Unique ID For Everyone
Sharing DiD With Other Users
The Arogya Setu app has been designed to automatically share the DiD, time and GPS location of one user with other users when they come nearby. The policy reads that the information collected from one user will be securely stored on the mobile device of the other registered user, and will not be accessible by other users.
Data Will Not Be Shared With Third-Party Apps
The recent update in the policy reads that the data of users will not be shared with any third-party apps. However, there is a clause. This data may be retrieved for necessary medical and administrative intervention, although the exact definition or meaning has not been made public yet. Information will be sent to the central government’s server without the user’s permission, such as:
- Positive Test For COVID-19
- Self-declared assessment points for a user at high risk (this is categorized as yellow (moderate risk) and orange (high risk))
Non-liability Of Government
As per the limitation of the liability clause, the government cannot be held responsible for the failure of the app to identify a person accurately, as well as for the accuracy of the information provided by the app. The policy reads that the government is not liable in case of any unauthorized access to your information or modification thereof.
However, it remains unclear if the clause is limited to unauthorized access of a user’s device or central servers which store the data.
Duration Of Stored Data
Any data, including the DiD data, will be stored on the mobile for 30 days, after which it will be deleted automatically, in case it has not been stored in the central database. For the data that has been stored in the central database, the deletion period is 45 days.
For those users who have been tested positive for the virus, the data will be deleted after 60 days.
Data After Uninstallation Of App
It is a common question that hovers over everyone’s mind – what will happen to the data if the app is uninstalled from the mobile device? All the data that are retrieved from a user at the beginning of the installation remains stored in the database – as mentioned in the above paragraph – for a set number of days, irrespective of usage of the app by the user. In simple words, once the app is installed, the data stays for 30 days.
Usage Of Data
The stored data will be anonymized and transformed into data sets that will generate a heatmap and statistical visualization. However, the app has not seen a heatmap and statistical visualization even after the update on the user’s end. The app at present only shows a state-wise breakdown of the COVID-19 positive cases.
The app has been encrypted with standard security features, and all the data will be encrypted before it is further uploaded to an encrypted cloud server. The app has been designed in such a way that it conceals the location and other details of a positive tested patient, in case another user comes near the patient.