Data logged by Android contact tracing apps, which are to remain private on the local device, can be read by privileged pre-installed apps (from google, your phone manufacturer or its partners).
A stock Xiaomi Redmi Note 9, for example, has 54 preinstalled apps with elevated permissions.