I don't really understand this but this is the answer I got from the dev (copy and pasted from text) Just answer master tin-can will be switched to adhoc and the slave tincan will connect to that. Adhoc APN changes everytime and has a unique password for security reasons. Only tincan can connect to this network, if anyone install a packetsniffer on their phone and become the master they can get the mac address of clients but thats normal and thats how networks work. Getting mac address of another person doesnt create any immediate threats
for the use-case that TinCan is intended for, it would be prudent to consider mac sniffing a threat. if a state-level adversary can collect your mac addr, they could track you in a way similar to what grocery stores do already, noting your presence or absence at subsequent events, or even spot you somewhere else. we know that police already set up wifi sniffers at protests, and there's no reason to expect that practice to decrease, so you should probably have TinCan spoof a random mac addr on boot if not every time a new master is chosen.
AFAIK there is no way to determine if you are the originator or propagator unless someone physically has your phone, and your username remains. I'll verify this and get back. Thus, your address should only be linked to TC propagation but not a specific username. Btw it's a use case, but not the only one. :)
This is correct. The phones store and push all messages on the phone. The message is the username, time code, and the message. There is no way to tell which message came from which phone.