New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Germany Says iPhones Running iOS 13 Will Be Able to Read NFC Tags in National ID Cards and Passports

When iOS 13 arrives, iPhones will be able to read a wider range of Near Field Communication (NFC) tags, including the NFC tags often used in official documentation. Last week, The Verge reported that Japan had confirmed its national identity cards would support iPhone through a government-developed app, and now we're hearing that German authorities are also gearing up to make several forms of ID compatible with iPhone NFC interfaces.

Image via iphone-ticker.de

First spotted by tech blog iphone-ticker.de, Germany's interior ministry has announced that iOS 13 will soon allow Apple users to load national ID cards, residence permits, and biometric passports onto their iPhones. At the same time, the federal government's AusweisApp2 will be updated for iOS 13 to support the digital ID function.

In current and earlier versions of iOS, Apple has restricted the NFC reader in iPhones to Apple Pay. iOS 13 removes that technical limitation so that iPhones can scan more NFC chips, but developers must gain approval from Apple before their apps can implement the feature.

In another example of Apple opening up NFC access, the U.K. government recently confirmed that it had reached a deal with Apple to make its Brexit app for EU citizens' residency rights work on iPhones via the NFC chip. According to the German ministry, it and many other states have been in contact with Apple for a long time to negotiate NFC access, so users can expect other countries to announce official documentation support in the run-up to iOS 13's release in the fall.

(Thanks, Chris!)

Related Roundups: iOS 13, iPadOS
Tags: NFC, Germany


Top Rated Comments

(View all)

5 weeks ago
Say what now? Germany one of the first to offer such a feature? Did hell freeze over?

Or is a digital passport already available in other countries.
Rating: 10 Votes
5 weeks ago

At some point, I suppose people will realize that being fully monitored 24/7 from either governments or businesses is not a good thing. The problem is that when it's too late, people say "we are all controlled by big-bro, there's no escape"... but when there was a chance to escape, they all cheered up and welcomed the full electronic control of their lives.

It's eerie to realize that movies like "1984" or "Gattaca" are not sci-fi anymore.

BTW: Will you also cheer up if the FBI can use this, or is it cool for every government agency but the FBI?

I do understand your reservedness here, but from my understanding this is only a digital representation of an official document, which allows you to reduce the amount of plastic cards you carry around.

When you get controlled by some authority (e.g. police doing road check), you would have to present your ID Card anyway. I can't see the difference to presenting a digital representation.

If you're afraid of being tracked: Having a digital representation of your ID card (or driver's license etc.) on your smartphone is the least of your problems - it'd be more about switching that wiretap device off that you carry around all of the time.

This all assumes, of course, that there is no secret backdoor allowing whatever agency to spy unnoticed by installing "special software" in secret. But if Apple would allow this and it would ever come to light, Apple would have its reputation destroyed, which may be a devastating (if not lethal) blow to the business model of the whole company - even more so, as they seem to be busier than ever explaining to people how much they value privacy and to which lengths they go to ensure it.

btw.: "Gattaca" is less about 24/7 monitoring, but instead much more about the ethical problems of being able to analyse (and manipulate) genetic prerequisites and deduct predictions for the whole life development of an individual person. Can't really see the relation to having a digital representation (i.e. different "physical" form) of a simple ID card, which is mandatory in many countries anyway. Or do you question the requirement for an ID card in the first place?
Rating: 5 Votes
5 weeks ago

It’s kind of controversial. Surveillance/privacy concerns vs. fairy limited end user benefits.

This thing here has nothing to do with privacy...

What about strangers at the airport loading your ID into their phones?

It doesn't work like that. A SmartCard is called SmartCard because it's actually smart. Much like an EMV transaction (pay using chip+pin, also most NFC transactions), the SmartCard doesn't just stupidly pass along the data that's stored on it, e.g. your name and birthdate and so on. This is the major difference to using a magstripe. The SmartCard is a small cryptographic processor (much like the SecureElement in an iPhone). It gets a request which it answers with a digitally signed reply.
Example (in a nutshell) based on an EMV transaction:
Terminal: "Please approve payment to Walmart with accountID12345678 in the amount of XXX. Date: xxx"
SmartCard: "I approve payment to Walmart with accountID12345678 in the amount of XXX. Date: xxx + digital signature"
In a secure environment the card will require the PIN to unlock the signing process.

