The Corona-Warn-App uses Google’s and Apple’s Exposure Notification Framework for contact tracing, which the two companies have implemented in iOS and Android. To ensure privacy, apps cannot access IDs sent and received for contact tracking.
However, Google writes exactly these into a log file on Android that system apps can access. The problem has been reported to Google, but they have not fixed it within 60 days.
Read more about the threat we have been talking about for a long time in the very informative tweet by Serge Egelman. Click here to read the tweet.