What the app lacks also sets it apart. India has no national data privacy law, and it’s not clear who has access to data from the app and in what situations. There are no strong, transparent policy or design limitations on accessing or using the data at this point. The list of developers, largely made up of private-sector volunteers, is not entirely public.

Kumar stresses that the app was built to the standards of a draft data privacy bill that is currently in the country’s parliament, and says access to the data it collects is strictly controlled. But critics have expressed concern because it is not open source, despite an Indian government mandate that its apps make their code available to the public. Kumar says that this is a goal for Aarogya Setu and will happen down the line, but he could not confirm a timeline or expected date.

When Aarogya Setu was first announced, the Indian government did seek consent, and using the app initially sounded voluntary. Today, at least 1 million people have been given orders to use it, including central government workers and employees of private companies like the food delivery services Zomato and Swiggy. It’s a well-practiced tactic in India, where “voluntary mandatory” technology has a history of being used as a gatekeeper to certain important rights.

While India is the only democracy to make its contact tracing app mandatory for millions of people, other democracies have struck deals with mobile phone companies to access location data from residents. In Europe, the data has largely been aggregated and anonymized. In Israel, law enforcement focused on the pandemic has used a phone tracking database normally reserved for counterterrorism purposes. The Israeli government’s tactics have been the subject of a legal battle that made its way up to the country’s Supreme Court and legislature.

Not transparent

Many of these difficulties can be traced to a lack of transparency. Neither the privacy policy nor the terms of service for the app were publicly accessible at the time of publication, and the developers have not shared them despite requests. Since the app is not open source, its code and methods can’t easily be reviewed by third parties, and there is no public sunset clause stating when the app will cease to be mandatory, although Kumar says data is deleted on a rolling basis after, at most, 60 days for sick individuals and 30 days for healthy people. And there is no clear road map for how far India’s national and state governments will go: one recent report said the government wants Aarogya Setu preinstalled on all new smartphones; another said the app may soon be required to travel.

In the early days of the app’s development, Kumar said it would leverage the technology being jointly developed by Apple and Google for iPhone and Android. That system will be released in just a few days, but it now comes with rules that include requiring user consent and banning location tracking—neither of which Aarogya Setu complies with. Kumar says Google engineers have been in close contact with Aarogya Setu’s developers, and his team will evaluate whether they can still implement the decentralized Silicon Valley system, which is intended to preserve privacy. Google and Apple have fast-tracked the app into both the Android and iOS app stores.

But there are still deep concerns that blurring the line between voluntary and mandatory, and between privacy-preserving and privacy-invading, will have long-term consequences.

“There is no effort made by the state to earn citizen trust,” says Anivar Aravind, executive director at the civic-technology organization Indic Project. “Here are a set of private-sector corporate volunteers, with no accountability, that built an app for governments that is forced to personal devices of everyone.”