In the first post of this serial nosotros showed how to utilisation the embedded secure chemical element interface Android 4.x offers. Next, nosotros used some GlobalPlatform commands to unwrap out to a greater extent than nearly the SE execution surround inward the Milky Way Nexus. We also showed that at that topographic point is currently no agency for 3rd parties to install applets on the SE. Since installing our ain applets is non an option, nosotros volition right away unwrap some pre-installed applets to explore. Currently the only by in addition to large available Android application that is known to install applets on the SE is Google's own Google Wallet. In this in conclusion post, we'll say a few words nearly how it plant in addition to so attempt to unwrap out what publicly available information its applets host.
The controller applet securely stores Google Wallet nation in addition to lawsuit log data, but most importantly, it enables or disables contactless payment functionality when you lot unlock the Wallet app past times entering your PIN. The latest version seems to have got the powerfulness to shop in addition to verify a PIN securely (inside the SE), nonetheless it does non appear it is genuinely used past times the app yet, since the Wallet Cracker can silent recover the PIN on a rooted phone. This implies that the PIN hash is silent stored inward the app's local database.
The MIFARE manager applet plant inward conjunction with the offers in addition to reward/loyalty cards features of Wallet. When you lot salve an offering or add together a loyalty card, the MIFARE manager applet volition write block(s) to the emulated MIFARE 4K Classic carte du jour to mirror the offering or carte du jour on the SE, letting you lot redeem it past times tapping your telephone at a NFC-enabled POS terminal. It also keeps an application directory (similar to the measure MIFARE MAD) inward the in conclusion sectors, which is updated each fourth dimension you lot add together or take away a card. The emulated MIFARE carte du jour uses custom sector protection keys, which are most likely initialized during the initial provisioning process. Therefore you lot cannot currently read the contents of the MIFARE carte du jour with an external reader. However, the encryption in addition to authentication scheme used past times MIFARE Classic has been broken and proven insecure, in addition to the keys tin move recovered easily with readily available tools. It would move interesting to run into if the emulated carte du jour is susceptible to the same attacks.
Finally, at that topographic point should move 1 or more EMV-compatible payment applets that enable you lot to pay with your telephone at compatible POS terminals. EMV is an interoperability measure for payments using chip cards, in addition to patch each credit carte du jour fellowship has their proprietary extensions, the mutual specifications are publicly available. The EMV measure specifies how to unwrap out what payment applications are installed on a contactless card, in addition to nosotros volition utilisation that information to explore Google Wallet farther later.
Armed with that basic information nosotros tin right away extend our plan to cheque if Google Wallet applets are installed. Google Wallet has been around for a while, so past times right away the controller in addition to MIFARE manager applets' AIDs are widely known. However, nosotros don't demand to expression farther than latest AOSP code, since the organisation NFC service has those hardcoded. This clearly shows that patch SE access code is beingness gradually made to a greater extent than open, its primary purpose for right away is to back upwards Google Wallet. The controller AID is
The 'File Control Information' in addition to 'Dedicated File' names are file system-based carte du jour legacy terms, but the DF (equivalent to a directory) is the AID of the controller applet (which nosotros already know), in addition to the in conclusion slice of information is something new. Two bytes looks really much similar a brusk value, in addition to if nosotros convert this to decimal nosotros instruct '258', which happens to move the controller applet version displayed inward the 'About' concealment of the electrical current Wallet app ('v258').
Now that nosotros have got an app that tin cheque for wallet applets (see sample code, screenshot above), nosotros tin verify if those are indeed managed past times the Wallet app. It has a 'Reset Wallet' activeness on the Settings screen, which claims to delete 'payment information, carte du jour information in addition to transaction history', but how does it behavior on the controller applets? Trying to select them after resetting Wallet shows that the controller applet has been removed, patch the MIFARE manager applet is silent selectable. We tin assume that whatever payment applets have got also been removed, but nosotros silent have got no agency to check. This leads us to the theme of our adjacent section:
This was fun, but it doesn't genuinely exhibit much also the fact that Google Wallet's virtual card(s) comply with the EMV specifications. What is to a greater extent than interesting is that the controller applet APDU commands that toggle contactless payment in addition to modify the PPSE don't require additional application authentication in addition to tin move issued past times whatever app that is whitelisted to utilisation the secure element. The controller applet most likely doesn't shop whatever genuinely sensitive information, but patch it allows its nation to move modified past times 3rd political party applications, nosotros are unlikely to run into whatever other app also Google Wallet whitelsited on production devices. Unless of course of didactics to a greater extent than fine-grained SE access command is implemented inward Android.
