Apple devices are disproportionately impacted by SensorID due to the more rigorous calibration processes they go through at the factory, but the good news is that Apple addressed the issue in their March release of iOS 12.2. Junk data is now added to the calibration data to eliminate the fingerprint.
On the other hand, Google has yet to address the vulnerability, leaving some Android devices still open to this attack. It's mainly the higher-end Androids that are vulnerable as the less expensive devices often skip the sensor calibration step to save on cost, thus there exists no calibration data on the device to exploit. Google researchers are supposedly looking into the issue.
Even if your device is open to a calibration fingerprinting attack, there are still plenty of simpler attacks that cyber criminals (or advertisers) are more likely to leverage before one like SensorID.
While that's not exactly comforting, hopefully SensorID has been cut off at the pass before it could become a bigger problem.