Several concerns have been raised with respect to possible security gaps in the Aarogya Setu app, a contact tracing solution introduced by the government in the wake of the COVID-19 pandemic.

This, especially after the app was made mandatory under various circumstances, including for public and private sector employees and those living in containment zones. For instance, the Noida administration mandated that all those stepping out in public must have the app on their phones. A similar prescription has been made by the Centre for those who were stranded abroad and are being brought back to India.

However, legal experts have reportedly pointed out a clause in the terms and conditions of the Aarogya Setu app, which reduces the government's liability in the event of citizens' data being leaked.

On May 5, a French hacker and cybersecurity expert who goes by the moniker Elliot Alderson took to Twitter to raise alarm over alleged security issues. He claimed that some gaps in the app put at stake the medical data of around 90 million Indians.

In his series of tweets, he mentioned that arms of the Ministry of Electronics and Information Technology had contacted him and he had flagged the issues to them.

Following this, the government issued a statement via the official handle of the Aarogya Setu app, in response to the hacker's allegations.

The statement noted that Alderson raised concerns over the app fetching location data on a few occasions and how users can display COVID-19 stats on the home screen by changing the radius and latitude-longitude using a script. This, the government said, is by design and is clearly detailed in the app's privacy policy.

Reiterating the government's position on the safety of the Aarogya Setu app, Communications and Information Technology Minister Ravi Shankar Prasad said that the app is completely safe. He said that all the data stored on the servers is secure and will be deleted once the COVID-19 crisis is over.