But just as exploits and spyware in whatsapp were not discovered from day one, is it possible one day the same can be discovered about the tracetogether app or even the token? Sorry not very savvy about this.
You don’t even look at the permissions you are granting away and you worry about potential exploits in the future.
TraceTogether accesses camera, Bluetooth and data.
WhatsApp accesses location, contacts, photos, microphone, camera and data.
So for example, an app that has permission to microphone and data can be perpetually listening and sending every conversation that you have.