Looking at evaluating an NFC tap-and-pay Android app. Are there any specific gotchas I should be looking for, and/or any best practices for NFC on Android? I tried looking at the EMV spec, as well as on the Android developer website, but there isn’t anything helpful there.
Preferably some sources as to why this should be secured would be good.
If I don’t get anything, I’ll just take it as an arbitrary user input – however, I’m looking for more protocol-level or OS-level attacks against an environment like this.