UIDAI launches bug bounty programme to strengthen Aadhaar security
New Delhi, March 11
The Unique Identification Authority of India on Wednesday launched structured Bug Bounty Programme to further strengthen the security of the Aadhaar system, inviting independent cybersecurity experts to identify vulnerabilities in digital platforms.
A panel of 20 experienced security researchers and ethical hackers has been selected to look for possible weaknesses in some of UIDAI's key digital platforms, an official statement said.
They will examine UIDAI digital assets such as UIDAI official website, myAadhaar portal and the Secure QR Code application.
Researchers will check these systems for vulnerabilities classified as Critical, High, Medium and Low risk and will receive rewards in line with the severity of issues they find, the statement from Ministry of Electronics & IT said.
The ministry said the programme is being run in partnership with M/s ComOlho IT Private Limited, a cybersecurity solution provider.
The new Bug Bounty Programme is another example of how UIDAI continuously strives to further strengthen and ensure that its platforms remain secure for residents and stakeholders, the statement noted.
Such programmes are widely used around the world by major technology platforms to make digital systems safer and more future ready.
UIDAI believes information security is critical in today's digital world, and UIDAI is continuously engaged in improving its digital assets keeping people's interest in mind, it added.
The authority already uses several layers of protection, including regular security audits, vulnerability assessments, penetration testing, and continuous monitoring.
UIDAI recently announced covering over 1.03 lakh schools nationwide to facilitate mandatory biometric updates (MBU) for students under Aadhaar. The initiative has enabled nearly 1.2 crore children to complete their biometric updates within their school premises.
The mission-mode drive began in September 2025 following integration with the Unified District Information System for Education Plus (UDISE+) platform of the Department of School Education & Literacy.
— IANS
Reader Comments
Good initiative, but I hope the rewards are substantial enough to attract top talent. Global bug bounties pay lakhs for critical flaws. For something as crucial as Aadhaar, we need the best minds on the job. The security of crores of citizens depends on it.
Finally! This should have been done years ago. With so many data leaks in the news, this brings some confidence. Hope they are transparent about the vulnerabilities found and fixed. Public trust is key.
As someone who works in tech, this is a global best practice. Google, Microsoft, they all do it. It's smart to crowdsource security. The real test will be how quickly they patch the bugs that are reported.
A step in the right direction, but security is an ongoing process, not a one-time programme. Along with this, they must focus on educating the common man about Aadhaar safety - not sharing OTPs, being wary of phishing calls, etc. Janta ko bhi jaagruk hona hoga.
Respectfully, while this programme is good, my concern remains about the mandatory linking and biometric updates for school children mentioned at the end. Are we collecting too much data from our kids? The security needs to be ironclad for their future.
A We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.