Skip to main content

Google will fix an issue that allowed other apps access to COVID-19 contact tracing logs

While it didn’t scale in the way it really needed to, contact tracing was a big deal as tech was utilized in an effort to curb the spread of COVID-19. An issue on the Android side of the Google/Apple COVID-19 contact-tracing API, though, may have allowed other apps access to the logs stored on your device.

Privacy was, understandably, a big priority for the contact tracing APIs that Google and Apple co-developed in 2020 and were widely used in apps from healthcare authorities later in the year. To accomplish that, all of the data was anonymized and stored only on your device, and only accessed when comparing with positive reports of the virus.

A report from privacy analysis firm AppCensus (via the Verge) revealed an ongoing issue with Android’s implementation of the COVID contact tracing API, though. Since at least February of this year, some apps that didn’t need access to contact tracing logs were able to access them. As scary as that sounds, there are two reasons not to panic. First, there’s no evidence of this data being accessed by apps other than those that use the COVID APIs. Second, the only apps that can access the data in the first place are apps pre-installed on the device which, generally speaking, would be considered safe against attacks like these. Still, it’s a loophole that needs to be fixed.

Google has committed to rolling out a fix for this issue, saying that work is “ongoing.” A representative said:

We were notified of an issue where the Bluetooth identifiers were temporarily accessible to specific system level applications for debugging purposes, and we immediately started rolling out a fix to address this.

Speaking to the Markup, AppCensus cofounder Joel Reardon said that fixing this issue is as simple as removing a “few non-essential lines of code,” and that he was “flabbergasted that it wasn’t seen as” such an “obvious fix” by Google.

More on COVID-19:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel



Avatar for Ben Schoon Ben Schoon

Ben is a writer and video producer for 9to5Google.

Find him on Twitter @NexusBen. Send tips to or encrypted to

Ben Schoon's favorite gear