I am working on an app which can read an NFC tag and use this info to send to server via API call. NFC tag contains a key/text written by me as well. Now my server will verify this key and allow the app to unlock a feature. I have two question regarding this but did not find any suitable answer anywhere.
1: NFC Tags are easily readable by any third party app. I would like to restrict my tag to readable for my app only. is it possible?
2: If anyone can read my tag then, they found the key even the encrypted one, they can write it to new tag and use my app to crack the functionality. How to handle this?
As per my research we can not get UID of NFC Tag in iOS but we can get this in Android. If we use UID and my key combination then it seems working. But I have read that there are some Chinese vendors who provide NFC Tags that serial number are also re-writeable. So it seems not a good solution.
How other apps use NFC for Payments securely? Or how to uniquely identify an NFC Tag?
My R&D reference links are
Serials on NFC Tags - truly unique? cloneable?
https://help.gototags.com/article/reading-nfc-chips-uid-ios/
