More about the vulnerability:
It’s not present in /e/os, right?
It will be in about two weeks but via microG. See latest posts in this Topic: https://community.e.foundation/t/dutch-coronamelder-app-needs-current-g-gle-play-services/
However: as stated in the article, as long as you don’t choose to enable it, there is no way to be tracked via this framework. And without downloading an app that uses it you can’t even enable it by accident.
Absolute privacy and control over data isn’t possible.
/e/OS is the best attempt at tenable privacy and security of your personal data.
Yes, most of these apps won’t work without Google Apps on device or smartphone.
In fairness this is just a corner case (most likely driver or even hardware related) where some network interfaces still send packets (or at least one) with the old MAC. Not perfect but most people will have a much bigger loss of privacy just by having wifi or bluetooth enabled even without any other tracking apps/framework.
Also it’s quite a tame and theoretical attack at least from my understanding and logic. The attacker needs to be in your BLE range constantly (or at least once every 15 minutes at the very right time ) otherwise you’re lost forever, how can that be achieved? Only in two ways, either put some kind of grid with receivers every 5 meters or so … everywhere, like absolutely everywhere (on the streets, in your house, etc.) which is kind of really far fetched or have somebody tail you very closely (which makes it kind of a moot point if you’re leaking the position over BLE or not).