A federal judge has tentatively approved a proposed settlement of a lawsuit accusing Google of exposing sensitive information of Android users who downloaded a COVID-19 contact tracing app.
The deal requires Google to retain changes it made to the contact tracking app in May of 2021, shortly after the security company AppCensus reported on the potential data leak. AppCensus specifically said Google's implementation of a joint Google-Apple exposure notification system placed information in a system log that could be read by pre-installed apps on Androids.
U.S. District Court Magistrate Nathanael Cousins in the Northern District of California granted the deal preliminary approval on Thursday, ruling that the terms were “fair, reasonable, and adequate.”
If finalized, the deal will resolve a lawsuit dating to April of 2021, when California residents Jonathan Diaz and Lewis Bornmann alleged in a class-action complaint that Google violated their right to privacy under California law, as well as a state law regarding medical information.
In addition to retaining May 2021 change to the app, the deal also requires Google to confirm that it doesn't leave health data generated from its contact tracing system exposed.
The settlement doesn't require Google to pay monetary damages to app users except Diaz and Bornmann, who will receive $2,500 each.
Before Google agreed to settle the case, it urged Cousins to dismiss the lawsuit at an early stage.
Google said the lawsuit was “a textbook case about a hypothetical risk of harm," adding that the allegations, even if proven true, wouldn't show that outside parties accessed Diaz's and Bornmann's private information.
Google agreed to resolve the matter before Cousins ruled on the company's argument.
Cousins will hold a hearing on October 11 about whether to grant the deal final approval.