A deep dive into the initiatives that went into making of Aarogya Setu app

In principle, creating the app was not a difficult exercise. The real challenge lay in the scale

On Sunday a privacy protocol was released on the Aarogya Setu app, the India government’s contact tracing app for Covid-19, which has scored over 110 million downloads. It is expected to settle lots of questions on how securely it handles confidential health data of the millions who use it. In fact the government has done one better by releasing the source code of the app to all and sundry on Tuesday, to check how well it does on privacy score card. 

As interest on the app will coalesce again, it is time to tell a fascinating story of public private partnership that went into its development. Ajay Sawhney, secretary, ministry of information technology says “We know we have a world class app and I don't want any reasons to feel it is not so”. It is something Amitabh Kant, CEO of Niti Aayog also concurs with and is therefore keen to push it as part of a proposed national health stack. 

Just days before the first phase of the lockdown was announced in March, some of the top names in India’s e-commerce platforms met with Niti Aayog to parse through an unusual request. There was Deep Kalra, executive chairman of MakeMyTrip, Prashant Tandon, CEO and co-founder of 1mg.com online pharmacy and the leadership team of Amazon Web Services. 

As this article went to print, the Indian team at Niti Aayog has also reached out to both Google and Apple. But there are reports that the versions these companies are developing may not be compatible with Aarogya Setu. The source code, which was released on Tuesday, is the one for the Android version, which is overwhelmingly the popular operating system in India. 

Grim forecast: 

The reasons Kant had called them for was grim. For the past few weeks the health ministry had been sharing an inventory check of beds, medical equipments and medical personnel to the government and also providing an update of the scale of the pandemic. The match was not looking good. India was going to possibly see a huge number of people down with the disease and an immense shortage of medical gear to handle it. 

The Niti Aayog team asked whether a contact tracing app could be developed to give the health personnel evidence of the disease emerging as a bush fire in an area before it became a forest fire. Other departments were also exploring the same idea and so there was an element of competition. 

In principle, creating such an app was not a difficult exercise. It was a question of using the bluetooth technology in a mobile phone to discover if someone had come in contact with an infected person. Both South Korea and Singapore had already used versions of this technology. The weakness of the technology to offer false positive and negative was also well known. For example as this MIT Technology Review article notes depending on locational quirks it could show someone as being in close proximity with a Covid19 positive person, even across a wall. 

“The challenge was the scale”, said Arnab Kumar, who led the technical development team in Niti Aayog that created Aarogya Setu. India has a smartphone population of over 400 million. If the app was going to offer any solution it had to be massively scalable. On April 14th, for instance when Prime Minister Narendra Modi in his speech announcing the extension of the lockdown asked people to download Aarogya Setu, within an hour over ten million downloads happened. “Over a thousand people were online each second pulling the app on to their phone” , said Kumar. The architecture of the app had to be robust to take this load across all operating systems”. By then the app had been downloaded in over 20 million phones. 

Aarogya Setu is the latest in a line of government sponsored IT apps India has created in recent years. It began with Aadhaar, then there was Bhim, the payment gateway and now Aarogya Setu for the health sector. Each has also drawn its fair share of criticism. 

Sawhney said the app would not save those who had downloaded it. But it would save others from the person. To that extent it was a bit of a public service by the citizens. When two persons A & B with the app downloaded on their phones met, the bluetooth on each would note each others identity. If B for instance was infected and this was known to his app, the event would be transmitted to the cloud based server from the bluetooth of A. Depending on the duration of the meeting and the physical proximity of A & B, the information would be used to calculate the risk of A getting infected. It would run through different degrees of algorithm to offer interventions including medical support. 

Privacy issues:

While this is fine, controversies soon erupted, because the developers were some of the best brains in tech, the government officials didn't mull over the legal standards which should be used. An example of this short sighted approach was when it became to use without making clear the rules under which the power was employed. Last week this demand was given up for all non-government employees and has now been extended for government employees too. Kant agrees lifting it was a good idea. “We may plan to extend its use for telemedicine. It is necessary that people use it voluntarily. We should be able to pull the  people in solely with its benefits”. Arghya Sengupta, research director, Vidhi Centre for Legal Policy had also pointed out in a webinar that while AarogyaSetu benefits health services was quite necessary, it was necessary to make its use voluntary and not mandated by rules. 

Sawhney says it is legally not possible to make any such app mandatory even for government employees. “To be mandatory, every Indian has to be supplied a smart phone loaded with the app. Otherwise how is it possible to insist it should be mandatory when half the country does not have it”. He says it was poor drafting that made the app mandatory and has now been knocked off. The legislative foundations have to be made clear as this article  points out. 

The more serious criticism of the app came from its demand for location data from those who download it. Since Aarogya Setu was going to be a temporary solution for a limited problem the data collected was supposed to be frugal and deleted from the servers in intervals of 30, 45 and 60 days. The deletion has already begun for the first batches of data collected since April 2. But would the location data conceivably remain, even then?

