Aarogya Setu on late Tuesday issued a statement explaining how it collects and manages location and user information after French hacker Robert Baptiste, who goes by Elliot Alderson on Twitter, flagged a “security issue” in the contact-tracing application.

“No personal information of any user has been proven to be at risk,” the statement read. The app makers also reiterated Aarogya Setu’s privacy policies which are accessible from the app itself. The app collects user location and stores them on the server which is said to be in a “secure, encrypted, anonymised manner”. The user’s location is fetched when they register, self-assess and when the user submits their contact tracing data voluntarily through the app, the statement added.Aarogya Setu✔@SetuAarogya

Statement from Team #AarogyaSetu on data security of the App.

The hacker also responded to Aarogya Setu’s statement hinting that he will most likely reveal more details later today.

Basically, you said “nothing to see here”

We will see.

I will come back to you tomorrow.

Aarogya Setu was launched back in March shortly after the lockdown started in India. It is the government’s official Covid-19 contact tracing app developed by the National Informatics Centre under MeiTY. The app is so far said to have around 90 million users within a little over a month since its launch. It has also had its fair share of criticism from experts over the collection of user data and location.

Aarogya Setu has also been made mandatory for all government and private employees. Residents in Noida may also reportedly be booked by the police if they don’t have the app installed on their phone.