Hi All, I am working with NFC technology for my masters Thesis. The task was to develop a Higher level API for Android NFC tech. Problem was I could not justify creating a Higher level API for it. To me it's as plain as day and as simple as it is going to get. My question really is the validity of a security API for NFC. If I can prove that NFC has one big security exploit I can secure a higher grade for this thesis. Currently the only thing I can think of is exploiting an app to send private details in NDEF message format using an applications as a front. However two flaws with that, The attacker deploys perfectly useful application but has small activity running in back. He walks by someone with NFC activated it causes malware activity to activate and take secure details off the phone and transfer them to the attacker. 1. phone might not have NFC on 2. This is not just an NFC problem , Many other areas can be exploited this way. Any ideas would be appreciated ? Is there any documentation of NFC security or authorisation etc... Currently I have developed an app that does a simple read write back function just for experimental reasons I want to create an app that when tested can tested unsecure and secure. If I can exploit a flaw I was thinking a small function can be placed on top of NDEF message to lock down messages sent to ensure that only certain types of Activities are carried out , again I am at a loss
