India's federal government toned down its directive over compulsory use of the Aarogya Setu app for several categories of citizens. The move comes a day after the country's cyber security agency warned of online scamsters of using the app for phishing attacks.
But, that is not all. A lobby of pharmacists representing over 850,000 retail outlets in India have petitioned the government to delink the Aarogya Setu Mitr portal from the app, claiming that foreign-funded and illegal e-pharmacies were using the Aarogya Setu app to advance their business interests in the country.
Not fair, chemists lobby tells PM
In a letter addressed to Prime Minister Narendra Modi, the All Indian Organisation of Chemists and Druggists expressed concern that the tracing app was used to advance the business interests of foreign-funded pharma chains.
"The Aarogya Setu Mitr website being linked to Aarogya Setu application is a matter of greater concern since the faith reposed by the public in the said app is being betrayed by allowing illegal e-pharmacies to operate in India," the statement said.
Respected @narendramodi ji Please see CEO @NITIAayog is promoting E pharmacies with #ArogyaSetuApp which are ILLEGALLY functioning in India. It’s unfortunate that this App for fighting #ChineseVirus is made to serve foreign funded E Pharmacies. CC @PiyushGoyal @drharshvardhan pic.twitter.com/eSKdDNapTxMay 7, 2020
Phishing in lockdown times
On the phishing attacks, market research by Check Point revealed that over 192,000 coronavirus-related cyber-attacks per week had occurred over three consecutive weeks with numbers growing by 30% in the latest period.
The Indian Computer Emergency Response Team (CERT-IN) says in its latest alert that phishing attacks have seen a significant rise around the Aarogya Setu as well as video conferencing apps such as Zoom, Microsoft Teams and Google Meet. Scamsters were impersonating WHO, HR departments of companies and digital influencers to spread fake references of a neighbour or an acquaintance being infected.
“Threat actors are taking the interest of users related to Coronavirus and performing threats. New phishing domains are created which are centred around the subject such as "relief package", "safety tips during corona", "corona testing kit", "corona vaccine", "payment and donation during corona". Threat actors trick users through phishing emails and messages based on the above subjects,” CERT-IN says.
The advisory went on to warn users to watch out for phishing domains, spelling errors in emails and websites as well as unfamiliar senders. CERT-IN said users should also not download or open any file received via email or SMS.
Government tones down
Meanwhile, India's Federal Home ministry toned down its May 1 directive on who should download the Aarogya Setu app compulsorily. Instead of insisting that all staff in offices should get the app on their phones, the latest directive has put the onus on employers to ensure that Aarogya Setu is installed on a best-effort basis.
In other words, those having smartphones can instal the apps whereas others need not do so. District authorities have also been given similar suggestions. In the previous notification, the ministry had asked local authorities to "ensure 100 percent coverage of Aarogya Setu app among residents in containment zones," a factor that is missing from the more recent order.
Meanwhile, a report in The Hindu refers to a database maintained by the MIT Technology Review whereby it appears as though the Aarogya Setu poses significant risks to user privacy as compared to similar apps in other countries. However, the report says that similar apps in China and Turkey pose greater risk than the Made in India app for contact tracing.
