How Businesses can Check Health Status of Employees with Aarogya Setu

How employers can use the Aarogya Setu API to automatically check the health status and COVID-19 risk level of their staff members.

Published in: IndiaGoogle Apps Script

The Government of India has recently introduced an “open API” for Aarogya Setu, the world’s most popular contact tracing app that has more than 110 million users across the Android and iOS platform. The Aarogya Setu API, in simple English, will help organizations automatically check the health status of their employees.

Currently, when an employee enters his or her office, they are required to show their Aarogya Setu app at the reception and are allowed entry only if the status is green meaning they haven’t been in proximity of an infected person. With the API in places, business can automatically know the risk level of their employees.

This could save some effort since the HR department can create a Google Sheet with the phone numbers of all employees and a Google Script can automatically get the health status of each number in that list. The script can then email the list of employees who are at moderate or high risk for further action.

Also see: Covid-19 India Tracker

How to Use the Aarogya Setu API

You can sign-up for the API at This isn’t a straightforward process – you have to send an email and approval is granted only if your business has more than 50 employees. Assuming your business has been granted access to the API, here’s how you can use it with Google Sheets and Google Scripts.

class AaryogyaSetu {
  constructor({ apiKey, userName, password }) {
    this.apiKey = apiKey;
    this.userName = userName;
    this.password = password;
    this.api = "";
    this.token = null;

  getToken() {
    if (this.token === null) {
      const { token } = this.fetch("/token", {
        username: this.userName,
        password: this.password,
      this.token = token;
    return this.token;

  getUserStatus(phone_number) {
    const { request_id, request_status } = this.fetch("/userstatus", {
    return request_status !== "Approved";

  fetch(endpoint, payload) {
    const mimeType = "application/json";
    const headers = {
      Accept: mimeType,
      "Content-Type": mimeType,
      "x-api-key": this.apiKey,
    if (endpoint !== "/token") {
      headers["Authorization"] = this.getToken();
    const options = {
      method: "POST",
      contentType: mimeType,
      headers: headers,
      payload: JSON.stringify(payload),
    const url = `${this.api}${endpoint}`;
    const response = UrlFetchApp.fetch(url, options);
    return JSON.parse(response.getContentText());

const main = () => {
  const aarogyasetu = new AaryogyaSetu({
    apiKey: "xyz1234",
    username: "",
    password: "India1234",

  const phoneNumber = "9760008500";
  const userStatus = aarogyasetu.getUserStatus(phoneNumber);
  if (!userStatus) {
    console.log(`The Aarogya Setu status of ${phoneNumber} was denied`);

When you make a request to the Aarogya Setu API requesting the risk status of an employee identified by their phone number, a notification is sent to the Aarogya Setu user. If they approve the status (or if they have pre-approved the request earlier), a POST request is made to your callback URL with the help status of the user.

The Google Script can be published as a web app with the doPost method and that be used as a callback URL for the Open API.

Source link

Cyber firm, govt spar over Aarogya info theft risk | India News

NEW DELHI: Data of over 150 million Indians shared with the Aarogya Setu app runs a “significant risk of theft or abuse”, a security audit firm working with the ambitious contact-tracing programme has alleged, claiming that it was not heard when it warned the government on the potential weaknesses.
While the government was quick to dismiss the claims, published by security audit firm ShadowMap in a blog that has now been taken down, as “completely unethical and in violation of the terms of engagement with the project”, the issue assumes serious proportions considering the large amount of vital data that the app has gathered and possesses.
ShadowMap (digital risk management firm) is a sister firm of Security Brigade, a company which had originally worked on the network security aspects of the Aarogya Setu app.
In a blog post, Yash Kadakia, ShadowMap founder and Security Brigade CTO, said his company managed to get access into Aarogya Setu and was able to discover the source-code for entire platform, including back-end infrastructure.
The company said that by managing to pass the two-factor authentication process, it was able to access a host of critical technical data housed within the Aarogya Setu website.
In an official statement (that was withdrawn after the blog was taken down), the government had said that Security Brigade had “misused their engagement with Aarogya Setu code review”. The government claimed that a security audit of the app was also made through Data Security Council of India, and also by Security Brigade.
“Pulishing an article on issues that they came to know as part of the code review violates the basic principles of ethics and propriety and seems to be done with a malicious intent of creating a sensation and attract attention to the firm… (it) is complete breach of trust,” the statement said. ShadowMap, however, said that they had shared the breach with senior officials of government agencies. “However, we did not receive any response from them. The issue was silently fixed.”

Source link

Indian Gig Workers For Swiggy, Zomato, Dunzo, And Ola Forced To Install Aarogya Setu To Work

Thousands of gig workers employed by app-based delivery or ride-hailing services in India want those platforms to stop forcing them to install a controversial government-backed coronavirus contact tracing app.

The app, called Aarogya Setu, requires constant access to GPS and Bluetooth data, and has drawn criticism from around the world for enabling state surveillance.

