[colmmacc]

There isn't enough space in bluetooth IDs to include a cryptographically signed timestamp, there isn't even really enough space to include a cryptographic signature for everything ... in the the Apple/Google design the Bluetooth power level is left unsigned due to space constraints. It really is a very very small amount of space.

An alternative design involved bluetooth IDs broadcasting small 63-bit ECDH shares and devices performing pair-wise key agreement. This would raise the difficulty level of replay attacks; they'd need to be bi-directional and roughly time synchronized (within a ~15 minute window) but it had other trade-offs including reducing the efficacy of the app due to bi-directional message receipt being required, and ballooning the amount of data that needs to be distributed to detect infection risk. So it wasn't taken.