Right from the onset of COVID-19 tracing App, Arogya Setu has been the centre of debate in India. The App developed by National Informatics Centre was initially handed a rating of 2 out of 5 stars by the prestigious Massachusetts Institute of Technology (MIT), based on its privacy and data principles.
Now in a detailed report by MIT, Aarogya Setu app rating has been downgraded to 1 out of 5 stars, with only 'data destruction' being the parameter that it has ticked, a report in News18 said. The revised rating will go in the public domain after MIT researchers examine the App and find it within the parameter of ‘data minimization.’
Massachusetts Institute of Technology has rated all the COVID-19 contact tracing apps in the world.
News 18 quoted MIT researchers as saying that Aarogya Setu app asks for and collects far more data than what it needs to implement contact tracing of COVID-19. Data minimisation is a key aspect of a good app, where services are ideally recommended to collect as little of the user's information as possible.
According to the MIT researchers, the reason behind this is to reduce the app's liability to protect user data, and give the users themselves an assurance that their information will not be misused for any third party purposes.
Ever since its launch in April 2020, privacy advocacy bodies have alleged Arogya Setu App to have breached consumer details. These organisations also claim that the app does not have a standard operating procedure and raised questions on being mandated for download without a supporting legal framework.
In response, the Ministry of Home Affairs on May 11 published a data protocol for the app that aims to certify that user data being collected through the app will not be used or viewed by anyone other than those that are absolutely necessary.
The fact that a large number of population in India does not use smart phones also raises more questions on the efficiency of the app. It will be interesting to watch how the revised rating of MIT will affect the Arogya setu app.
Another question is if the MIT raitings and analysis is coupled with Apple and Google's rolling out of the privacy-focused Exposure Notification API, will it leads to fundamental operational changes in the App?