Although the Indian government hasn’t made the app legally mandatory, the country’s citizens have often found that they’ve had no choice but to install it for things like taking flights and trains, visiting pharmacies and malls, and accessing ATMs. Last month, Noida, a city on the outskirts of India’s capital, New Delhi, threatened people who didn’t have the app installed with jail time.

Despite this, private companies with millions of dollars in venture funding — including apps for food delivery, like Zomato and Swiggy, and ride-hailing, like Ola, which are powered by thousands of gig workers across the country — have made it mandatory for workers to install the app if they want to make a living off those platforms.

“Most gig workers in India who work for app-based tech platforms as delivery men in cities are semiliterate migrants from small towns around the country who do not understand the privacy concerns around contact tracing apps,” Shaik Salauddin, national general secretary of the Indian Federation of App-Based Transport Workers (IFAT), a union that represents more than 35,000 gig workers across 16 cities in the country, told BuzzFeed News. “The tech platforms that they work for are exploiting this by making it mandatory for them to install this app.”

Earlier this month, the IFAT asked India’s largest services for food delivery and ride-hailing, including Zomato, Swiggy, Ola, and Dunzo, to allow gig workers to do their jobs without having the contact tracing app on their phones, a rule that the platforms imposed shortly after the national government launched Aarogya Setu in early April.

“Nobody in any company has listened to us so far,” said Salauddin.

An Uber spokesperson told BuzzFeed News that although the company has “advised” drivers to download the app, it was not mandatory yet. The spokesperson declined to comment on whether Uber would enforce it in the future.

“Apps like Aarogya Setu play a key role in keeping a check on the status of the zones affected by COVID within their vicinity. It also helps them to keep a daily check on their health status and guides them to proceed for work upon receiving a green status. Hence, we have made the use of the app mandatory for them,” a Swiggy spokesperson told BuzzFeed News.

Zomato and Ola did not respond to BuzzFeed News’ request for comment. Dunzo declined to comment.

Millions of Indians have spent the last few months locked indoors because of a strict nationwide coronavirus lockdown. Although orders are down compared to normal, people have been relying on thousands of gig workers for deliveries of food, groceries, medicines, and other essentials. Gig workers were deemed “essential” by most states during India’s nationwide lockdown and were one of the few people allowed to do their jobs during the last few months. Platforms have used them as a part of promotions and public relations, hailing them as “superheroes” who are providing critical services to a nation of 1.3 billion people. A Swiggy spokesperson called delivery people working for its platform “Hunger Saviours continuing to deliver food to those in need” in a statement to BuzzFeed News.

But in reality, many gig workers say they have been treated apathetically. They have demanded that their employers provide personal protective equipment like masks, gloves, and sanitizers, and they have complained about being forced to put in longer hours to make ends meet thanks to plummeting demand for food delivery from customers worried about getting infected through takeout containers. Some companies like Swiggy say that they provide gig workers with masks “on a regular basis” and reimburse them for sanitizers.

Now, they say that being asked to install a contact tracing app steeped in the controversy around privacy and surveillance is the final straw.

“Nine out of ten workers who work for delivery apps in the country are not very literate. They don’t understand English, and they don’t understand privacy concerns. They care about making a living,” Dharmendra Vaishnav, president of the Indian Delivery Lions Association, a union of more than 5,000 gig workers in the state of Rajasthan, told BuzzFeed News. “But there are some of us who are a little more aware of the controversies. We read newspapers, we’re on social media, and we know what people are saying about this app. That’s enough reason to push back.”

The IFAT’s recent statement against Aarogya Setu is a part of an ongoing pushback from gig workers in the country against what they see as a coercive step by the platforms. Last month, a group of 37 organizations in India including a handful of labor unions sent a letter to the prime minister’s office as well as to federal IT and labor ministries, urging them to consider the impact of the app on the “privacy, autonomy and dignity of workers.” Later that month, India’s government softened its stance on mandating that private employees have the app installed and said that workplaces should simply try their best to ensure employee compliance.

But nothing changed for gig workers, whose companies continue to require them to have the app installed on their phones.

These workers, experts say, are particularly vulnerable.

“Platform workers haven’t been able to push back against being required to install this app because doing so would mean no work,” said Kaveri Medappa, a PhD scholar at the University of Sussex who is researching issues faced by blue-collar delivery workers of the tech platforms that power India’s modern gig economy. “There is an extremely unequal power relation at play here. Workers have to simply accept arbitrary conditions imposed by these platforms because there’s no choice.”

None of the platforms require customers to have Aarogya Setu installed to use their services. “It’s glaring how almost all of the ‘safety measures’ devised by these platforms keep only the customer in mind and not the workers,” Medappa said.

Other experts, like Vinay Sreenivasa, a researcher at the Alternative Law Forum, a legal organization in Bangalore that works on issues of social justice, think that making gig workers install the contact tracing app is about optics. Most food delivery apps in India, for instance, now prominently display a banner saying that the delivery worker who picked up an order has Aarogya Setu installed on their device. “Who are these companies trying to protect?” Sreenivasa asked. “Their workers or their customers? They just want to show customers that they have made all delivery workers install the app.”

Source link