IssueTracker

Describe the Issue

Currently, NFC feels insecure because it can either only be toggled on or off globally. Once enabled, it remains active even when the phone is locked, making it vulnerable to unauthorized transactions. For example, someone could bring an NFC-enabled device near my phone while I’m unaware, potentially leading to unintended payments. It's like carrying a credit card in a non-RFID protected wallet.

Due to this risk, I only enable NFC when making a payment and turn it off immediately afterward, which is bit inconvenient.

Suggestions / Expected Behavior

1. Android already has app-level permission requests for sensitive features like location. There should be a mandatory permission for NFC access as well if the app uses it. The permission should also include an "Allow this time" option, similar to the location permission.

2. Alternatively, a more secure approach would be to enable NFC only when making a payment. The system could prompt the user for confirmation before turning on NFC. If the phone is in their pocket, the user won't be responding to the prompt, automatically preventing unintended use. Additionally, users could be given the option to specify how long NFC should remain active, with choices such as 5 minutes, 10 minutes, or indefinitely, before it turns off automatically.

3. Or the simplest method would be to prevent any NFC access when the phone is locked. At the moment, it is unclear whether NFC is on or off when the phone is locked, as this isn’t mentioned anywhere in the phone settings.

This would enhance security while maintaining convenience for users who frequently use NFC payments.