Because for most applications the SE is used inward conjunction with NFC, in addition to SE app needs to move notified of relevant NFC events such every bit RF plain detection or applet choice via the NFC interface. Disclosure of such events to malicious applications tin also potentially Pb to denial of service attacks, that is why access to them needs to move controlled every bit well. The GP SE access command specification allows rules for controlling access to NFC events to move managed along with applet access rules past times saving them on the SE. In Android, global events are implemented past times using broadcasts in addition to interested applications tin create in addition to register a broadcast receiver constituent that volition have such broadcasts. Broadcast access tin move controlled with measure Android signature-based permissions, but that has the disadvantage that only apps signed with the organisation certificate would move able to have NFC events, effectively limiting SE apps to those created past times the device manufacturer or MNO. Android 4.x so uses the same machinery employed to command SE access -- whitelisting application certificates. Any application registered inward
Google Wallet in addition to the SE
To quote the Google Play description, 'Google Wallet holds your credit in addition to debit cards, offers, in addition to rewards cards'. How does it do this inward practise though? The brusk answer: it's slightly complicated. The longer answer: only Google knows all the details, but nosotros tin honor a few things. After you lot install the Google Wallet app on your telephone in addition to select an concern human relationship to utilisation with it, it volition contact the online Google Wallet service (previously known every bit Google Checkout), create or verify your concern human relationship in addition to so provision your phone. The provisioning procedure will, alongside other things, use First Data's Trusted Service Manager (TSM) infrastructure to download, install in addition to personalize a bunch of applets on your phone. This is all done via the Card Manager in addition to the payload of the commands is, of course, encrypted. However, the GP Secure Channel only encrypts the information component subdivision of APDUs, so it is fairly slowly to map the install sequence on a device modified to log all SE communication. There are 3 types of applets installed: a Wallet controller applet, a MIFARE manager applet, in addition to of course of didactics payment applets that enable your telephone to interact with NFC-enabled PayPass terminals.The controller applet securely stores Google Wallet nation in addition to lawsuit log data, but most importantly, it enables or disables contactless payment functionality when you lot unlock the Wallet app past times entering your PIN. The latest version seems to have got the powerfulness to shop in addition to verify a PIN securely (inside the SE), nonetheless it does non appear it is genuinely used past times the app yet, since the Wallet Cracker can silent recover the PIN on a rooted phone. This implies that the PIN hash is silent stored inward the app's local database.
The MIFARE manager applet plant inward conjunction with the offers in addition to reward/loyalty cards features of Wallet. When you lot salve an offering or add together a loyalty card, the MIFARE manager applet volition write block(s) to the emulated MIFARE 4K Classic carte du jour to mirror the offering or carte du jour on the SE, letting you lot redeem it past times tapping your telephone at a NFC-enabled POS terminal. It also keeps an application directory (similar to the measure MIFARE MAD) inward the in conclusion sectors, which is updated each fourth dimension you lot add together or take away a card. The emulated MIFARE carte du jour uses custom sector protection keys, which are most likely initialized during the initial provisioning process. Therefore you lot cannot currently read the contents of the MIFARE carte du jour with an external reader. However, the encryption in addition to authentication scheme used past times MIFARE Classic has been broken and proven insecure, in addition to the keys tin move recovered easily with readily available tools. It would move interesting to run into if the emulated carte du jour is susceptible to the same attacks.
Finally, at that topographic point should move 1 or more EMV-compatible payment applets that enable you lot to pay with your telephone at compatible POS terminals. EMV is an interoperability measure for payments using chip cards, in addition to patch each credit carte du jour fellowship has their proprietary extensions, the mutual specifications are publicly available. The EMV measure specifies how to unwrap out what payment applications are installed on a contactless card, in addition to nosotros volition utilisation that information to explore Google Wallet farther later.
