Smartphones in a Microwave: Formal and Experimental Feasibility Study on Fingerprinting the Corona-Warn-App

Contact Tracing Apps (CTAs) have been developed to contain the coronavirus disease 19 (COVID-19) spread. By design, such apps invade their users' privacy by recording data about their health, contacts, and partially location. Many CTAs frequently broadcast pseudorandom numbers via Bluetooth to detect encounters. These numbers are changed regularly to prevent individual smartphones from being trivially trackable. However, the effectiveness of this procedure has been little studied. We measured real smartphones and observed that the German Corona-Warn-App (CWA) exhibits a device-specific latency between two subsequent broadcasts. These timing differences provide a potential attack vector for fingerprinting smartphones by passively recording Bluetooth messages. This could conceivably lead to the tracking of users' trajectories and, ultimately, the re-identification of users.