Removed the hash salt when calculating the hash of the device's MAC address#482
Removed the hash salt when calculating the hash of the device's MAC address#482this-Aditya wants to merge 2 commits intomasterfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request removes the hash salt mechanism from Bluetooth MAC address hashing. The changes simplify the code by eliminating the randomized salt that was previously concatenated to MAC addresses before hashing, removing related SharedPreferences storage logic, and cleaning up unused imports.
Changes:
- Removed hash salt generation and storage logic that used SharedPreferences and ThreadLocalRandom
- Updated MAC address hashing to use the raw MAC address without salt concatenation
- Removed the hashSaltReference field from PhoneBluetoothDeviceScanned messages
- Improved code readability by replacing magic numbers (10, 11, 12) with BluetoothDevice constants (BOND_NONE, BOND_BONDING, BOND_BONDED) in the toPairedState() function
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| send(bluetoothScannedTopic, PhoneBluetoothDeviceScanned.newBuilder().apply { | ||
| this.time = currentTime | ||
| this.timeReceived = currentTime | ||
| this.macAddressHash = macAddressHash | ||
| this.pairedState = device.bondState.toPairedState() | ||
| this.hashSaltReference = hashSaltReference | ||
| }.build()) |
There was a problem hiding this comment.
The removal of the hashSaltReference field from PhoneBluetoothDeviceScanned messages represents a breaking API change. Consumers of this data who expect or rely on this field will experience issues when this change is deployed. This change should be coordinated with downstream systems, and the schema should be updated to mark this field as optional or deprecated before removing it from the code, following proper schema evolution practices.
| time = currentTime | ||
| timeReceived = currentTime | ||
| } | ||
| val macAddressHash: ByteBuffer = hashGenerator.createHashByteBuffer(macAddress) |
There was a problem hiding this comment.
Removing the hash salt makes MAC address hashes deterministic across all devices and time periods. This significantly weakens privacy protection because the hashes can potentially be reversed using rainbow tables or dictionary attacks on known MAC address patterns. The same MAC address will always produce the same hash, making it easier to track devices across different users or time periods. If privacy is a concern, consider keeping the salt or using a more secure hashing approach with proper key derivation.
| pairedDevices.forEach { bd -> | ||
| val mac = bd.address | ||
| val hash = hashGenerator.createHashByteBuffer(mac + "$hashSaltReference") | ||
| val hash = hashGenerator.createHashByteBuffer(mac) |
There was a problem hiding this comment.
Removing the hash salt makes MAC address hashes deterministic across all devices and time periods. This significantly weakens privacy protection because the hashes can potentially be reversed using rainbow tables or dictionary attacks on known MAC address patterns. The same MAC address will always produce the same hash, making it easier to track devices across different users or time periods. If privacy is a concern, consider keeping the salt or using a more secure hashing approach with proper key derivation.
| send(bluetoothScannedTopic, scannedTopicBuilder.apply { | ||
| this.macAddressHash = hash | ||
| this.pairedState = bd.bondState.toPairedState() | ||
| this.hashSaltReference = hashSaltReference | ||
| }.build()) |
There was a problem hiding this comment.
The removal of the hashSaltReference field from PhoneBluetoothDeviceScanned messages represents a breaking API change. Consumers of this data who expect or rely on this field will experience issues when this change is deployed. This change should be coordinated with downstream systems, and the schema should be updated to mark this field as optional or deprecated before removing it from the code, following proper schema evolution practices.
No description provided.