1/ 13
Techies, federal government will pay you up to Rs 4 lakh to ‘enhance’ Aarogya Setu app: All information
The
… Read more
2/ 13
Anyone with technical knowledge can participate in the Aarogya Setu bug bounty program
” Everybody, including scientists and users of Aarogya Setu, are encouraged to report any vulnerability affecting the personal privacy and info security posture of Aarogya Setu application,” as per the terms and conditions.
… Read more
3/ 13
How to inform security or personal privacy improvements of Aarogya Setu app
” Security or Personal privacy related flaws found by the security researchers must be informed to: as-bugbounty@nic.in just, with subject line: Security Vulnerability Report, so that Aarogya Setu team can first validate the vulnerability (if any) and take action to fix the vulnerability. Doing so will be called ‘responsible disclosure’ and just such accountable disclosures shall be eligible for rewards.”
… Learn More
4/ 13
How to report improvements to the source code of Aarogya Setu
” Any improvements to the source code of Aarogya Setu can likewise be reported to as-bugbounty@nic.in, with the subject line: Code Enhancement.”
… Read more
5/ 13
You will require to offer proof or proof of concept of the vulnerability that you report
Security Researchers will require to record their findings thoroughly, supplying actions to recreate and send a report to: as-bugbounty@nic.in. Reports with total vulnerability information, consisting of screenshots or video of POC, are vital for being eligible for reward.
… Learn More
6/ 13
Only unrooted phones running a variation of Android supported by Aarogya Setu will be eligible
Based on the guidelines, vulnerabilities ought to be exploitable on an unrooted phone running a version of Android supported by AarogyaSetu, with ADB Handicapped and with all default Android security features in location.
… Learn More
7/ 13
Only these 3 classifications of vulnerabilities are qualified for a reward:
According to the rules of the bug bounty program shared on the MyGov.in website, only these three classifications of vulnerabilities will be qualified for a benefit:
– By making use of the vulnerability, one need to have the ability to access an individual’s Aarogya Setu information on an Android phone, or remotely send a self-assessment through the phone.
– By making use of the vulnerability, one need to be able to access other individuals’s information from a person’s app or phone– aside from their own Aarogya Setu information and aside from Digital ID (DiD) data relayed by bluetooth in the vicinity of the phone.
– The vulnerability ought to be able to compromise Aarogya Setu servers or hack the servers such that the servers become buggy, crash or expose any personal information other than the user’s own data or services currently offered by the existing APIs.
… Find Out More
8/ 13
The issue needs to be discovered on the Aarogya Setu platform or its source code and any other platforms
The reported vulnerability must exist in the Aarogya Setu app or its source code or back-end server. Any vulnerabilities or exploits which relate to the platform (i.e., operating system, Cloud, Web server, database … etc) and technology/services (like Bluetooth, GPS, SMS … etc), will not be thought about for the bug bounty benefit.
… Learn More
9/ 13
Tips for improvement should be around enhancing Aarogya Setu app performance
As per the rules, the suggested code improvement should have a considerable effect on the app’s overall efficiency improvement, battery use reduction, memory and bandwidth decrease. There should be a minimum of 10%or more performance impact over and above the existing performance of the app on all supported Android variations.
… Learn More
10/ 13
The benefit for discovering security vulnerabilities is up to Rs 3 lakh while for recommendations it depends on Rs 1 lakh
As per the guidelines, the optimum reward depends on Rs 1 lakh per vulnerability. Submission can be done for one individually or for all three. For ideas, the maximum benefit depends on Rs 1 lakh.
… Read more
11/ 13