The app is open source now: <a href="https://github.com/BluezoneGlobal/bluezone-app" rel="nofollow">https://github.com/BluezoneGlobal/bluezone-app</a>.
The id generation code is in this library: <a href="https://github.com/BluezoneGlobal/react-native-bluetooth-scan" rel="nofollow">https://github.com/BluezoneGlobal/react-native-bluetooth-sca...</a>
Author here. One interesting aspect that I've learned is the tactics, techniques, and procedures (TTPs) of public opinion brigades, aka Force 47.<p>They tried hard to discrete me. My initial report had an error, that is I didn't know that Bluetooth on Android needs ACCESS_FINE_LOCATION permission. A person pointed this out in a comment -- he posted and rewrote it three times. I said thank you and thought that's that, but then he and a bunch of new people commented that since I made that basic mistake I'm immature and inexperienced, therefore the rest of my findings have no merit.<p>Someone then posted a super long comment, raising a lot of questions about my credibility and intention. The interesting thing is they claimed that they're a student, haven't installed the app, have no intention to do so, but care a lot about privacy. Essentially they want to show that they're merely an underdog bystander standing up against my wrongdoings. I thought this is a very subtle psychological trick, aiming to amplify their attacks.<p>Other attacks are more direct. For example, a person pointed out that since I don't have many followers on Twitter, I'm not a good engineer. They said I didn't really contribute anything to my public research, but I just took credit from my coauthors. That I am only cleaning toilet at Google, there's nothing proud about that.<p>After I posted a rebuttal to the developers' rebuttal, a guy [2] dropped this one-line comment:<p>>cái vụ này bắt đầu thấy nhảm rồi. Lập luận của anh Thái cũng không còn chặt chẽ như trước nữa.<p>Which translates to "This is getting nonsense. Thai's argument is not as strict as before".<p>The title of the guy's blog [3] is, I kid you not, "There's always only one truth: Communist Party of Vietnam.<p>[1] <a href="https://en.wikipedia.org/wiki/Public_opinion_brigades" rel="nofollow">https://en.wikipedia.org/wiki/Public_opinion_brigades</a><p>[2] <a href="https://www.blogger.com/profile/17567201928186857755" rel="nofollow">https://www.blogger.com/profile/17567201928186857755</a><p>[3] <a href="http://phichnuocnong.blogspot.com/" rel="nofollow">http://phichnuocnong.blogspot.com/</a>