Android Users Sue Google Over Alleged Security Flaw Exposing COVID-19 Contact-Tracing Data

Screenshot of CA Notify website. A proposed class action is asking a federal court to order Google to fix an alleged security threat that makes the company’s COVID-19 contact-tracing system developed with Apple less “privacy-preserving” than the tech giants claimed.

Nearly 40 countries and dozens of U.S. states, including California, use the Google-Apple Exposure Notification System (GAEN) for their coronavirus contact-tracing apps. The system leverages Bluetooth technology and deploys safeguards such as randomized identifiers, called rolling proximity identifiers or RPIs, and decentralized storage on devices to protect users’ privacy.

In a complaint filed Wednesday in the U.S. District Court for the Northern District of California, attorneys from Lieff Cabraser Heimann & Bernstein assert that dozens of third parties might have access to the system’s stored data on mobile devices, including personally identifiable information and potential COVID-19 exposure results.


With Remote Workers on the Rise, Mobile Devices Expand the Attack Surface, Exposing Critical Infrastructure and Assets

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

In 2020, society endured more social, economic, and structural pressures than ever before, and CIOs, CISOs and IT professionals were confronted with waves of challenges as they scrambled to follow work-from-home mandates and do all they could to keep their teams productive in the context of constant chaos.

Large organizations, whether government agencies or commercial enterprises, had to accelerate their digital transformations, including moving more applications to the cloud, and to identify and address new cybersecurity threats while managing distributed workforces – including the IT teams.

The growth of the mobile workforce and use of company-issued devices, or personal “BYOD” smartphones, tablets, and laptops, is not new. The mobile device management industry has continued to expand over the last two decades – but few could have imagined the urgency, scope, and scale of the conversion to a “mobile first” scenario until it happened in real time.

The accelerated pace of change required business leaders to rapidly adapt their workplace culture, to create more agile communications with customers, to increase employees’ access to tools, including access to web-based information and applications, all while ensuring that the skyrocketing dependency on mobile devices did not compromise enterprise security.

According to Gallup, the percentage of Americans working remotely more than doubled in March 2020, driven by work-from-home orders in response to the coronavirus pandemic. Most experts expect at least some of this shift to be permanent. Even those who have returned partially to the traditional workplace continue to rely on mobile devices, applications, and access to enterprise systems to get work done.

Bring-your-own-device (BYOD) is on the rise, delivering increased mobile flexibility and satisfaction for employees, while helping to reduce IT costs, enhance productivity, and improve security and control for enterprises. The market for BYOD solutions is expected to grow at a compound annual growth rate (CAGR) of 15% annually from 2020 to 2025, reaching over $430 billion in 2025 according to some industry analysts.

Mobility requires a new…