Arogya Setu App Gets Revised Privacy Policy

Arogya setu app

The Arogya Setu app was launched earlier this month by the government for people to self-assess COVID-19 symptoms and the possibility of them contracting the virus. It has now received a revised privacy policy, along with some minor updates. In terms of the visual aspect, the dashboard of the app has been made more prominent, with images of how to remain safe and how to maintain social distance at all times. The app is likely to display an e-pass feature in the days to come, but as of now, it does not share any information regarding the same. 

The previous policy mentioned that users would receive notification of revisions from time to time, but that has not been the case with the recent policy update. What is more shocking is the fact that the present privacy policy is not mentioned in the Google Play Store, which is otherwise a must. Let us now have a look at the critical changes made in the policy.

Unique ID For Everyone

The app saves several details about a user, such as name, age, gender, profession, and phone number, along with locations of countries they may have visited in the last 30 days. With this update, the users will be provided with a unique digital ID called DiD. The privacy policy states that the DiD will be used to identify the user in all subsequent app-related transactions, and will be associated with any data or information uploaded from the app to the server. However, the DiD unique ID will not be available at the moment for users to access. 

Sharing DiD With Other Users

The Arogya Setu app has been designed to automatically share the DiD, time and GPS location of one user with other users when they come nearby. The policy reads that the information collected from one user will be securely stored on the mobile device of the other registered user, and will not be accessible by other users.

Data Will Not Be Shared With Third-Party Apps

The recent update in the policy reads that the data of users will not be shared with any third-party apps. However, there is a clause. This data may be retrieved for necessary medical and administrative intervention, although the exact definition or meaning has not been made public yet. Information will be sent to the central government’s server without the user’s permission, such as:

  • Positive Test For COVID-19
  • Self-declared assessment points for a user at high risk (this is categorized as yellow (moderate risk) and orange (high risk))

Non-liability Of Government

As per the limitation of the liability clause, the government cannot be held responsible for the failure of the app to identify a person accurately, as well as for the accuracy of the information provided by the app. The policy reads that the government is not liable in case of any unauthorized access to your information or modification thereof.

However, it remains unclear if the clause is limited to unauthorized access of a user’s device or central servers which store the data.

Duration Of Stored Data

Any data, including the DiD data, will be stored on the mobile for 30 days, after which it will be deleted automatically, in case it has not been stored in the central database. For the data that has been stored in the central database, the deletion period is 45 days. 

For those users who have been tested positive for the virus, the data will be deleted after 60 days.

Data After Uninstallation Of App

It is a common question that hovers over everyone’s mind – what will happen to the data if the app is uninstalled from the mobile device? All the data that are retrieved from a user at the beginning of the installation remains stored in the database – as mentioned in the above paragraph – for a set number of days, irrespective of usage of the app by the user. In simple words, once the app is installed, the data stays for 30 days.

Usage Of Data

The stored data will be anonymized and transformed into data sets that will generate a heatmap and statistical visualization. However, the app has not seen a heatmap and statistical visualization even after the update on the user’s end. The app at present only shows a state-wise breakdown of the COVID-19 positive cases. 

Data Security

The app has been encrypted with standard security features, and all the data will be encrypted before it is further uploaded to an encrypted cloud server. The app has been designed in such a way that it conceals the location and other details of a positive tested patient, in case another user comes near the patient.

Download our Mobile App

Subscribe to our newsletter

Join our editors every weekday evening as they steer you through the most significant news of the day.
Your newsletter subscriptions are subject to AIM Privacy Policy and Terms and Conditions.

Our Recent Stories

Our Upcoming Events

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox

6 IDEs Built for Rust

Rust IDEs aid efficient code development by offering features like code completion, syntax highlighting, linting, debugging tools, and code refactoring