Report Reveals that The Android Devices Have Leaked Data to Other Apps from The Contact Tracing App

When the pandemic hit last year, the whole world despite having differences joined hand together to fight the deadly disease. Same happened with Google and Apple who despite being the two most top competition rivals in the mobile and tech industry came together and introduced an application which helped people to trace their Covid19 contact.

A contact tracing API which uses Bluetooth and GPS data to provide a low-cost solution to find out who those infected with Covid-19 came in contact with and though it can be done manually as well, tech giants and governments around the world decided to work together to use technology to stop the virus' spread and make this tracing easier with the technology of the smart phones.

However, it has been disclosed recently that if you have a Contact tracing app installed in your phone there is a possibility that it may be leaking your personal data to other applications.

Google and Apple had developed an Exposure Notifications System (ENS) to power contact tracing apps, however, the sensitive data somehow reached hundreds and thousands of third parties apps on Android that was being collected from the user’s device. This happened because Google had stored all the data from the ENS in their system logs for Android phones and the search giant allows not all but some hardware manufacturers, telecoms and commercial partners which can pre install these privileged applications and hence are able to read these system logs on Android.

Further on this contact data tracing issue, forensics lead of AppCensus, Joel Reardon said that Xiaomi's Redmi Note 9 allows 54 apps to read system logs while the Samsung Galaxy A11 does so with 89 apps and therefore many applications do not need a device's contact tracing data if it shared with them through Android.

Google when found out about the data from contact tracing applications being leaked did not immediately took action. When this issue wasn’t acknowledged by Google at first, then AppCensus made it public after 60 days of waiting. However, the company has now addressed this issue saying that from their research they have concluded that these Bluetooth identifiers do not reveal a user's location or provide any other identifying information and we have no indication that they were used in any way nor that any app was even aware of this. According to Google, the update to fix this issue has been launched and will be rolling out in a few weeks.

Read next: Google Claims Its Play Store Has Become More Efficient At Dealing With Data Siphoning Apps Via Machine Learning and Better Policy Enforcement

Previous Post Next Post