2

I would like to create NFC Payment Application based on Android Kitkat 4.4 which now support the NFC Card Emulation Mode for both not involving secure element and involving secure element.

I would like to let My Application involve a secure element. So, I have a question. The Android KitKat can let my application access to the java card applet which is installed into a secure element?

Michael Roland
  • 39,663
  • 10
  • 99
  • 206
Dexter Moregan
  • 161
  • 2
  • 2
  • 12
  • Access to the Secure Element directly is possible if and only if you know about the communication key, APDU list, etc. But android does not recommend you to talk directly to SE. – TonySalimi Apr 27 '14 at 08:35

2 Answers2

2

If with Secure Element you mean the SIM card or a special-purpose chip in the phone, the answer is no: Android still does not include an API to access a Secure Element. Apps such as wallets use one of two approaches:

  • Phone vendor-specific APIs providing access to the SE
  • Mobile operator-specific APIs providing access to the UICC/SIM card, which is also a Secure Element.

Both APIs usually follow the "Open Mobile API" by SIM Alliance, http://www.simalliance.org/en/about/workgroups/open_mobile_api_working_group/

mictter
  • 1,358
  • 1
  • 10
  • 13
  • but in this link [link]http://developer.android.com/guide/topics/connectivity/nfc/hce.html Google said it can access if we define in AndroidManifest.xml and register AID of Java Card Applet in a secure element into apduservice.xml ? – Dexter Moregan May 03 '14 at 06:53
1

No, while the Android HCE documentation lists the possibility to use secure element-based card emulation, there are several problems hindering the use of a secure element in current devices:

  1. Nexus devices have a proprietary API for access to embedded secure elements only (no API for access to UICC/SIM card-based secure elements seems to be available). However, newer Nexus devices seem to no longer include an embedded SE. Moreover, only Google (and possibly mobile network operators selling those devices) are able to use the permissions to access the SE API. (Otherwise you would need root permissions to add your app certificates to the list of permitted apps.)

  2. Nexus devices do not seem to enable the UICC for card emulation at all. Thus, even if you register applications for off-host card emulation, the UICC could not be used on such devices.

  3. Many other (non-Nexus devices) provide a secure element API based on the Open Mobile API (typically the SEEK-for-Android implementation or something based on it). Those devices seem to use that API mainly for access to a UICC/SIM card-based secure element. (No information about interaction with off-host card emulation service registration of Android 4.4 yet.)

  4. You need access to a secure element (i.e. you need to know the keys to install/manage applications on the SE). This is something that you typically don't get, unless you have a good cooperation with the device manufacturer (for embedded secure elements) or a mobile network operator (for UICC/SIM card-based secure elements).

Update

Android P features a version of the Open Mobile API: https://developer.android.com/reference/android/se/omapi/package-summary

Michael Roland
  • 39,663
  • 10
  • 99
  • 206
  • but in this link [link]http://developer.android.com/guide/topics/connectivity/nfc/hce.html Google said it can access if we define in AndroidManifest.xml and register AID of Java Card Applet in a secure element into apduservice.xml ? – Dexter Moregan May 03 '14 at 06:48
  • @DexterMoregan As I wrote in my answer: "while the Android HCE documentation [That's the document you refer!] **lists the possibility** to use secure element-based card emulation, there are **several problems hindering the use** of a secure element in current devices". Particularly that off-host + UICC does not work on Nexus devices (tested with Nexus 5 (Play Store, Germany) with Android 4.4.2) – Michael Roland May 03 '14 at 06:57
  • 1
    This is a really old question, but for completeness, the OpenMobile API was incorporated into Android in Android P. https://developer.android.com/reference/android/se/omapi/package-summary – JHH Nov 12 '19 at 13:47