Network traffic analysis attack is possible as sendFakeInfectedRequest is never referenced in code
secursive opened this issue · 1 comments
secursive commented
In order to confuse network traffic analysis attack, it is necessary by design to send dummy request of same size and periodicity as real requests for potential infection. A method has been defined to do that: sendFakeInfectedRequest, but this method is never actually referenced in code.
simonroesch commented
This is correct. The including client needs to make sure to call this method, which is done for example in the swiss case here https://github.com/DP-3T/dp3t-app-android-ch/blob/develop/app/src/main/java/ch/admin/bag/dp3t/networking/FakeWorker.java#L86 along with the fake request to the health authority to get an authorization token for a positive test result.