Today is Donnerstag, 21st Februar 2019

SimplyTapp for CyanogenMod: How it works

In CyanogenMod 9.1, Android customized aftermarkt firmware, NFC enthusiast will find a new feature for contactless payment: SimplyTapp. SimplyTapp is an application that provides users with a basic wallet to store prepaid cards of various merchants. The cards can be obtained over-the-air and payment is done thru PayPal.

When it comes to storing the cards on the mobile device, things get more interesting. Currently wallet systems as Google Wallet or ISIS’s Wallet use the embedded secure element or the UICC as a save place to store the credentials and keys/certificates of payment cards. SimplyTapp hasn’t got access to the secure element, thus it simply stores the cards in an encrypted store on the device. Details on how the credentials are stored on the device were not found so far.

On the question is: how can be are smartcard emulation with a secure element? There has been a patch so NXP’s NFCLib of CyanogenMod already in January. This patch provided developers with interfaces for their application to emulate tags in Software. A similar feature is already available for RIM’s BlackBerry with their VirtualTarget.

Now SimpleTapp uses this feature in order to emulate the stored cards in Software. For our tests we obtained a prepaid Card with USD 5.00 for the Whole Foods Market (payment was done thru paypal). The Card was then loaded onto our device. After turning the device into (software) card emulation mode with SimpleTapp the external EMV reader successfully detected a Visa paywave Card.

Currently it is also not clear how the CryptoGram is calculated for the EMV transaction as this is a required security feature. Of course it could be the case that even the required EMV keys are store outside the secure element on the device. But this is very unlikely and requires further research.

Welcome at