Kumar is emphatic it cannot remain. There would be no recoverable evidence of personal data after the 60 day period. Neeta Verma, Director General of NIC, the government’s technology arm also said this has been made clear even in the privacy document that accompanies the app. “The language used is as simple as possible and what data is collected from the user, how the collected data will be used and how long will it be retained, have been clearly mentioned”. 

The developer team is fairly certain that even within the 60 day without strong authorisation these location data cannot be accessed by any other department. “The App has clearly defined and delimited how location information is used– only on an anonymous or aggregate basis and for the specific purpose of identifying hotspots, so that proactive increased testing and sanitization of these locations can be done. The App does not continuously monitor any user’s location” reads a government confidential note on privacy of the app.

Why was the location data asked for? The Australian, Singaporean or the South Korean app does not ask for location data. Singapore asks for only the cell number, while India asks for the age and sex. There is of course some justification for asking the data since a lot of what happens in Covid19 has to do with age and sex. The Australian one however creates a “rotation device ID” which makes it difficult for someone who has downloaded the app to mask her or his identity. Even if the person chooses a different device, she can be tracked. India in comparison, to keep the suite light, asked for only a static device ID. But it makes up for it by asking for location data. The location data is however not needed to trace a patient. It can be done through bluetooth. 

The location data instead helps the government to easily identify where a hotspot could be developing. The other ways like the physical enumeration of the spot are more laborious. Aarogya Setu does the job far more easily, says Kumar. “The bluetooth contact tracing of those who reported themselves Corona positive in the app has reached out to over 332,000 people. That allowed the state health authorities to conduct over 24000 tests with a success rate of close to 30 per cent”.

A key test to do all this was the QPI (QuickPath Interconnect) speed of the app. QPI measures the speed at which a computer or an application like Aarogya Setu functions. It was necessary to be high since at any point of time millions of people were expected to use the app. It was here that Aarogya Setu which faced quite a bit of competition from competing apps developed by other departments, came out the winner. It was able to handle download speeds way ahead of others. Kumar ascribes a large part of the success here to Amazon Web Services. “They have been an absolute rock in this process, supporting both with backend architecture and the requisite cloud server capabilities”. 

Still quite typical of government projects, to build a larger support the initial names were picked from the competitors. “It was Corona Kawach developed by National EGov team and there was Cowin, the name a play on the name of Covid, developed by another team. But finally it was decided to call it Aarogya Setu after the PMO offered this name”, said a source. 

At its peak there were about 60 software engineers who worked through March and April to make the app become the tool that it is. “You should have seen the level of energy among the teams operating full tilt under lockdown from Bengaluru, Gurugram and Delhi”, said Kant. Even now there are about 25 of them at various locations and the numbers may have to be ramped up, now that the codes have become public.  

Once the product was standardised experts like Lalitesh Katragadda, who set up Google's India operations nearly two decades ago and V Kamakoti professor in the department of computer science and engineering at Indian Institute of Technology, Madras provided substantial value add, subjecting those to intense security checks.  

Once the PMO support was made available, competition to be associated with Aarogya Setu intensified. After it was made public, its ownership was taken over by the government’s National Informatics Centre under Sawhney’s ministry of information technology. 

Both Kumar and Sawhney are clear that despite the scale of the download, the battle against Covid19 has to be fought by the health ministry and others on the ground. While South Korea achieved a lot of success with contact tracing, the lack of social distance in the crowded hotspots of the Indian cities makes its use limited. 

National Health Stack:

What happens to the app after the pandemic has run its course? Kant is quite optimistic that its popularity and recall value gives a great chance to expand its use. “The App is quite scalable and has been built with open standards, so it can be interoperable with other government applications. We've already integrated e-pass with Aarogya Setu, the integration was almost effortless due to the open ecosystem of Aarogya Setu”, adds Verma. 

Yet, Sawhney is more circumspect. “We have taken the information from the people with their express consent that it would be used only for Covid19. To extend its use we shall need fresh consent”, he says. 

It is the same concern that animates Sharad Sharma of iSPIRIT Foundation, a non-profit technology think tank when he lays out his vision of a national health stack in a webinar. The concept of the three layer health stack to bring down cost of health care in the country is derived from the successful development of Aadhaar. The primary data has to be controlled by the user, he notes in his presentation. So when a user visits a health lab, a clinic or a hospital, the information should be digital but should remain in a health locker only accessible to her. A “federated architecture” which aggregates her health records from different sources must be based on her consent to share the same which only can then be offered to insurance providers and health apps like Aarogya Setu. 

As of now, after 60 days, no personal information of any person is available in the contact tracing app. “It is totally anonymised, so even if any government agency wishes to, it will not be able to source back”, Kumar says. He says this process is non-reversible. Sawhney said this was done to make it compatible with the personal data protection bill, which is now with a Parliament select committee. So is this the end of the road for the contact tracing app?

Integrating it with the national health stack is still some way off. The health departments at the centre and the states will be at full stretch in the next few weeks as the spread of Covid19 reaches its peak. The telemedicine architecture, is itself on the back burner as of now. So despite its success Aarogya Setu will have to wait for some time, it seems. 

Yet as both Sawhney and Kant repeatedly use the term Team India to describe the performance where both the private and the public sector brought in a vast energy to a project, they are both loath to let go.