The API spec says:

"Note: The Nearby Connections API does not require the user to authenticate, which means that it can be used even when the user does not want to sign in or sign-in has failed."

"Warning: Messages sent through the Nearby Connections API are not encrypted. Do not send sensitive data through this API."[1]

[1] https://developers.google.com/games/services/cpp/nearby

Just because the Nearby Connections API layer is neither authenticated nor encrypted, doesn't mean the developer isn't free to implement it. If I tell you an Ethernet cable requires neither authentication nor encryption, you aren't going to tell me it's impossible to authenticate or encrypt over Ethernet.

I think you're looking at either a different API, or an older version of it.

The blog post links to this documentation page:

https://developers.google.com/nearby/connections/overview

One of them seems to be a wrapper for the other:

Game API (C++):

    void SendReliableMessage(
      std::vector< std::string > const & remote_endpoint_ids,
      std::vector< uint8_t > const & payload
    )

Nearby API (Java):

    public abstract void sendReliableMessage
      (GoogleApiClient apiClient, 
       List<String> remoteEndpointIds, 
       byte[] payload)

Note that this requires a "GoogleApiClient" object, which ties it to the mothership.

It does have at least some concept of auth and encryption, though the auth is optional, and somewhat simplistic: https://developers.google.com/nearby/connections/android/man...