The Android version of Google and Apple’s COVID-19 exposure notification app had a privacy flaw that let other preinstalled apps potentially see sensitive data, including if someone had been in contact with a person who tested positive for COVID-19, privacy analysis firm AppCensus revealed on Tuesday. Google says it’s currently rolling out a fix to the bug.
The bug cuts against repeated promises from Google CEO Sundar Pichai, Apple CEO Tim Cook, and numerous public health officials that the data collected by the exposure notification program could not be shared outside of a person’s device.
AppCensus first reported the vulnerability to Google in February, but the company failed to address it, The Markup reported. Fixing the issue would…