Participate in Aarogya Setu Bug Bounty Programme and Win ₹4 Lakhs

The Government of India made Aarogya Setu app open source. Arogya Setu is a mobile application developed by the Indian government to protect the citizens of India in our combined fight against COVID-19. Along with this Aarogya Setu, bug bounty programme was also announced. Under this programme anyone who reports a bug or suggests improvements in the Aarogya Setu app will be rewarded up to ₹4 lakhs.

The bug bounty programme is open to everyone who knows about the same, and who can report any vulnerability in the Aarogya Setu app. Users who are interested can send an email to bugbounty@nic.in with the subject "Security Vulnerability Report". Users who want to suggest improvements to the source code of Aarogya Setu by sending an email with the subject "Code Improvement".

For the approved reports, the user or researcher will be notified about it. Researchers who notice any vulnerability should not publicly disclose it before it is resolved. This bug bounty programme is not authorised for employees from the Aarogya Setu team, the National Informatics Centre (NIC) and Ministry of Electronics and IT (MeitY).

Researchers will be given an award of up to ₹3 lakhs for discovering and reporting security vulnerabilities in Aarogya Setu. ₹1 lakh per vulnerability will be awarded. When it comes to suggesting improvements in the source code, the researchers will be awarded up to ₹1 lakh.

The bug bounty programme began on May 27, and it will last till June 26. So whoever is interested need to submit their reports within this frame of the time. Find the complete guidelines and rules for the bug bounty programme at