Contact Tracing app "Aarogya Setu" is now opensource


nimod

Well-Known Member
Adept
Jan 7, 2013
643
437
102
moreover, India doesn't have any privacy protection laws in general.
So, any promise from GoI can be easily compromised by their backend-maintainers.
 

maj0r

Member
Disciple
May 10, 2020
23
29
16
Apparently this is just the frontend that is open source and the backend server side is not? So it's useless for security review and bug hunting?
I believe you meant the app/client side is opensource, correct? If backend is compromised, its a risk BUT its not going to be in the control of the user anyway for review. If client side, you still can find bugs within the client implementation. Example: Review traffic pattern,whether unsafe systems calls are being used or not, API calls initiated from client side to server side etc. (Technically, you could do MITM attack to inspect data send to backend. )

In my opinion, its still a decent start. Someone who has reviewed source would be a better judge of this.