Home Created by potrace 1.16, written by Peter Selinger 2001-2019News Created by potrace 1.16, written by Peter Selinger 2001-2019India Created by potrace 1.16, written by Peter Selinger 2001-2019MP Govt’s COVID-19 App Leaks Patients’ Private Data, Taken Offline

MP Govt’s COVID-19 App Leaks Patients’ Private Data, Taken Offline

The mobile app, Sartak, was taken offline after a French hacker highlighted the breach.

Kashif Kakvi
India
Updated:
The mobile app, Sartak, was develop to keep a track on Covid-19 patients in the state.
i
The mobile app, Sartak, was develop to keep a track on Covid-19 patients in the state.
(Photo: Altered by The Quint/Arnica Kala)

advertisement

A week after Congress MP Rahul Gandhi alleged that the ‘Aarogya Setu’ app is a threat to privacy and dubbed it a "sophisticated surveillance system", a Madhya Pradesh government’s mobile-based application, ‘Sarthak’, designed and developed to keep track of COVID-19 patients, has exposed the personal details of thousands of individuals.

Also ReadCOVID-19 Fight Can’t Be an Excuse to Exploit Workers: Rahul Gandhi

The app leaked data, including real-time location and personal details, of around 5,500 individuals before it was pulled down on Sunday, 10 May, after a French computer programmer highlighted the breach in a tweet.

Sharing the screenshot of the application, the French hacker, who goes by the name ‘Elliot Alderson’ on Twitter, exposed the breach on social media.

A screenshot of the said breach, shared by ‘Elliot Alderson’.(Photo courtesy: Twitter/@fs0c131y)

He Tweeted, “In India, the state of Madhya Pradesh created a COVID-19 dashboard with: Name of quarantined people, their device ID and name, operating system version, app version code, the GPS coordinates of their current and office location.”

‘Sarthak’ and ‘Aarogya Setu’: Drawing Parallels

The Union government had, in an advisory on 8 April 2020, said that those affected by COVID-19 or under quarantine should not be identified publicly. The hacker also exposed a breach in the ‘Arogya Setu’ app and backed Congress leader Gandhi’s claim that 'it is a surveillance system.'

Replying to the tweet after realising the fault, the official Twitter handle of Madhya Pradesh Agency for Promotion of Information Technology (MAP-IT), which has developed the app, said, “We have taken cognisance of this issue and it is being examined in detail. Till then, the dashboard has been brought down. Thank you.”
Madhya Pradesh Agency for Promotion of Information Technology’s (MAP-IT) response.Photo courtesy: Twitter/@fs0c131y
ADVERTISEMENT
ADVERTISEMENT

Both the applications, ‘Sarthak’ and ‘Aarogya Setu’, were designed to help users to identify whether they are at risk of COVID-19 and provides people with important information, including ways to avoid the novel coronavirus and its symptoms.

The ‘Sarthak’ application has additional features and it contains the names of people who are meant to be quarantined, information about the type of phone they use and their last known location – at times as accurate as within 5 metres – and was available for download on the government’s website.

Nand Kumaram, the Chief Executive Officer (CEO) of MAP-IT, confirmed the same.

“The application has some personal information of the patients which should not have been there. Hence, we are going to remove it and (are) making it more secure.”
Nand Kumaram, CEO, MAP-IT

MAP-IT is a part of Madhya Pradesh government’s Department of Science and Technology.

“Sarthak app is to help us in COVID-19 management and to keep track of patients. The information stored in the app is confidential and is not meant to be public. Nevertheless, we are trying to verify if names being made public on the portal are real ones or as stored in the app,” Kumaram added.

While commenting on the issue, MP-based public health expert SR Azad demanded an inquiry in the matter.

“The information of patients are for analysis and follow-up, not to stigmatise people and create terror among them. There should be a detailed inquiry and action should be taken against officials responsible.”
SR Azad, MP-based public health expert

(Kashif Kakvi is a Bhopal-based freelance journalist. He can be reached @KashifKakvi.)

(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)

Published: 11 May 2020,07:42 PM IST

ADVERTISEMENT
SCROLL FOR NEXT