comments are focusing on the protocol's message content which is not the source of the ability to track broadcasters. The ability comes from detecting nuances in the RF signal:
>BLE [snip] imperfections are introduced by the shared I/Q frontend of the chipset (Figure 1). They result in two measurable
metrics in BLE and WiFi transmissions: Carrier Frequency Offset (CFO) and I/Q imperfections, specifically: I/Q offset and I/Q imbalance.
Section IV of the paper, "Challenges", is interesting reading. As expected CFO displays a strong temperature dependence, causing wrong identifications. Further, I/Q characteristics tend to be close for a given chipset, so I/Q imperfections are more or less identifying the chipset. It's easy to detect different models of phone, but harder to detect individual phones. It doesn't strike me as a serious threat (yet).
A fun exercise would be to synthesise the detection of all phones in the area. By monitoring CFO over a period of time for lots of phones distributed over an area, maybe it would be possible to build a temperature profile of the area under surveillance and compensate the CFO measurements for temperature. Whilst crystals do drift with temperature, the frequency of a given crystal is highly repeatable as a function of temperature.
From the CFO the listener could tell what temperature changes the phone is undergoing, but the units would not be calibrated. It you knew the temperature of the phone at a couple of different points then you could derive calibration coefficients to get an absolute temperature. If the CFO temperature dependence turned out to be repeatable between phones then knowing the model of the surveilled phone you might be able to calibrate with only one known temperature, or none if the CFO characteristics are the same for all phones (unlikely).
A fun exercise would be to synthesise the detection of all phones in the area. By monitoring CFO over a period of time for lots of phones distributed over an area, maybe it would be possible to build a temperature profile of the area under surveillance and compensate the CFO measurements for temperature. Whilst crystals do drift with temperature, the frequency of a given crystal is highly repeatable as a function of temperature.