The challenges and insights in creating an NFC app
Near Field Communication (NFC) is a technology that many of us use on a daily basis. Whether it is Apple Pay to buy your groceries, as a key card to enter your office building or to install your next smart home device. But how does this technology work? During the implementation, what are the challenges that developers typically encounter and how can they be resolved?
What is NFC?
NFC is a wireless communication technology that enables data exchange between two devices in proximity to each other. It is based on radio frequency identification (RFID) technology and allows different devices to send and receive data over short distances by creating a magnetic field that induces an electric current in a nearby NFC-enabled device.
NFC technology is widely used in various industries and applications, such as contactless payments, public transportation, access control systems, and smart home automation. NFC-enabled devices include smartphones, tablets, contactless payment cards, and other devices with built-in NFC chips.
There are many advantages, including its ease of use, speed, and convenience. Since it requires proximity between devices, it is considered to be a secure form of communication. NFC is also very versatile and can be used in a wide range of applications, making it a popular choice for developers and businesses.
NFC Cards & Tags
The most common way of NFC usage relies on a card/ tag, called PICC (Proximity inductive coupling card), which is presented to a reading device (PCD - Proximity coupling device). The PICC does not come with a battery or any other sort of power supply, they are powered by the PCD via an electromagnetic field.
There are different types of tags which have different capabilities, especially in terms of security. Which type of tag you need is up to your individual requirements. The biggest manufacturer for NFC chips is NXP Semiconductors. The NTAG-Series is the best-selling NFC tag for simple use-cases. For access-control or payment, they offer the chips from the MIFARE® family. We already implemented solutions for both of those chips. An alternative offers Sony with their FeliCa™ tags, which are widely used in Asia.
All those tags are based on the ISO14443 Standard, which is a specification defined by the NFC Forum. This is a group of companies who defined the standards on how NFC is used and implemented. They also provide a specification which makes it easy to develop common use-cases with NFC tags, e.g. storing a URL. The Data Exchange Format (NDEF) provides easy to use interfaces, which enables developers to build applications.
NFC in mobile development
To integrate NFC into mobile apps, developers can use NFC software development kits (SDKs) that provide APIs for accessing NFC functionalities. The most important NFC SDKs for mobile app development are the Android NFC SDK and the Apple iOS Core NFC framework.
These SDKs offer interfaces and functions to interact with the most common NFC standards and cards like NDEF, MIFARE® or FeliCa™ through their integrated chips.
Apple currently requires a minimum of iOS 13 and iPhone 7 to leverage all functionalities.
Android also supports Host-based card emulation (HEC), which makes it possible to use your phone as an NFC card instead of a reader. This feature is not available in iOS, but there is a workaround over the wallet functionality, which could work for certain scenarios.
Challenges
While implementing an app with the purpose to write & read NFC cards, we faced different challenges that we like to describe and solve in the following chapters.
The App was built with React Native. We added the react-native-nfc-manager library, which allowed us to use the native SDKs.
UI difference iOS / Android
The most visual challenge is the difference between iOS and Android in terms of UI and UX. While Apple provides a UI, that most iPhone users know, Android does not come with an interface for that. To keep the user experience as similar as possible, we decided to create a custom UI for Android which follows the flow and functionality of Apple's guidelines.
Protection & Authentication
The level of protection depends on the use-case of the app and the NFC card which is used. Different cards also offer different mechanisms. The simplest approach could be read only tag, which can be used for data that should be readable by anyone, but should not be edited. In order to edit a card, some sort of password or key authentication is necessary. The implementation of this mechanism differs between the different protocols and cards. For example, an MIFARE® DESFire® EV2 tag supports hardware based AES & DES encryption.
To be able to use this authentication method, it's required to have one or multiple keys. Those keys can be individual per card or shared. You might not want to hard code this critical information into the app. Therefore, it makes sense to fetch the key from a backend and either use it and forget it or store it into a secure storage like the iOS keychain or the Android keystore.
If the cards are connected to a user, it could also make sense to validate if the card belongs to the authenticated user. A backend which handles those cases can also be used to e.g. block a card, manage access to a card and much more.
Communication
Keys and passwords provide safety measurements to only allow reading & writing the cards for users who are allowed to. This does not include the communication between the PICC & PCD. Usually the commands are sent plain, in theory any device could read out the transmitted information. One safety measurement is the need to have the card and the smartphone close to each other, which was one of the earlier mentioned benefits of this technology. To improve the security further, some cards support a mechanism to decrypt and encrypt the whole message. An example would be AES encryption.
The diagram shows a really simple example, with a secure, encrypted communication.
Validation
With an encrypted communication comes a different problem: How do you check if you have encrypted your data correctly? Or maybe your data got sniffed and changed, and you want to verify its integrity? An easy way to validate the data is to use a Cyclic Redundancy Check (CRC). For example, you can add a 1 byte CRC8 checksum of your data, which you then can use to check the data. You can play around with CRC or check your calculations on this website.
Data handling
When working with NFC you will need to handle the data in many different ways. The data is usually an array of bytes, where one entry can be hex or decimal. Therefore, it's helpful to have some helper functions, for example to transform hex to decimal values, or the other way around.
/**
* Helper function to transform hex to int
* @param hex - string
* @returns value - number between 0 - 255
*/
export const hexToDec = (hex: string) => parseInt(hex, 16);
/**
* Helper function to transform number to hex
* @param value - number between 0 - 255
* @returns hex - string
*/
export const decToHex = (value: number) => {
const hex = value.toString(16).toUpperCase();
if (hex.length === 1) {
return '0' + hex;
}
return hex;
};
It also might be necessary to transform your numeric values to chars, which form a string, therefore the String.fromCharCode(array)
function is helpful. With the help of charCodeAt()
you can also transform chars into numbers, before saving them onto the card. But be careful with symbols etc. some characters can be bigger than 8 bit.
The last problem we faced was about big and little endian. This is a problem that can occur if you did not align on how to use and read bytes. It's basically the question if you handle byte arrays left-to-right or right-to-left. So be careful about that and in the best case clarify it for your project from the start and stick to it.
Conclusion
Mobile app development and NFC technology are a perfect paring, especially due to the available SDKs from iOS and Android. Most users always have their smartphone at hand, it is therefore the perfect device to pair with NFC tags.
We already implemented multiple apps using the NFC technology so don't hesitate to contact us if you are searching for a partner agency to develop your NFC app!