Armed with that basic information nosotros tin right away extend our plan to cheque if Google Wallet applets are installed. Google Wallet has been around for a while, so past times right away the controller in addition to MIFARE manager applets' AIDs are widely known. However, nosotros don't demand to expression farther than latest AOSP code, since the organisation NFC service has those hardcoded. This clearly shows that patch SE access code is beingness gradually made to a greater extent than open, its primary purpose for right away is to back upwards Google Wallet. The controller AID is
A0000004762010 and the MIFARE manager AID is A0000004763030. As you lot tin see, they start with the same prefix (A000000476), which nosotros tin assume is the Google RID (there doesn't appear to move a world RID registry). Next stride is, of course, trying to select those. The MIFARE manager applet responds with a boring 0x9000 status which only shows that it's indeed there, but selecting the controller applet returns something to a greater extent than interesting:6f 0f -- File Control Information (FCI) Template 84 07 -- Dedicated File (DF) Name a0 00 00 04 76 xx 10 (BINARY) a5 04 -- File Control Information (FCI) Proprietary Template lxxx 02 -- Response Message Template Format 1 01 02 (BINARY)
The 'File Control Information' in addition to 'Dedicated File' names are file system-based carte du jour legacy terms, but the DF (equivalent to a directory) is the AID of the controller applet (which nosotros already know), in addition to the in conclusion slice of information is something new. Two bytes looks really much similar a brusk value, in addition to if nosotros convert this to decimal nosotros instruct '258', which happens to move the controller applet version displayed inward the 'About' concealment of the electrical current Wallet app ('v258').
Now that nosotros have got an app that tin cheque for wallet applets (see sample code, screenshot above), nosotros tin verify if those are indeed managed past times the Wallet app. It has a 'Reset Wallet' activeness on the Settings screen, which claims to delete 'payment information, carte du jour information in addition to transaction history', but how does it behavior on the controller applets? Trying to select them after resetting Wallet shows that the controller applet has been removed, patch the MIFARE manager applet is silent selectable. We tin assume that whatever payment applets have got also been removed, but nosotros silent have got no agency to check. This leads us to the theme of our adjacent section:
Exploring Google Wallet EMV applets
Google Wallet is compatible with PayPass terminals, in addition to every bit such should follow relevant specifications. For contactless cards those are defined inward the EMV Contactless Specifications for Payment Systems serial of 'books'. Book Influenza A virus subtype H5N1 defines the overall architecture, Book B -- how to unwrap in addition to select a payment application, Book C -- the rules of the actual transaction processing for each 'kernel' (card company-specific processing rules), in addition to Book D -- the underlying contactless communication protocol. We desire to unwrap out what payment applets are installed past times Google Wallet, so nosotros are most interested inward Book B in addition to the relevant parts of Book C.
Credit cards tin host multiple payment applications, for representative for domestic in addition to international payment. Naturally, non all POS terminals know of or are compatible with all applications, so cards maintain a world EMV app registry at a good known location. This practise is optional for contact cards, but is mandatory for contactless cards. The application is called 'Proximity Payment System Environment' (PPSE) in addition to selecting it volition move our starting fourth dimension step. The application's AID is derived from the name: '2PAY.SYS.DDF01', which translates to
We have got initialized the $10 prepaid carte du jour available when starting fourth dimension installing Wallet, so something must move there. We know that the controller applet manages payment state, so after starting upwards in addition to unlocking Wallet nosotros finally instruct to a greater extent than interesting results (shown parsed in addition to with some bits masked below). It turns out that locking the Wallet upwards effectively hides payment applications past times deleting them from the PPSE. This, inward add-on to the fact that carte du jour emulation is available only when the phone's concealment is on, provides amend carte du jour safety than physical contactless cards, some of which tin easily move read past times only using a NFC-equipped mobile phone, every bit has been demonstrated.
One of the applications is the recently announced update to Google Wallet allows you lot to link practically whatever carte du jour to your Wallet account, but transactions are processed past times a single 'virtual' MasterCard in addition to so billed dorsum to your actual credit card(s). It is our gauge that the starting fourth dimension application inward the listing to a higher identify represents this virtual card. The adjacent stride inward the EMV transaction menses is selecting the preferred payment app, but hither nosotros hitting a snag: selecting each of the apps ever fails with the
Most open-source tools for carte du jour analysis, such every bit cardpeek in addition to Java EMV Reader were initially developed for contact cards, in addition to so demand a connection to a PC/SC-compliant reader to operate. If you lot have got a dual interface reader that provides PC/SC drivers you lot instruct this for free, but for a standalone NFC reader nosotros demand libnfc, ifdnfc in addition to PCSC lite to consummate the PC/SC stack on Linux. Getting those to play nicely together tin move a fleck tricky, but 1 time it's done carte du jour tools piece of job seamlessly. Fortunately, choice via the NFC interface is successful in addition to nosotros tin choke on with the adjacent steps inward the EMV flow: initiating processing past times sending the
As you lot tin see, it does non include the carte du jour holder name, but all the other information is available, every bit per the EMV standard. We fifty-fifty instruct the 'transaction inward progress' animation on concealment patch our reader is communicating with Google Wallet. We tin also instruct the PIN attempt counter (set to 0, inward this representative important disabled), in addition to a transaction log inward the format shown below. We can't verify if the transaction log is used though, since Google Wallet, similar a lot of the newer Google services, happens to move express to the USA .
