Android: How to make a NFC Tag Ready only for users and writable for me?

Question

I have an app that design personalized tags that, when it is detected by an android phone, launches another app with some content. It all works fine and I know how to make a read only nfc Tag. The problem is, I would like to make a NFC Tag only readable by users of the other app. But I also want , if necessary, modify these tags in order to be rewritten. But I want to prevent from users to do themselves. that's why a ndef.makeReadOnly() is not appropriate for me..

does anyone can help me ???

Answer 1

It depends somewhat on the exact tags you will be using. The standard NFC Forum tag types for storing NDEF messages that Android supports have no specific functionality defined for this. So the Android API does not provide it either. There is only makeReadOnly(), which in most cases makes the tag irreversibly read-only.

However, when you look at the chips inside the tags that actually implement the required NFC functionality, they often provide more functions. These extra functions may include access control for writing, allowing the chip to be configured like you want.

Some examples (all manufactured by NXP, as I am most familiar with those):

1. MIFARE Classic: the memory sectors are protected by 2 keys. One key can be configured for read-only, while the other can be used to write the memory. NB: not all Android devices can access these!
2. MIFARE Ultralight C: can provide additional password protection to prevent overwriting
3. MIFARE DESFire: multiple authentication keys and access rights can be configured, including read-only access without keys
4. ICODE SLI(X)-S: can provide additional password protection to prevent overwriting

Most of these tags are generally available for sale on-line. You will have to hunt a bit on the internet to gather all the information on how the configuration has to be done, though. There is PC software available in most cases.

Answer 2

The only 100% way to make NFC tag "read only" is to call makeReadOnly(), but this is irreversible.

You can use "out of the box" solution, like:

1. do not write data on NFC tag but instead save it locally (if data is limited to one device) or to a server/cloud (if data si global)

2. link your NFC Tag ID (getByteArrayExtra(NfcAdapter.EXTRA_ID)) with your saved data

3. when NFC Tag is read get its ID and find proper data via proper source (local or cloud DB)

.. if second app is "third party app" and cannot work with upper soultion, you can register your own NFC reading app (intent with right mimeType filter) and then pass your data (point no. 3) to main app using sendIntent (or similar supported method).

Hope it helps!