Security News > 2020 > May > India said its coronavirus contact-tracing app is perfect... adds bug bounty and open-sources it anyway
2020-05-27 02:59
India has open-sourced its Aarogya Setu contact-tracing app and announced a bug bounty programme to detect any security issues.
The nation has now decided to open the app and run a bug bounty programme.
The bug bounty appears a little rustic as it involves sending bug reports to Indian government email addresses rather than use of a third-party bounty platform like Bugcrowd or HackerOne.
Both the open-sourcing of the app and the bug bounty program were welcomed.
The center welcomed the lifting of a ban on reverse-engineering but expressed concerns that the app's data retention period has extended, while broad language permits wide sharing of data the app gathers while deanonymised sharing also appears possible.