On Tuesday, the Ministry of Electronics and Information Technology announced that it has released the source code of the Aarogya Setu app to promote transparency and collaboration with the software developer community. The IT Ministry’s move came in the wake of demands from cyber law experts and critics who had said the app was too closed in nature and without adequate data protection measures.
What does open-source software mean?
The software can be divided into two broad categories, proprietary and open source. Any software that has to be bought or licensed from the creator of the software is called a proprietary or closed-source software. Examples include Microsoft Windows, Google Earth, and Adobe Photoshop. The intellectual property rights of the software, even if bought or licensed, remains with the creator.
Open-source software requires no licensing and need not be bought. Its source code is open for everyone to download, examine, redistribute, and improve upon if they can, with an acknowledgment to the original software coder or the company. Examples of such software are WordPress, VLC Media Player, and the Mozilla browser.
Why has the source code of Aarogya Setu been made public?
While releasing the source code on Tuesday, the government said it was doing so to promote transparency and ensure the security and integrity of the app. The source code, the government said, was released in line with its “Policy on Adoption of Open Source Software for Government of India”.
Does that address security and privacy concerns?
It is too early to tell, say experts. Now that the source code has been released, software developers from around the world will be able to go through the code and point out vulnerabilities or fix loopholes, if any, by writing fresh codes and suggesting these to the government, Udbhav Tiwari, Public Policy Advisor at Mozilla said.
Besides, the government has not yet released the server-side code of the app. Kazim Rizvi, founder of policy think-tank The Dialogue, said the server-side code must be released to further assuage privacy and security concerns.
May help assuage concerns over privacy, security
With the opening up of the source code for developers as well as the announcement of a bounty scheme for finding bugs in the Aarogya Setu app, the government has opened itself to scrutiny of coders across the world. This will, however, restore some faith in skeptical minds as they can now read and understand the code for themselves. It will also help in assuaging the data privacy and security concerns surrounding the app.
What purpose will open-sourcing the server-side code serve?
Any applications or functionalities on mobile phones and other handheld devices need Internet connectivity to run. Sending and processing of such data are done on the server. By having access to the server-side data, individuals can check whether the data provided to the app is flowing directly to the dedicated servers or not. If not, either the discrepancy can be reported or clarifications can be sought from the government.