Application unlock using nfc - android

I am new to android and i have developed an app locker.Now,i want that the application,i am locking should be unlocked with nfc tag that is without typing the password manually.How can i perform it?

As you already have the app locker part, I assume that when a user tries to launch an app, your app locker will instead show its unlock activity asking the user for a password.
On that unlock activity, you could now (instead or besides asking for the password) ask the user to scan the NFC tag. Your activity would therefore register for the NFC foreground dispatch system and wait until an NFC tag is scanned (or the user maunally types the password). As soon as your activity receives the NFC tag discovery intent through the foreground dispatch system, you could communicate with the tag and base your access control decision on the result of this communication.
As to what NFC tag/contactless smartcard you should use and what information you should store on it: That's a difficult question! This very much depends on your security requirements. In the easiest case, you could base your decision on the tag's (unique) identifier. However, you have to keep in mind that the identifier is neither unique nor unclonable. As an alternative you could use a (real) NFC tag and store an NDEF message on it. That NDEF message could contain some identifier/password that your app uses as an unlock credential. Again, NFC tags are publicly readable and therefore the NDEF message may be copied/cloned to another tag. Further security can be achived with tags that support cryptographic functionality beyond NFC Forum tag types, but discussion of that is certainly to broad for the StackOverflow format.

As I understand the technology, this isn't possible with the screen completely off. It's a security feature that the secure element only turns on when the screen turns on. So it should be a hardware limitation not a software one.

Related

Reading NFC card using a button(Isodep)

I am quite new to android development and trying to read an nfc card and was wondering if it's possible to read it when the user presses a button. I know how to read a card once the card is near the reader or when it is tapped to the nfc reader (onTagDiscovered). I would like to know if it's possible when a user presses a button then the device will read the card.
Android not working as this.
You could declare in your AndroidManifest that an Activity in your application could read NFC tag.
When a tag is detected by system,
if only your application declared that could reading NFC tags then your Activity is launched with discovered tag in Intent
if multiple application declared that could reading NFC tags
then a "popup" is shown to user to choose application
The other solution
You use enableForgroundDispatch : https://developer.android.com/guide/topics/connectivity/nfc/advanced-nfc.html#foreground-dispatch
The foreground dispatch system allows an activity to intercept an
intent and claim priority over other activities that handle the same
intent. Using this system involves constructing a few data structures
for the Android system to be able to send the appropriate intents to
your application. To enable the foreground dispatch system
If multiple applications "listen" to NFC tag and your Activity is in foreground and enableForgroundDispatch then only your application, receive NFC discovered Tag .
With previous mechanism, you could catch all tags in your Activity and when user press a button do required action, when user not press button, do nothing.

NFC forced rescan

If a tag is already scanned, Android can start my activity, so good. Now I did a new activity started from the user, to allow the user to write the tag. When the activity is already open, I can receive the intent from the system only if the user re-scan the tag even if the phone is already on the tag, is there a way to force the rescan?
You can't "rescan" the tag, this is not possible because of how the NFC works. When you have the NFC enabled in your phone the NFC antenna is always searching for a tag. So rescan the tag doesn't make any sense.
You have two options, the first one as I have pointed in my comment is sharing the Tag object between your activities and do whatever you want with that.
The second option if you want to write the tag after the user has opened your application is using the onNewIntent. This way you can capture the Intent that will be sent from the android system after the user has pointed the NFC tag close to the NFC antenna.

Broadcast Intent for keyboard input

Is there an intent for sending data for the keyboard to "type"?
This is more theoretical than practical, but is it possible to broadcast an intent that is received by the keyboard. The intent would contain a string which is then "typed" into the active input field. Alternative the intent could include a target field, which the keyboard could use to either select the right field in the view or prevent the data from being output to the wrong field.
Why?
I'm imaging this could useful for data collection applications.
Example 1: Bluetooth scale
Say you have an application for tracking your weight. Every morning you launch the app, weigh yourself, type in your weight. If the scale were paired with an application agnostic service on your phone you could just select the weight field and step up on the scale. The value would be sent to your phone and passed to the default keyboard using this intent.
Example 2: NFC id tags
A service form application requires a 16-digit machine serial number. There is an NFC tag on the machine which contains the serial number. Instead of typing it out manually, the NFC read intent is caught by a service which passes the value to the default keyboard via intent.
Criticisms:
The app could/should integrate with the scale directly.
Counter argument: Does not work with a web app and you are reliant on an app supporting (and maintaining support for) your particular solution (e.g. Bluetooth device).
Replace the input field with a button that launches an intent for result.
Counter argument: Same as above, plus it requires more user interaction; Clicks and time are premium commodities.
If it doesn't exist, would it be the worst idea for keyboards to implement such an intent receiver? Or would it just open the door to bad application design? Security-wise?
Is there an intent for sending data for the keyboard to "type"?
Fortunately, no, for obvious security reasons. One app cannot force input into another app outside of very select situations (e.g., JUnit test apps).
The app could/should integrate with the scale directly.
Correct.
Does not work with a web app
Then write a native app.
you are reliant on an app supporting (and maintaining support for) your particular solution (e.g. Bluetooth device)
You need that anyway, as it is impossible to speak arbitrary Bluetooth and get input suitable for an arbitrary text field in an arbitrary native app or Web app. Otherwise, your proposed soft keyboard will try to grab data from your Bluetooth headset and type it into Twitter, and your music is probably longer than 140 characters.
would it be the worst idea for keyboards to implement such an intent receiver?
That depends on your definition of "worst". I would hope that the implementer of such an input method editor has a very large legal defense fund for the inevitable lawsuits that will result from such a gaping security hole.

Write an NFC application that preempts all other NFC applications

Is there a way to make an NFC application read a tag over all other applications that may be downloaded on the phone?
Usually, if more than one application can read a given tag, then the user is prompted with which application to open. I would like to skip this step and have my application automatically open.
Any resources or actual code would be really helpful. This is just part of a research project so I don't even need to code the application, I would just like to know if it is possible and potentially build a proof of concept application if I have time.
No, but you can use filters to specify a specific NDEF tag type to look for. In that case only your app would be brought up, but if another app is also looking for that exact same tag type, both apps will be brought up.

Android: Interacting with 3rd-party app

I am wondering if it is possible to launch a 3rd-party application from within my own application. I understand that Android runs in a sandbox, and so I am not too optimistic about this being possible.
I read the following here: http://source.android.com/tech/security/index.html:
"This sets up a kernel-level Application Sandbox. The kernel enforces security between applications and the system at the process level through standard Linux facilities, such as user and group IDs that are assigned to applications. By default, applications cannot interact with each other and applications have limited access to the operating system. If application A tries to do something malicious like read application B's data or dial the phone without permission (which is a separate application), then the operating system protects against this because application A does not have the appropriate user privileges. The sandbox is simple, auditable, and based on decades-old UNIX-style user separation of processes and file permissions."
Essentially, I want to launch some 3rd-party application that can scan and decode a barcode, and then have that data available to my own application. As I said, I doubt that this is possible, but surely someone must have encountered this before, and maybe found a compromise.
Yes it is possible if you have appropriate permissions to do that. Lot of applications use that feature to avoid writing the feature in their own app. Look into content providers as you are asking another content provider to scan barcode an provide you the data.
http://developer.android.com/guide/topics/providers/content-providers.html

Categories

Resources