• by Wendy Davis  @wendyndavis, February 25, 2022

Google has agreed to settle claims that it exposed sensitive medical information of Android users who downloaded a COVID-19 contact-tracing app, according to court papers filed Thursday.

The court documents, filed with U.S. Magistrate Judge Nathanael Cousins in San Jose, California, did not disclose terms.

Lawyers for Google and the Android users are expected to reveal details of the settlement by March 11.

Attorneys for both sides told Cousins they reached a settlement on February 18, after attending three mediation sessions via Zoom.

If finalized, the deal will resolve a class-action complaint filed last year by California residents Jonathan Diaz and Lewis Bornmann, who claimed that Google violated their right to privacy under California law, as well as a state law regarding medical information.

Diaz and Bornmann brought the complaint several days after the security company AppCensus reported that Google's implementation of a joint Google-Apple exposure notification system placed information in a system log that could be read by pre-installed apps on Androids.

Google previously urged Cousins to throw out the lawsuit at an early stage for several reasons.

Among other arguments, Google said the allegations in the complaint -- even if proven true -- would not show that any outside parties accessed Diaz's and Bornmann's private information.

“They don’t allege that any bad actor has gone to the lengths that would be necessary to decipher a user's identity,” Google wrote in papers filed last year.

“They merely allege it is theoretically possible that someone could have done that,” Google added. “This is thus a textbook case about a hypothetical risk of harm that is not, in any event, fairly traceable to Google’s conduct.”

Google and the Android users reached a settlement before Cousins ruled on Google's request to dismiss the case.