In its attempts towards contact tracing for COVID-19 patients in the country, the Indian government launched the Aarogya Setu app. The app, which started off as a voluntary install was soon made mandatory by the government for both public and private sector employees.
Since its launch, the app has raised a lot of privacy related questions about its invasive collection of location data and Bluetooth information from devices. More scary is the governments track record of keeping user data safe, and the multiple Aadhar breaches have made the public even more wary of government developed apps and their security policies and safeguards.
Now, in an attempt to make the app less invasive, a Bangalore based programmer has hacked its source code. The programmer, who spoke to media under a pseudonym, said that his intention was to make the app show him as ‘Safe’ without collecting his GPS and Bluetooth data in the process.
To do this, he dived into the source code for the app, and first removed the registration page that asks users to register with their phone number. He then removed permissions such as location and Bluetooth permissions that the app asks for. At the end of the day, he had turned the app into something that doesn’t collect any information but still flashes the green ‘Safe’ badge on the top.
He has shared the altered app with around 15 of his friends, but is trying to keep the app private in order to not undermine the governments efforts either. However, he has said that he will keep up with the app. In case the government makes any major changes or updates to the app, he will try and find workarounds around that as well.