'325041592E5359532E444446303131' inward hex. Upon successful choice it returns a TLV information construction that contains the AIDs, labels in addition to priority indicators of available applications (see Book B, 3.3.1 PPSE Data for Application Selection). To procedure it, nosotros volition utilisation in addition to slightly extend the Java EMV Reader library, which does similar processing for contact cards. The library uses the measure Java Smart Card I/O API to communicate with cards, but every bit nosotros pointed out inward the starting fourth dimension article, this API is non available on Android. Card communication interfaces are nicely abstracted, so nosotros only demand to implement them using Android's native NfcExecutionEnvironment. The primary classes nosotros demand are SETerminal, which creates a connection to the card, SEConnection to handgrip the actual APDU exchange, in addition to SECardResponse to parse the carte du jour response into condition give-and-take in addition to information bytes. As an added bonus, this takes assist of encapsulating our uglish reflected code. We also create a PPSE flat to parse the PPSE choice response into its components. With all those inward identify all nosotros demand to do is follow the EMV specification. Selecting the PPSE with the next command plant at starting fourth dimension try, but produces a response with 0 applications:--> 00A404000E325041592E5359532E4444463031 <-- 6F10840E325041592E5359532E4444463031 9000 response hex : 6f 10 84 0e 32 50 41 59 2e 53 59 53 2e 44 44 46 thirty 31 response SW1SW2 : xc 00 (Success) response ascii : o...2PAY.SYS.DDF01 response parsed : 6f 10 -- File Control Information (FCI) Template 84 0e -- Dedicated File (DF) Name 32 50 41 59 2e 53 59 53 2e 44 44 46 thirty 31 (BINARY)
We have got initialized the $10 prepaid carte du jour available when starting fourth dimension installing Wallet, so something must move there. We know that the controller applet manages payment state, so after starting upwards in addition to unlocking Wallet nosotros finally instruct to a greater extent than interesting results (shown parsed in addition to with some bits masked below). It turns out that locking the Wallet upwards effectively hides payment applications past times deleting them from the PPSE. This, inward add-on to the fact that carte du jour emulation is available only when the phone's concealment is on, provides amend carte du jour safety than physical contactless cards, some of which tin easily move read past times only using a NFC-equipped mobile phone, every bit has been demonstrated.
Applications (2 found): Application AID: a0 00 00 00 04 10 10 AA XX XX XX XX XX XX XX XX RID: a0 00 00 00 04 (Mastercard International [US]) PIX: 10 10 AA XX XX XX XX XX XX XX XX Application Priority Indicator Application may move selected without confirmation of cardholder Selection Priority: 1 (1 is highest) Application AID: a0 00 00 00 04 10 10 RID: a0 00 00 00 04 (Mastercard International [US]) PIX: 10 10 Application Priority Indicator Application may move selected without confirmation of cardholder Selection Priority: two (1 is highest)
One of the applications is the recently announced update to Google Wallet allows you lot to link practically whatever carte du jour to your Wallet account, but transactions are processed past times a single 'virtual' MasterCard in addition to so billed dorsum to your actual credit card(s). It is our gauge that the starting fourth dimension application inward the listing to a higher identify represents this virtual card. The adjacent stride inward the EMV transaction menses is selecting the preferred payment app, but hither nosotros hitting a snag: selecting each of the apps ever fails with the
