Currently supported versions of NFC Card Emulator:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take the security of NFC Card Emulator seriously. If you discover a security vulnerability, please follow these steps:
- Open a public issue on GitHub
- Discuss the vulnerability publicly before it's fixed
- Email the maintainer directly at the email address listed in the repository
- Include the following information:
- Type of vulnerability
- Affected versions
- Steps to reproduce
- Potential impact
- Suggested fix (if you have one)
- Initial response: Within 48 hours
- Status update: Within 7 days
- Fix timeline: Varies based on severity
- Critical: 7-14 days
- High: 14-30 days
- Medium: 30-60 days
- Low: Next planned release
- You'll be credited in the security advisory (unless you prefer to remain anonymous)
- A security advisory will be published on GitHub
- Users will be notified to update
- Always use the latest version of the app
- Enable biometric authentication in settings
- Only add cards you personally own
- Never share your encrypted card data
- Be aware of your surroundings when using NFC emulation
- Follow the Coding Style Guide
- Never log sensitive data (UIDs, card data)
- Use Android Keystore for all cryptographic keys
- Encrypt all card data with AES-256
- Run security tests before submitting PRs
- Keep dependencies up to date (use Dependabot)
- This app is designed for non-payment cards only
- Payment card cloning is illegal and not supported
- Card emulation only works when app is in foreground
- No card data is transmitted over the internet
- All card data is encrypted using AES-256
- Encryption keys are stored in Android Keystore
- No plaintext card data is stored on disk
- Optional biometric authentication available
- ProGuard/R8 obfuscation enabled in release builds
- No hardcoded secrets or API keys
- Root/debugging warnings (non-blocking)
- Regular security audits recommended
- ✅ AES-256 encryption for all card data
- ✅ Android Keystore integration
- ✅ Biometric authentication support
- ✅ Foreground-only HCE
- ✅ No internet permissions
- ✅ Open source for security audits
This application is provided "as is" without warranty of any kind. Users are responsible for:
- Complying with local laws regarding NFC card usage
- Using the app only with cards they own
- Understanding the security implications of card emulation
NOT for use with:
- Credit or debit cards
- Payment cards of any kind
- Cards you don't own
- Accessing secure areas without authorization
We regularly update dependencies to patch security vulnerabilities. Current security-critical dependencies:
- AndroidX Security Library
- Android Biometric API
- Room Database (with encryption)
Security updates are monitored via:
- GitHub Dependabot
- Android Security Bulletins
- CVE databases
We follow responsible disclosure practices:
- Vulnerability reported privately
- Fix developed and tested
- Security patch released
- Public disclosure after users have time to update
- Credit to reporter (if desired)
For security issues only: Create a security advisory
For general issues: GitHub Issues