search

mclear / Android_NFC_Ring_Unlock

Issues and Wiki for the Android NFC Ring Unlock app
22 stars 7 forks source link

Other (non-unlock) tags read & actioned while locked #55

Open jezmck opened 10 years ago

jezmck commented 10 years ago

One side (white) of my ring is unlock, the other (black) is my own web address.

My ring spins round sometimes, sometimes I'll try and unlock with the black side.

When I then unlock with the correct side my browser has opened the link.

ElliotFriend commented 10 years ago

I found the same to be true on my Galaxy Nexus. :+1:

Lokki-P commented 10 years ago

If running xposed framework with NFC set to always on this would be expected behaviour.

Lokki-P commented 10 years ago

*additional to that with standard unmodified phone, if the screen is active then NFC is active and will attempt to read tags, this is why you're seeing the result of a read on the wrong side of the ring when you do actually unlock.

r2DoesInc commented 10 years ago

This is the normal Android behavior. Nothing can or will be done to modify this.

JohnMcLear commented 10 years ago

Re-Opened as it this is a critical security issue and not resolved, it might not be resolvable so should be left documented as unfixable but closing it burries it too deep. So keeping this open as a bug but also mindful it's probably not fixable with the current APIs we have available.

r2DoesInc commented 10 years ago

fair assessment, works for me.

jezmck commented 10 years ago

Glad this is reopened, seemed rather rude to close it.

I know this isn't the app's problem to fix, but if a phone's locked, it shouldn't be possible to get it to do stuff with maliciously-crafted NFC tag.

r2DoesInc commented 10 years ago

For me, if nothing can be done to change the behavior, the issue - in my mind - is closed. I understand that here, "Closed" means something a bit different so its not applicable. I wish closing an issue didn't prevent comments, but oh well.

The end result is that this is not possible. There is no way to prevent the tags from being read. Tag reads happen behind the lock screen, I cannot intercept them in any way. On Apr 30, 2014 4:05 AM, "Jez McKean" notifications@github.com wrote:

Glad this is reopened, seemed rather rude to close it.

I know this isn't the app's problem to fix, but if a phone's locked, it shouldn't be possible to get it to do stuff with maliciously-crafted NFC tag.

— Reply to this email directly or view it on GitHubhttps://github.com/mclear/Android_NFC_Ring_Unlock/issues/55#issuecomment-41770484 .