0x6999 ('Applet choice failed') status. It has been reported that this was possible inward previous versions of Google Wallet, but has been blocked to preclude relay attacks in addition to halt Android apps from extracting credit carte du jour information from the SE. This leaves us with using the NFC interface if nosotros desire to unwrap out more.Most open-source tools for carte du jour analysis, such every bit cardpeek in addition to Java EMV Reader were initially developed for contact cards, in addition to so demand a connection to a PC/SC-compliant reader to operate. If you lot have got a dual interface reader that provides PC/SC drivers you lot instruct this for free, but for a standalone NFC reader nosotros demand libnfc, ifdnfc in addition to PCSC lite to consummate the PC/SC stack on Linux. Getting those to play nicely together tin move a fleck tricky, but 1 time it's done carte du jour tools piece of job seamlessly. Fortunately, choice via the NFC interface is successful in addition to nosotros tin choke on with the adjacent steps inward the EMV flow: initiating processing past times sending the
GET PROCESSING OPTIONS in addition to reading relevant application information using the READ RECORD command. For compatibility reasons, EMV payment applications comprise information equivalent to that establish on the magnetic stripe of physical cards. This includes concern human relationship number (PAN), death date, service code in addition to carte du jour holder name. EMV-compatible POS terminals are required to back upwards transactions based on this information only ('Mag-stripe mode'), so some of it could move available on Google Wallet every bit well. Executing the needed READ RECORD commands shows that it is indeed establish on the SE, in addition to both MasterCard applications are linked to the same mag-stripe data. The information is every bit commons inward TLV format, in addition to relevant tags in addition to format are defined inward EMV Book C-2. When parsed it looks similar this for the Google prepaid carte du jour (slightly masked):Track two Equivalent Data: Primary Account Number (PAN) - 5430320XXXXXXXX0 Major Industry Identifier = five (Banking in addition to financial) Issuer Identifier Number: 543032 (Mastercard, UNITED STATES OF AMERICA) Account Number: XXXXXXXX Check Digit: 0 (Valid) Expiration Date: Lord's Day April thirty 00:00:00 GMT+09:00 2017 Service Code - 101: 1 : Interchange Rule - International interchange OK 0 : Authorisation Processing - Normal 1 : Range of Services - No restrictions Discretionary Data: 0060000000000
As you lot tin see, it does non include the carte du jour holder name, but all the other information is available, every bit per the EMV standard. We fifty-fifty instruct the 'transaction inward progress' animation on concealment patch our reader is communicating with Google Wallet. We tin also instruct the PIN attempt counter (set to 0, inward this representative important disabled), in addition to a transaction log inward the format shown below. We can't verify if the transaction log is used though, since Google Wallet, similar a lot of the newer Google services, happens to move express to the USA .
Transaction Log: Log Format: Cryptogram Information Data (1 byte) Amount, Authorised (Numeric) (6 bytes) Transaction Currency Code (2 bytes) Transaction Date (3 bytes) Application Transaction Counter (ATC) (2 bytes)
This was fun, but it doesn't genuinely exhibit much also the fact that Google Wallet's virtual card(s) comply with the EMV specifications. What is to a greater extent than interesting is that the controller applet APDU commands that toggle contactless payment in addition to modify the PPSE don't require additional application authentication in addition to tin move issued past times whatever app that is whitelisted to utilisation the secure element. The controller applet most likely doesn't shop whatever genuinely sensitive information, but patch it allows its nation to move modified past times 3rd political party applications, nosotros are unlikely to run into whatever other app also Google Wallet whitelsited on production devices. Unless of course of didactics to a greater extent than fine-grained SE access command is implemented inward Android.
