Incorrect scanning for iOS background advertisements

[nrbrook]

The Android App is not using a mask when scanning for iPhone background advertisements. iPhone background advertisement manufacturer data one-hot encodes UUIDs. If an iOS device has multiple background service advertisements, your Android App will fail to discover the iOS device. Instead you can use the partial manufacturer data filter to provide a mask for the manufacturer data when setting it to the scan filter. This should mask out only the bit that matches your UUID.
Manufacturer data:
01 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00
Correct mask to use:
00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00

[robdyke]

Would this affect the work arounds needed to wake iOS devices?

https://www.theguardian.com/world/2020/may/06/critical-mass-of-android-users-needed-for-success-of-nhs-coronavirus-contact-tracing-app

[nrbrook]

Would this affect the work arounds needed to wake iOS devices?

https://www.theguardian.com/world/2020/may/06/critical-mass-of-android-users-needed-for-success-of-nhs-coronavirus-contact-tracing-app

It would mean that Android is less likely to wake iOS devices. But it is a simple fix.

[micolous]

Manufacturer data:
01 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00
Correct mask to use:
00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00

Not quite correct:

You must match the first byte as exactly 01, because this is the Apple-specific overflow area. The remaining bytes are a bitmask.

Otherwise, you will match other types of Apple manufacturer data. I elaborated further in #39 (but closed it as a duplicate of this issue).

[nrbrook]

Ok, so the mask should be

FF 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00

I think

[hubert3]

There is also another scenario that is currently missed by the ScanFilter:

https://github.com/nhsx/COVID-19-app-Android-BETA/blob/acfb01e3c40ac8f35cb85b55208e6efa3a10241d/app/src/main/java/uk/nhs/nhsx/sonar/android/app/ble/Scanner.kt#L67-L73

When another iOS app also advertising a BLE service is running in the foreground and NHSX is in the background, the foreground app's UUID is advertised while the manufacturer area will contain the "mixed" value discussed above.

However the filter looking for backgrounded iOS devices running NHSX COVID-19 expects the UUID to be null, as per the setServiceUuid(null) call.

Hence I think the best ScanFilter for iOS devices in the background would be to omit the .setServiceUuid(null) element as it could be null OR another UUID entirely, and do setManufacturerData with all 3 arguments correctly set as you've suggested above (manufacturerId, manufacturerData and manufacturerDataMask).

I haven't tested yet if this actually works as expected but that's what would seem correct based on my observations of what iOS devices advertise.

[edent]

I'm pasting this message in every active GitHub issue, so you may receive duplicate notifications.

Today, I'm happy to announce that NHSX has released the full git commit history for the Isle of Wight Beta apps.

• Android - https://github.com/nhsx/COVID-19-app-Android-BETA
• iOS - https://github.com/nhsx/COVID-19-app-iOS-BETA

As discussed, we have redacted API keys, sensitive domain names, and some of the developers' personal details. I am still waiting on final approval to publish the server-side code.

I would like to personally thank the community for your comments, bug reports, and vulnerability disclosures. They all went into helping the development process.

The beta trial of this app has now ended and we've moved to the next phase of app development. It is our intention to publish the source code of future apps as the binaries are released to the public.

Once again, thank you for being part of this.

Terence Eden
Head of Open Technology - NHSX