In-regards to the “Inside Aarogya Setu” blog post that was published by our team on the 12th of August 2020. After consultation with relevant stake holders, we have the following updates that we would like to share:
- As stated to us, the code that was published on Github was a test backend code and not the production code.
- As mentioned in our original post, we flagged the issue on June 23rd and the NIC and NIC CERT teams were able to fix the issues promptly in under 24 hours. This in itself is commendable and is significantly better than the industry average of 36 days to fix reported issues.
- As mentioned in our original post, we had taken great care to ensure that absolutely no data was accessed as part of this process. Further, since the code was not the production code, it was not possible to access any user data or backend services. We can unequivocally state that no data was breached nor could it have been.
- As a final note, we have been reassured that the data of citizens inside the Aarogya Setu application is safe and the platform continues to be safe and secure.
Our intent has always been and always will be to help safeguard our national interests.