aarogya Setu app, find out!
To get access to the source code you will need to head over to https://github.com/nic-delhi/AarogyaSetu_Android and sign up to participate. At the time of writing the website had 76 issues and 29 pull requests.
The process of supporting the open-source development will be managed by National Informatics Centre (NIC) and all code suggestions will be processed through pull request reviews.
On opening the source to the developer community the government of India said that the move signifies their continuing commitment to the principles of transparency and collaboration.
“With the release of the source code in the public domain, we are looking to expanding collaboration and to leverage the expertise of top technical brains amongst the talented youth and citizens of our nation and to collectively build a robust and secure technology solution to help support the work of frontline health workers in fighting this pandemic,” the Aarogya Setu team noted.
The government has also announced that the iOS and KiOS version of the Aarogya Setu app will be released as open-source within the next two weeks and the server code will also be released subsequently. Stating the reason for releasing the code first for Android the government said nearly 98 per cent users of Aarogya Setu app use an Android phone.
MIT downgrades Aarogya Setu app rating from two to one
Not everyone will be eligible to get rewards. Notably, only those submissions that meet the following eligibility requirements may receive a reward:
1) The vulnerability must be a qualifying vulnerability so researchers must take a note of that.
2) Security Researcher may not publicly disclose the vulnerability prior to the resolution.
3) The Researcher reporting the vulnerability improvements should not be working for AarogyaSetu Project or its related activities or initiatives.
4) Employees (including their family members) of National Informatics Centre (NIC) and Ministry of Electronics & IT (MeitY) and its constituent organizations are not eligible.
For more details of the bug bounty programme head over to MyGov website.
Amid privacy concerns, Centre makes Aarogya Setu app open source