I don't want to carry my bank cards in my wallet due to the increase in pickpocketting, swipe attacks on the cards, etc.
And I also don't want to use GooglePay (don't even know if it works with GOS) since it's not as private as ApplePay, and I don't want to buy an iPhone and carry two phones just so I can use ApplePay.
Here's a stupid idea I'm exploring: keep a GrapheneOS phone at home with my credit card on its NFC sensor. I'd build an app that would act a proxy between both, the phone at home, and the one in my pocket (both GOS).
When I'm at a payment terminal, my phone's app would open a socket to the home phone's app, acting as a blind proxy. My phone would relay the terminal's messages to the home phone, which would communicate with the card, and vice versa. I don't plan to decrypt the data; I just want to forward it to complete the transaction.
What would I achieve? I'd no longer worry about losing my card or close proximity attacks, as my phone's NFC would only activate when I want it to, unlike a card which always accepts connections.
Let's set aside security concerns and the effort required to ensure the two apps communicate securely. Is there anything in AOSP or the NFC system that would hinder my attempts?
- Does the phone NFC broadcast its presence as "Hi I'm an Android phone"?
- Does a payment terminal NFC broadcast its presence as "Hi I'm a payment terminal"?
- Will the card only communicate with a payment terminal?
- Will the payment terminal communicate with my Android phone, even though it's not a bank card or ApplePay?