Aarogya Setu’s new feature to help businesses function during Covid-19 pandemic: Govt
Using the ‘Open API Service’ feature, organisations can check the health status of their employees or any other Aarogya Setu user, who has provided consent for sharing their status.
The team handling the Aarogya Setu application has rolled out a new feature to enable businesses to resume their operations while following protocols amid the Covid-19 pandemic, the ministry of electronics and IT said on Saturday.

The Open API Service will help organisations check the status of Aarogya Setu users and integrate it into its various work from home features, according to the ministry’s statement.
Any organisation or entity registered in India with more than 50 employees can use the Open API Service of Aarogya Setu. Using the new feature, organisations can check real-time updates and the health status of their employees or any other Aarogya Setu user, who has given consent for sharing information.
The Open API shall only provide the Aarogya Setu status and the user’s name and no other personal data can be accessed using the medium, the ministry said. Firms can register for Open API Service using this link https://openapi.aarogyasetu.gov.in.
Aarogya Setu, the government’s mobile phone-based contact-tracing application meant to identify people with Covid-19, has helped identify more than 30,000 virus hotspots, thus, assisting health officials and administration to take necessary precautionary steps, the statement said.
Several cybersecurity experts, however, have targeted the application over privacy concerns. Earlier this month, threat intelligence firm Shadow Map published in a blog post that it found the log-in credentials used by developers of Aarogya Setu sitting, possibly by accident, on a government website, allowing them to gain access to large parts of the code and other software infrastructure that, if accessed by hackers, could expose location, contact, and health data of the users.
The government, however, refuted the claims as “malicious, nefarious and unsubstantiated” and assured users that no data has been compromised due to the alleged vulnerabilities.
