The Android version of the Google and Apple COVID-19 contact exposure notification app had a bug that allowed other apps preinstalled see this private data.
It even made it possible to know if a contact had been with someone who had tested positive for COVID-19. This security flaw was published today by the firm AppCensus.
Google has already launched a solution for the COVID-19 application
The guys at Mountain View were quick to respond and are already rolling out a fix for this bug. Immediacy and rushing to fix it is due to the promise given firmly
The two promised that the data collected by the notification app in the event of exposure to COVID-19 would never be shared out of device of the user.
Indeed AppCensus informed Google of the existence of this vulnerability to Google in February, but could not correct it in time. A solution that seems to have to do with removing a few lines of code of no major importance.
José Castañeda, spokesperson for Google, mentions that have been informed of a problem with Bluetooth credentials
On Android, the problem is that preinstalled applications can access these specific system levels, which gave them the opportunity to see this human tracking data in the app created by Google and Apple.
Since the signing, it has been communicated that there is no indication that these applications would have obtained one of these data
Amazon Echo Show 10 reviews
Samsung Galaxy A72 review
Nubia RedMagic 6 Review
Xiaomi Mi 11 Lite review
Análisis Amazfit T-Rex Pro
Huawei FreeBuds 4i review
Análisis OPPO Find X3 Pro
Análisis Xiaomi Redmi Note 10 Pro