A fix is coming, but data analytics giant Palantir says it’s ditching Android devices altogether because Google’s response to the vulnerability has been troubling.
The article is VERY misleading and probably shouldn’t have been published by Wired in the first place. GrapheneOS clarified the entire situation in this Mastodon thread: https://grapheneos.social/@GrapheneOS/112967309987371034
According to the article, the culprit is showcase.apk, an in-store demo app. I couldn't find it on my P5 running lineage so hopefully that means AOSP / custom roms not based on stock roms are not affected.
The app is also not enabled even on a stock ROM, so the attacker would need to have physical access to your phone, and your password to enable the app before this man-in-the-middle attack could even be performed.