Contact Tracing app "Aarogya Setu" is now opensource


Well-Known Member
moreover, India doesn't have any privacy protection laws in general.
So, any promise from GoI can be easily compromised by their backend-maintainers.


Apparently this is just the frontend that is open source and the backend server side is not? So it's useless for security review and bug hunting?

I believe you meant the app/client side is opensource, correct? If backend is compromised, its a risk BUT its not going to be in the control of the user anyway for review. If client side, you still can find bugs within the client implementation. Example: Review traffic pattern,whether unsafe systems calls are being used or not, API calls initiated from client side to server side etc. (Technically, you could do MITM attack to inspect data send to backend. )

In my opinion, its still a decent start. Someone who has reviewed source would be a better judge of this.