Google breach allowed access to information from users of COVID apps

May 3, 2021

On February 19, a new security breach was warned in which Google's system allows access to private records related to the tracking of COVID-19 to certain applications.

In short, the problem lies in the apps pre-installed on Android, which are not only affected but also those that are installed by manufacturers and companies as part of promotions ('bloatware').

This error also revealed the identity of the user, location, contacts, and if he had tested positive for coronavirus.

Investigations determined that Bluetooth identifiers were temporarily accessible for some pre-installed applications (approximately more than 400 mobile apps from Samsung, Motorola, Huawei, and other companies). Although this bug is still present in Android, the solution consists of changing a line of code that does not affect the operation of the COVID tracking or the performance of Android.

Google was informed and proposed a solution but it is expected that all devices will receive the proper Android updates to mitigate the error.

Last year Google and Apple teamed up to create a unique contact tracing system so that the virus would not spread further. To prevent people from feeling invaded, the use of temporary keys that are not shared with a central server was implemented, constantly changing them, as well as preventing governments from obtaining location data.

THETA432 has at its disposal services that may well function as safe when using apps and thus guarantee the protection of user information when leaving their place. Wondering how to back up your personal and sensitive information, and that of others? Contact us and we will advise you to avoid persistent errors in the apps on your devices that could put you at risk.

Authored by

Jorge Daniel Tejeda