In a bid to spread awareness and battle the coronavirus, the Indian government created the Aarogya Setu app. It is meant to alert users if they have come in contact with a Covid-19 positive patient, and what to do in case that happens.

However, according to Quartz, there are major privacy and cyber-security worries regarding the app. It is apparently inconsistent with privacy-first efforts of apps made for Singapore or the US. 

Another obvious issue is that for the app to work, the entire 1.3 billion population of India will need to download it - something that is impossible considering only 500 million of Indians have it.

Source: Economic Times

The main problem is the lack of purpose limitation, which defines what the app will be used for.
Regarding this, the Internet Freedom Foundation said,

To protect people’s right to privacy, countries (including Singapore) say that contact tracing will be used strictly for disease control and cannot be used to enforce lockdowns or quarantines. Aarogya Setu retains the flexibility to do just that, or to ensure comply legal orders and so on.
Source: Business Insider

The Aarogya Setu app lacks any representation from the Ministry of Health and Family Welfare, or any person with a medical background.

The app is also highly vulnerable to cyber attacks, and has no FAQ section. It is also unclear how long personal data is actually stored on the app.

Source: The Print

Considering all of these security concerns, it's understandable why many are looking at the app with a certain degree of worry.