Fine-grained SE access control
This fact that Google Wallet nation tin move modified past times 3rd political party apps (granted access to the SE, of course) leads us to some other major complication with SE access on mobile devices. While the information on the SE is securely stored in addition to access is controlled past times the applets that host it, 1 time an app is allowed access, it tin easily perform a denial of service laid on against the SE or specific SE applications. Attacks tin hit from locking the whole SE past times repeatedly executing failed authentication attempts until the Card Manager is blocked (a GP-compliant carte du jour goes into the TERMINATED nation ordinarily after 10 unsuccessful tries), to application-specific attacks such every bit blocking a cardholder verification PIN or otherwise changing a 3rd political party applet state. Another to a greater extent than sophisticated, but harder to attain in addition to possible only on connected devices, laid on is a relay attack. In this attack, the phone's Internet connection is used to have in addition to execute commands sent past times some other remote phone, enabling the remote device to emulate the SE of the target device without physical proximity. The agency to mitigate those attacks is to exercise finer command on what apps that access the SE tin do past times mandating that they tin only select specific applets or only ship a pre-approved listing of APDUs. This is supported past times JSR-177 Security in addition to Trust Servcies API which only allows connection to 1 specific applet in addition to only grants those to applications with trusted signature (currently implemented inward BlackBerry seven API). JSR-177 also provides the powerfulness to confine APDUs past times matching them against an APDU mask to create upwards one's take heed whether they should move allowed or not. SEEK for Android goes on stride farther than BlackBerry past times supporting fine-grained access command with access policy stored on the SE. The actual format of ACL rules in addition to protocols for managing them are defined inward GlobalPlatform Secure Element Access Control standard, which is relatively novel (v.1.0 released on May 2012). As nosotros have got seen, the electrical current (4.0 in addition to 4.1) stock Android versions do confine access to the SE to trusted applications past times whitlisting their certificates (a hash of those would have got likely sufficed) inward/etc/nfcee_access.xml, but 1 time an app is granted access it tin select whatever applet in addition to ship whatever APDU to the SE. If 3rd political party apps that utilisation the SE are to move allowed inward Android, to a greater extent than fine-grained command needs to move implemented past times at to the lowest degree limiting the applets SE-whitelisted Android apps tin select.Because for most applications the SE is used inward conjunction with NFC, in addition to SE app needs to move notified of relevant NFC events such every bit RF plain detection or applet choice via the NFC interface. Disclosure of such events to malicious applications tin also potentially Pb to denial of service attacks, that is why access to them needs to move controlled every bit well. The GP SE access command specification allows rules for controlling access to NFC events to move managed along with applet access rules past times saving them on the SE. In Android, global events are implemented past times using broadcasts in addition to interested applications tin create in addition to register a broadcast receiver constituent that volition have such broadcasts. Broadcast access tin move controlled with measure Android signature-based permissions, but that has the disadvantage that only apps signed with the organisation certificate would move able to have NFC events, effectively limiting SE apps to those created past times the device manufacturer or MNO. Android 4.x so uses the same machinery employed to command SE access -- whitelisting application certificates. Any application registered inward
nfcee_access.xml tin have the broadcasts listed below. As you lot tin see, also RF plain detection in addition to applet selection, Android offers notifications for higher-level events such every bit EMV carte du jour removal or MIFARE sector access. By adding a broadcast receiver to our examine application every bit shown below, nosotros were able to have AID_SELECTED in addition to RF field-related broadcasts. AID_SELECTED carries an extra with the AID of the selected applet, which allows us to start a related activity when an applet nosotros back upwards is selected. APDU_RECEIVED is also interesting because it carriers an extra with the received APDU, but that doesn't seem to move sent, at to the lowest degree non inward our tests.<receiver android:name="org.myapp.nfc.SEReceiver" > <intent-filter> <action android:name="com.android.nfc_extras.action.AID_SELECTED" /> <action android:name="com.android.nfc_extras.action.APDU_RECEIVED" /> <action android:name="com.android.nfc_extras.action.MIFARE_ACCESS_DETECTED" /> <action android:name="android.intent.action.MASTER_CLEAR_NOTIFICATION" /> <action android:name="com.android.nfc_extras.action.RF_FIELD_ON_DETECTED" /> <action android:name="com.android.nfc_extras.action.RF_FIELD_OFF_DETECTED" /> <action android:name="com.android.nfc_extras.action.EMV_CARD_REMOVAL" /> <action android:name="com.android.nfc.action.INTERNAL_TARGET_DESELECTED" /> </intent-filter> </receiver>
Summary
We showed that Google Wallet installs a few applets on the SE when starting fourth dimension initialized. Besides the expected EMV payment applets, if makes utilisation of a controller applet for securely storing Wallet nation in addition to a MIFARE manager applet for reading/writing emulated carte du jour sectors from the app. While nosotros tin instruct some information nearly the EMV surround past times sending commands to the SE from an app, payment applets cannot move selected via the wired SE interface, but only via the contactless NFC interface. Controller applet access is nonetheless available to 3rd political party apps, every bit long every bit they know the relevant APDU commands, which tin easily move traced past times logging. This mightiness move 1 of the reasons why 3rd political party SE apps are non supported on Android yet. To brand 3rd political party SE apps possible (besides offering a TSM solution), Android needs to implement more-fined grained access command to the SE, for representative past times restricting what applets tin move selected or limiting the hit of allowed APDUs for whitelisted apps.
Tag :
android security,
nfc
0 Komentar untuk "Droidcedas : Exploring Google Wallet Using The Secure Chemical Gene Interface"