Apple may expand the iPhone's NFC tech to third-party developers during WWDC

Cal Jeffrey

Posts: 3,447   +1,029
Staff member
In context: For some time now, Apple has been utilizing the iPhone’s near-field communication (NFC) technology to allow payment for goods and services anywhere that Apple Pay is accepted. This enables users to use their phone to pay rather than digging out their credit or debit cards.

Currently, the iPhone’s NFC capability is primarily used for Apple Pay transactions, but according to 9to5Mac, that could be about to change.

Sources familiar with iOS and macOS development revealed that Apple is expanding some NFC functionality to third-party companies. Currently, developers only have access to NFC Data Exchange Format (NDEF).

This allows NDEF tags to be read by applications. For example, an app used to exchange contact information could use NDEF to do so. However, NDEF is somewhat limited.

"NFC is getting major improvements, including the ability for third-party developers to read any ISO7816, FeliCa or MiFare tags. Currently, only tags formatted as NDEF can be read by third-party apps."

Sources say Apple will be allowing developers access to the ISO 7816 format, which is typically used for IDs and access cards. It will also open up functionality for FeliCa and MiFare formats as well. FeliCa is a popular tap-to-pay feature used in subways and some vending machines in Japan. MiFare is a smart card standard mostly used for mass transit passes.

Keep in mind, the news is from anonymous sources and is far from official. However, if the claims hold, it could allow for a wide range of NFC practical applications.

Companies could let employees store access badges on their devices saving the cost of making expensive IDs. Ski resorts could sell passes online and allow guests to use their phones to get onto lifts. Those are just a couple use case examples.

There is no word on when developers will have access to these formats, but we could hear something during Apple’s Worldwide Developers Conference at San Jose's McEnery Convention Center scheduled for June 3-7 with a keynote address on opening day.

Permalink to story.



Posts: 3,084   +2,550
Oh, IDK about this...just seems like another way to "hack" at some point. The more walled off NFC is, I think the better.


Posts: 219   +83
Oh, IDK about this...just seems like another way to "hack" at some point. The more walled off NFC is, I think the better.
You may think it is easy to hack or steal credentials when someone using their credit card in their Apple Wallet, but not that easy as it seems because using so called tokenisation which means for every transaction, Wallet app (and any other android wallet app too) create a random, one-time number — a transaction token — and even if someone was able to get a hold of that number, it’s not valid later.
Obviously, you can use ISO7816 in a bad way too, not securing the transaction or like many other corporations with their ID card or fob system, does not even bother to encrypt the data on them just gave the permission the the card (and card holder) and with 30-60 USD equipment and with a smartphone you can copy the data within a minute or even less.
It's a matter of 'how' to use securely and properly to ensure there will be no chance for ID theft or as little as possible and make member of staff aware of this too rather than "ban" to use because it's hackable (everything is at some point).
FYI: I conduct a test every time if a new/replacement ID card been issued to ensure my colleagues followed the correct procedures, sometimes they don't and not even realising it or couple weeks later when they found out I've been using someone else's lost card asking me that: "How did you hacked/found it?" and I tell them that they didn't followed the correct procedures that's How, thus I usually do a 1on1 refresh training (and this goes into the monthly Cyber Security report too), while these are high risk incidents, they will not get any warnings (lucky bastards) because that's not the way to handle it, but rather revoke their rights to issue an ID card for a month and give them the most annoying and crap tasks.