Showing posts from 2020

Implementing a secure contact tracing system

Contact tracing means identifying people who have been in close proximity to each other for a certain duration of time. In recent days the COVID19 pandemic has brought this topic into the attention of governments trying to contain the outbreaks of the disease. However, there have been widespread concerns about the user’s data and privacy being compromised via the contact tracing app. The following report provides a useful database and analysis of the currently available apps that do contact tracing: As can be seen from the above report, a large chunk of those apps are considered invasive and do not clearly outline how they actually work, and what they do with the potentially sensitive data that they capture from the user’s device. A possible design for a transparent and secure contact tracing solution The Bluetooth and GPS enabled smartphones carried by the population are the most commonly used d

Opprtunities for improving security in GoI apps

Recent nationwide lock down due to COVID19 situation has forced me to try using some of the apps designed by various agencies of the central and state governments in India. It is heartening to see that we have done some serious work towards adoption of digitization of several services. The apps that I tried using included: BHIM by National Payments Corporation of India (NPCI) Aarogya Setu by NIC ( Interestingly, both of these apps came into being in response to a crisis situation. The BHIM system came into limelight after the November 2016 demonetization event. Aarogya Setu is believed to be an app for tracing COVOD-19 contacts of the people who may be infected by the virus. Lets talk about the BHIM app first. It seems to have matured today, and has a wide user base. The permissions required by BHIM app for its functioning are listed here unde