Google Covid-19 Contact Tracing App Flaw Could Leak Sensitive Health Data: Report
News 18Google, in a rare turn of events, joined hands with fellow big tech firm Apple to bring forth a privacy focused Covid-19 contact tracing effort at the height of the pandemic’s breakout in 2020. The report, coming from The Markup in partnership with the founders of mobile privacy analysis firm AppCensus, states a one-line flaw in the Google Covid-19 contact tracing API that caused apps based on this API to log sensitive and private user data into a device’s system log. Joel Reardon, co-founder and head of forensics at AppCensus, told The Markup that types of private data included in Android device system logs as a result of this flaw included “data on whether a person was in contact with someone who tested positive for Covid-19 and could contain identifying information such as a device’s name, MAC address, and advertising ID from other apps.” This, though, is a flaw in theory, albeit a serious one – while no preinstalled system app has picked up this data and relayed to company servers in known cases, the researchers claim that there’s nothing that actually stops them from doing so. Given that Covid-19 contact tracing already had serious implications of privacy to begin with, it is a bit surprising that Google still chose to deal with the issue in such a lackadaisical manner – and not with the kind of urgency that one would expect from a company already facing serious enough privacy allegations.