Security News > 2020 > May > India said its coronavirus contact-tracing app is perfect... adds bug bounty and open-sources it anyway

India said its coronavirus contact-tracing app is perfect... adds bug bounty and open-sources it anyway
2020-05-27 02:59

India has open-sourced its Aarogya Setu contact-tracing app and announced a bug bounty programme to detect any security issues.

The nation has now decided to open the app and run a bug bounty programme.

The bug bounty appears a little rustic as it involves sending bug reports to Indian government email addresses rather than use of a third-party bounty platform like Bugcrowd or HackerOne.

Both the open-sourcing of the app and the bug bounty program were welcomed.

The center welcomed the lifting of a ban on reverse-engineering but expressed concerns that the app's data retention period has extended, while broad language permits wide sharing of data the app gathers while deanonymised sharing also appears possible.


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/27/aarogya_set_open_source_bug_bounty/