How it all started
Many friends asked me to look at a Czech application for tracking COVID-infected people called eRouška (literal translation from Czech eMask). There are a lot of rumors around this app. For example, that an evil government has decided to establish total control over its citizens and imposes this application on them. I'm not a conspiracy theorist at all, but it really got interesting. The app uses Bluetooth to communicate with other devices in range. It writes this data to its database and receives updates from the server. If there was contact with an infected person, it sends an alert. It was rumored that after this notification, they would immediately be quarantined.
History
The first version of the application was just awful, like all applications of this type developed in different countries. The application could not get into the App Store for a very long time, only after about a month the developers managed to somehow finish it. Then it turned out that on Apple devices it didn't really work, it just consumed the battery. To register on the server, it was necessary to enter a phone number and receive an SMS on it. That already allowed the Ministry of Health to find out who had contact with the infected. This application did not receive much popularity, and the Czech government was forced to admit that the project had failed.
Google and Apple
After looking at this mess, Google and Apple decided to work together and created their own API for writing similar applications. Which, incidentally, gave rise to the second wave of conspiracy theories. For example, after the iOS update to version 13.5, a terrible setting appeared: Exposure Notifications, and even with the coronavirus icon.
5G, , – . « ». API . API eRouška. « » , . , AES, SHA-256 HMAC, !
, . , , Apple Google. Google, Google Play. , . , . , .
Bluetooth
«» BLE (Bluetooth Low Energy Beacon). -, . 2013 Apple iBeacon, 2019, iOS 13, Find My. , . Bluetooth broadcast , . , , - , . , .
, SMS- . , , API Exposure Notifications. . Temporary Exposure Key (TEK) – 16 . , . Rolling Proximity Identifier (RPI). 10 , . TEK HKDF .
: RPI Key AEM Key. RPI , 10- . AEM . , metadata . , padding- RPI . RPI TEK , .
RPI
TEK , , . , , . Google Play :
, 14:
— , . : export.bin export.sig. protobuf , , , TEK. 14 , , 2 . , 31 , , . .
, TEK, RPI Bluetooth, . , , , , . , eRouška , 15 , 2 . -. . . TEK , « ». , TEK, , RPI, . .
. . , :
. . , . , . , , . .
- , . SMS : , , eRouška. . . . , .
, : . , . BLE . , - , . , , , , .
Google Play, . iOS , , . , 12-15% . , , . , , 15664 , 500 . - , , .
« , …» , , . « ». , . , , . , , . , , . , iPhone , . , , . GPS , , . RPI, BLE beacons, , . , , , . , . , -, . , , . , .
Therefore, take care of your data. Use modern devices, set strong passwords, do not leave an unlocked device unattended. This advice is universal and will come in handy in any situation. And don't get sick, of course!
Related links: