Developers Can Offer In‑App Apple NFC SE Transactions Soon

NFC SE

With iOS 18.1, developers can enable NFC contactless transactions apart from Apple Pay and Apple Wallet from within their own iPhone apps by utilising the Secure Element. Developers will be able to offer in-app contactless transactions for in-store payments, automobile keys, closed-loop transit, corporate badges, student IDs, home keys, hotel keys, merchant loyalty and rewards cards, and event tickets with the help of the new NFC SE (Secure Element) APIs. In the future, government IDs will be supported.

Since Apple places a high value on user security and privacy, this new approach was created to give developers a safe way to allow NFC contactless transactions from within iOS apps. The Secure Element, an industry-standard, verified chip made to securely store sensitive data on a device, is used by the NFC SE APIs.

Apple has committed substantial resources to developing a system that safeguards customers’ privacy and security during contactless transactions. This solution makes use of several of Apple’s own hardware and software innovations, such as Apple servers, biometric authentication, and the Secure Enclave. Users can double-click the side button on an iPhone to start a contactless transaction within an app that makes use of these APIs. Alternatively, users can open the app directly and designate it as their default contactless app in iOS Settings.

Developers will need to sign a commercial agreement with Apple, obtain the NFC SE entitlement, and pay the related costs in order to integrate this new option into their iPhone apps. This guarantees that access to the pertinent APIs will only be granted to approved developers who comply with industry and legal requirements and uphold Apple’s continuing security and privacy standards. In a future developer seed for iOS 18.1, developers in Australia, Brazil, Canada, Japan, New Zealand, the U.K., and the U.S. will have access to the NFC SE APIs; more locations will be added later. Apple Pay and Wallet will remain a simple, private, and secure experience for developers and customers alike.

Apple NFC SE

Platform NFC & SE for safe contactless transactions

With government IDs to be made available at a later time, iOS 18.1 will bring APIs that enable secure contactless transactions within compatible iOS apps using the NFC SE Platform for in-store payments, automobile keys, closed-loop transit, corporate badges, student IDs, home keys, hotel keys, merchant loyalty and rewards, and event tickets.

Apple created the NFC SE Platform, a secure system that lets approved developers add, store, and show a contactless card securely from within an iOS app for situations when NFC is used.

To enable safe and dependable NFC transactions on iPhone, the NFC SE Platform makes use of a number of hardware and software components, including Apple Servers, the Secure Element, and Secure Enclave. Developers and partners will find the platform an efficient part of a seamless and secure iOS experience, including transit operators, auto key manufacturers, and bank card issuers, to mention a few.

Developers wishing to incorporate secure contactless experiences into their iOS apps through these APIs will need to sign a contract with Apple and obtain the NFC SE Platform Entitlement in order to contribute to the protection of user privacy and security on iPhones. This guarantees that these APIs are only accessible to approved developers that comply with industry and legal regulations and maintain continuous security and privacy standards.

How it functions

NFC exchanges. When using compatible NFC terminals, users of qualified iOS apps can start NFC transactions directly from within the app.

App’s default configuration Users have the option to choose any compatible app as their preferred contactless app, allowing that app to include double-click and field-detect functionality.

Utilise field detection When a user brings their iPhone to a compatible NFC terminal and authenticates themselves (if their iPhone is locked), the default contactless app opens instantly.

Click twice When a user double-clicks the Home button or the Side button (for Face ID devices), or after authenticating themselves, the default contactless app opens automatically (if the iPhone is locked).

Assistance with non-default apps It is possible to stop the system default contactless app from opening and interfering with the NFC transaction by having eligible apps running in the foreground.

Requesting NFC & SE Platform access

You must do the actions listed below in order to provide iOS users with an NFC SE Platform-enabled experience as soon as the APIs become available. We’ll notify you when further information becomes available if you’re interested.

1. Sign a legally-binding contract with Apple. Commercial conditions and any applicable fees for the usage of the NFC SE Platform for secure credential presentation and storage are included in this agreement.
2. If you and Apple don’t already have a confidentiality agreement in place, get one now. It should be legal and enforceable.
3. You can request the NFC SE Entitlement for your iOS app and onboard your company into the Apple Business Register (ABR) once you and Apple have signed a legitimate agreement and confidentiality agreement.

• This entitlement guarantees your compliance with specific industry and regulatory requirements. These include adhering to industry security standards when handling personal data, possessing a license or an agreement with a licensed entity having the necessary certifications for your app, and making a commitment to ongoing security and privacy standards in order to access and use these capabilit Before submitting your request, it is your responsibility to make sure you meet these standards.
• After a legitimate contract is in place, the partner can use Apple Business Register (ABR) to source and send its applets to Apple in accordance with Apple’s specifications.

4. Examine your applet’s security using a designated lab

• Make sure your applet has been examined and approved by an impartial, accredited third-party lab before sending it to Apple to be placed on a user’s a iPhone. This validation verifies that the apple complies with Apple platform security guidelines, is safe to install on an iPhone, and is not dangerous.
• After that, you can send Apple your applet bundle and additional product specs for validation. After a successful verification process, the applet bundle is signed and hosted on Apple servers. It is then downloaded to an iPhone when the user provides the credential linked to your solution.

5. Create in-app user experiences in compliance with Apple requirements for provisioning, presentation, life cycle management, and presentation intent assertion APIs.

Provisioning: In response to an iOS app request made from your user’s iPhone, the Apple server will download the signed applet for the requested card scheme, make a memory partition on the Secure Element for the card, and then hand off control to the NFC & SE Platform partner servers for the card’s personalisation. After the card has been personalised, it is prepared for NFC transactions.

NFC Presentment and Transaction:

• The Secure Enclave must grant authorisation before an NFC transaction can be completed. This entails verifying that the user has authenticated using Face ID, Touch ID, or the passcode on the iPhone. The passcode can be used at any moment, even though Face ID or Touch ID is the default method if available.
• By opening an iOS app that is compatible with NFC and choosing the credential to show the NFC terminal, a user can start an NFC transaction by triggering a transaction authorisation API.
• The user is prompted by the transaction authorisation API to either double-click the side button and utilise Face ID for authentication, or to activate the Touch ID sensor and use fingerprint matching for authentication. In the event that biometrics aren’t working or are disabled, you can use the device passcode. The Secure Enclave transmits signed data about the type of authentication and specifics about the transaction type to the Secure Element upon user authorisation of a transaction, which includes a physical gesture conveyed directly to the Secure Enclave. The transaction data that is sent to the NFC field is prepared by the applet located within the Secure Element linked to the user’s chosen credential.
  • Life Cycle Management: By directly delivering the necessary commands to your iOS app, you can change a user’s credential info. The user can remove a provided credential from within the iOS app, or they can use FindMy to destroy the credential and start a remote wipe.

Presenting Intent Statement:

• App developers who meet the requirements can stop the system default contactless app from running and interfering with contactless transactions, allowing a smooth transaction experience.
• When the user indicates an active intent to make an NFC transaction, such as selecting a payment or closed-loop transit credential, or activating the presentment UI, you can obtain a presentment intent assertion to suppress the default contactless app. The intent assertion feature is limited to using your app while it is in the foreground.

The following scenarios result in the intent assertion expiring:

• The object of the intent assertion de-initializes.
• Your application disappears from view.
• Fifteen seconds pass.

Your app will have to wait 15 seconds to obtain a fresh intent assertion once the current one expires.

Important: It is against Apple policy to utilise the intent assertion API for purposes other than those associated with valid NFC transactions. Abuse of this API may result in the inability to install apps from the App Store or other marketplaces.

In summary, to be eligible for access to the NFC & SE Platform APIs, you need to be able to:

• Possess a current contract with Apple that permits you to use the NFC & SE Platform framework.
• Fulfil the requirements to be eligible for the feature you wish to incorporate into your iOS app.
• Limit functionality to users residing in the markets that qualify.
• Observe the requirements and guidelines for the NFC SE Platform listed below.
• Enrolled your company in the NFC SE Platform’s Apple Business Register (ABR).
• To gain access to the NFC & SE Platform Entitlement, submit a request and have it accepted.

NFC in iPhone SE

Design guidelines

A NFC and SE Platform experience in your app

Validate the card and app in the Transaction Authorisation document.

Repeat the app name and cards used for this transaction to reassure customers that the card they selected in your app is being used.

Only display the in-app NFC Transaction Authorisation sheet for compatible devices and users.

Use the CredentialSession.isEligible iOS API to verify contactless eligibility before presenting the NFC presentment sheet. If CredentialSession.isEligible returns False, your app cannot invoke the presentment sheet. Apps should conceal or disable CredentialSession-required functionalities when ineligible to improve user experience.

This solution differs from Apple Pay and Wallet.

Since the NFC & SE Platform is independent of Apple Pay and Apple Wallet, it’s important to distinguish the presentation experience.

• Avoid using Apple Pay or Apple Wallet logos in buttons that activate the in-app NFC presentment sheet for NFC transactions.
• Avoid utilising Apple Pay or Wallet-like graphics, logos, icons, or markings.
• Use no Apple Pay or Apple Wallet logos, emblems, or symbols in your NFC & SE Platform user experience. This covers any changes to the Apple Wallet UI, including the design of Apple Wallet passes for credit, debit, prepaid, driver’s license or state ID, transit cards, event tickets, keys, or the transaction checkmark.

Important: Violating the aforementioned design criteria is against Apple policy and may prevent App Store or alternative distribution installation.