Mifare SDK security

Forum / MIFARE SDK / Mifare SDK security

  • 7. November 2014 at 9:07

    The Lite lib needs "android.permission.INTERNET".

    The "Step by Step guide for using Mifare SDK to develop Android NFC Applications" explains that NXP wants to get one-time notification of the library usage to the NXP server ...

    Can we expect that the full/advanced library will not require this permission ?

    From a security point of view, using a closed source library requiring such permission is unacceptable.

    Frédéric SURLEAU
    + 1  |  - 0

    Re: Mifare SDK security

    10. November 2014 at 9:52
    Hi fsurleau,
    This is just for first time registration and do not need always.

    + 0  |  - 1

    Re: Mifare SDK security

    10. November 2014 at 11:11
    But why, exactly, is it necessary? As fsurleau said, from a security point of view it's unacceptable to have a connection to the internet if you don't know exactly what it's used for and what's being sent.
    I can understand you want to monitor the usage of the Mifare SDK but a connection to the internet of which it's not known what data is being send is not acceptable in some usages.
    + 1  |  - 0

    Re: Mifare SDK security

    3. July 2015 at 19:34

    We are creating application which often run offline for all the event. This is one of customer requirements.
    In this case MIFARE SDK Lite starts to alert about one-time registration and moreover stop running at all.

    We know that it should happen just at first run but the world is not ideal and there ware cases when we were needed to cleanup application and install it. This causes the situation when terminal stopped to work!!!

    This is unacceptable for our business for two reasons:
    1. We cannot rely on solution which can stop to work at some point at all.
    2. Customer must not see any warning messages which does not relate to its business.

    We are ready to get paid version in case it will work offline and will not show any alerts.
    Is there a solution at Mifare for our case?

    Best regards,
    Alexey Tikhvinskiy,
    ArrowPass, Inc.
    + 0  |  - 0

    Re: Mifare SDK security

    4. July 2015 at 21:35
    The message appears because MIFARE Team wants to count the usage of the app, so they can monitor that.
    But after first activation it should dissapear, atleast for me it does on the Advanced version on two different apps.

    I have to try on Money on a LITE version if there might be some issues.
    Will get back to you Alexey that day.

    + 0  |  - 0

    Re: Mifare SDK security

    6. July 2015 at 10:43
    Hey Alexey,

    Here are my answers:

    1. There were some issues with Servers previous days, that's why users were probably prompted several times to use the App Online. This is NOT a general use case!
    2. In the documentations (UserManual) on page 23 (Lite version) you have a Q&A, where this questions is also answered. So basically we just track the downloads of the Apps. And the Online requirement is only required ONCE. After succesful registration, users are not prompted for Online Access on their smart devices.

    If you have any questions / concertns, please ask.

    + 0  |  - 0
Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.