I understood, when the app has sent the real exposure ID-tuples to the server, it stops to send also pseudo-codes (understood from THL's web-seminar in 2020-08-28)?

Therefore person, the time and the positively tested korona infection can be inferred from the data logs of mobile operators and Wifi-APs. Mobile operators save timestamps, IMSI-code and cell-ID (~location) to the logs. Wifi-AP often logs time, MAC-address and Wifi-access username. Both save amount of data sent and received in that TCP-session (or UDP-"session") to log files.

Data profiles of sessions of just retrieving codes or sending codes are easily identified. After some last time (detected korona infection) the app stops sending codes anymore to the backend IP-addresses => user has been infected (IMSI/MAC/username)

Maybe logs of the mobile operators isn't huge problem, but they often keep logs at least 9 months, which is longer what currently the law (Tartuntatautilaki 21.12.2016/1227 43§) says about how long KoronaVilkku data would be saved in the system.

The logs of Wifi-APs are often more poorly secured and controlled.

This may need to be just issue which cannot be resolved because only way to solve it would be to keep sending pseudo data randomly once a week until korona is over. People would maybe remove the app anyway after korona infection, if it is useless. And that again would highly probably mean conclusion they have been infected.

Hi @zimonth

is "THL's web-seminar in 2020-08-28" available online?

Hi @zimonth

is "THL's web-seminar in 2020-08-28" available online?

Yes, there:
https://thl.fi/fi/ajankohtaista/tapahtumat/tapahtumakalenteri/-/event/6405135
(link) "Katso webinaarin tallenne tästä"
In place 47:50/57:30 he says, after the actual exposure codes has been send, the app no longer send pseudo codes anymore and "does not actually work anymore".

One possible solution would be to request to turn WiFi-network access off (it it is on) when a PIN-code to send exposure-data is inputed. Give information to a user Wifi-networks may not be as secure as mobile networks and this is an extra precautionary measure a user may want to take.

The government also could add legislation which would be enforced by Finnish Data Protection Superisor (Tietosuojavaltuutettu) so mobile operators would not log "normal" network traffic to KoronaVilkku-backend servers.

To keep users from uninstalling the app after the infection, and obfuscate data analyse attacks, the app could still keep retrieving information from the servers and as in the iOS version, would keep telling how many exposure incidents the system has reported that far. Give motivation to keep the app running to the end of the epidemic although user's own usage has changed.

App will also stop sending regular dummy POSTs to backend when it's uninstalled or wifi/4G is turned off. At least the latter is much more likely than the user getting infected.

This risk has been noted, but will not cause further action.