android - Can I prevent Host Card Emulation service from being triggered by select AID?

Question

I have an Android app with a service registered to Android beam and a service registered to host card emulation. I want to decide when to enable/disable the HCE service in the code. The HCE service in the manifest looks like this -

<service
        android:name="com.bimo.verifonewallet.service.MyHostApduService"
        android:exported="true"
        android:permission="android.permission.BIND_NFC_SERVICE" >
        <intent-filter>
            <action android:name="android.nfc.cardemulation.action.HOST_APDU_SERVICE" />
        </intent-filter>

        <meta-data
            android:name="android.nfc.cardemulation.host_apdu_service"
            android:resource="@xml/apduservice" />
    </service>

In fact, when the smartphone receives a select AID command (with the services AID), the service is triggered and the function of the service onCreate() is executed and after the transaction is finished, the function onDestroy() is invoked.

Therefore when I do startService() and stopService() from the main activity it has no effect.

Can I control if the service be invoked or not?

Answer 1

You could try¹ to disable the whole service component (see this question/answer) and only enable the service while your activity is in the foreground:

public void onResume() {
    super.onResume();

    PackageManager pm = getPackageManager();
    pm.setComponentEnabledSetting(new ComponentName(this, "com.example.app.HceService"),
                                  PackageManager.COMPONENT_ENABLED_STATE_ENABLED,
                                  PackageManager.DONT_KILL_APP);
}

public void onPause() {
    super.onPause();

    PackageManager pm = getPackageManager();
    pm.setComponentEnabledSetting(new ComponentName(this, "com.example.app.HceService"),
                                  PackageManager.COMPONENT_ENABLED_STATE_DISABLED,
                                  PackageManager.DONT_KILL_APP);
}

However, I would strongly suggest that your HCE service still responds to certain commands (particularly application selection) and that you only block security/privacy relevant commands. You could, for instance, do this by setting a flag in your app's shared preferences (see this question on why shared preferences would be the prefered approach) that indicates if the service is allowed to perform certain actions or not. You could then query that flag within the HCE service and decide what functionality should be available over HCE.

Also keep in mind that completely disabling your HCE service (using the above method) might allow another application (malicious or not) to take over communication for your AID.

---

¹) I haven't checked the Android source on when the list of HCE services is created and updated. So it might be the case that the list of HCE services (known to the NFC system service) might not be updated on every setComponentEnabledSetting() call.