Secure NFC

Android supports off-host card emulation, which means NFC card emulation with a secure element. For more information, see Host-based card emulation overview.

In certain use cases such as using FeliCa for transit, off-host card emulation is permitted when a device's screen is locked or turned off, or when a device is turned off.

Secure NFC is a feature introduced in Android 10 that allows off-host NFC card emulation to be enabled only when the device's screen is unlocked. Implementing this feature gives users the option to enable Secure NFC for improved security.

Implementation

To implement the Secure NFC feature, the device must have an NFC controller that supports the NCI 2.0 standard and must use the Android Open Source Project (AOSP) NFC framework. Add the hardware (ro.boot.hardware.sku) that supports the Secure NFC feature in the NFC resource XML file with the config_skuSupportsSecureNfc attribute.

Framework APIs

To implement Secure NFC, implement the following framework APIs found in the Android Open Source Project:

Settings UI

In the Settings application, add a toggle switch to allow users to enable and disable the Secure NFC feature. You can customize the default setting in the Settings application to be either enabled or disabled.

Figure 1 shows an example of a toggle switch to enable and disable Secure NFC in the Settings app in Settings > Connected devices > Connection preferences > NFC > Require device unlock for NFC.

Secure NFC UI flow

Figure 1. Example toggle switch to enable and disable Secure NFC

When Secure NFC is enabled and a user places the device on an NFC reader, Android displays the Unlock to use NFC notification on the lock screen as shown in Figure 2.

Secure NFC notification

Figure 2. Unlock to use NFC notification on the lock screen

Validation

To validate your implementation, enable the Secure NFC feature and verify that NFC card emulation is disabled when the device's screen is off or locked, and when the device is turned off.