As such it's impossible to copy a SmartCard, which essentially prevents identity theft.

In comparison: a credit card swiped (or even when used per NFC in some cases) just sends out "My number is 1234 5678 9012 3456, Expiry 02/20, owner: John Doe". Stealing this information is of course very easy...
(If the terminal expects this plaintext reply but the NFC card is set to only reply with a SmartCard-style digitally signed reply, it will reject the transaction. This is one of a few reasons why some European credit cards don't work with old NFC terminals, which are quite common in the US.)

So where are the safeguards against digital identity theft?
Using NFC scanners to steal information has been a real threat for at least two decades.

NFC is just the technology to transmit data (like ethernet or WiFi). If your NFC card is just a dumb tag, that sends out a userID (or credit card number), it's insecure as that data can just be copied to another card that sends exactly the same reply.
If the card instead sends one-time passwords, that's more secure, but if OTP is intercepted & re-used in real time, it's not acceptable for high security.
If the card performs a cryptographic process (actual SmartCard) it can be programmed to require a PIN or other kind of approval mechanism. The digital signature as explained above will secure the transaction/login/...
If you don't even trust the reading terminals PIN pad (if PIN would be entered on a non-secure keyboard like on a laptop), best choice would be a card that has an embedded authentication mechanism, like this one: https://directrm.com/da-pin-pad-smart-card/

Could someone please explain the use case? Why would I want to NFC-read my ID or that of someone else?

I’m clearly missing something here hmm

Yes, you do. These IDcards can proof your identity and age without human intervention and allow to sign documents electronically (properly, not some shady signing on the touchscreen).
Use case:
Signing of any kind document
Age verification (online)
ID provider (can be used to securely log on to websites without passwords)

In fact, an NFC+PIN SmartCard is the most secure way to log into anything. It would be the ultimate solution to get rid of stupid passwords while maintaining maximum possible security.

I recommend checking out YubiKey website as their device is practically a SmartCard in a different shape.
Rating: 4 Votes
5 weeks ago
At some point, I suppose people will realize that being fully monitored 24/7 from either governments or businesses is not a good thing. The problem is that when it's too late, people say "we are all controlled by big-bro, there's no escape"... but when there was a chance to escape, they all cheered up and welcomed the full electronic control of their lives.

It's eerie to realize that movies like "1984" or "Gattaca" are not sci-fi anymore.

BTW: Will you also cheer up if the FBI can use this, or is it cool for every government agency but the FBI?
Rating: 4 Votes
5 weeks ago

I wish my ID photo looked that good.


So get yourself a blonde wig and some blue-tinted contacts?
Rating: 4 Votes
5 weeks ago

Say what now? Germany one of the first to offer such a feature? Did hell freeze over?

Or is a digital passport already available in other countries.


US passports already have a chip, for years, actually. You can feel it in the front cover.

https://www.dhs.gov/e-passports
Rating: 3 Votes
5 weeks ago

US passports already have a chip, for years, actually. You can feel it in the front cover.

It's an international standard: https://en.wikipedia.org/wiki/Biometric_passport

The chip has been in many countries’ passports for some time now but that doesn’t make them digital passports unless you can leave the physical one at home. ;)
Rating: 3 Votes
5 weeks ago
I wish my ID photo looked that good.
Rating: 2 Votes
5 weeks ago

At some point, I suppose people will realize that being fully monitored 24/7 from either governments or businesses is not a good thing. The problem is that when it's too late, people say "we are all controlled by big-bro, there's no escape"... but when there was a chance to escape, they all cheered up and welcomed the full electronic control of their lives.

It's eerie to realize that movies like "1984" or "Gattaca" are not sci-fi anymore.

BTW: Will you also cheer up if the FBI can use this, or is it cool for every government agency but the FBI?


The notion that you had any privacy for the past 10 years, with the exception of the thoughts inside your head is quaint, if not outmoded.

At least here in the US, if you have a driver's license or passport. Your photograph is all ready in the FBI facial recognition database, with access to millions of data collection points a day. Every time you pass through a toll booth on an interstate, or one of those "pay by plate" toll gantries, they take a picture of the driver. Even if you have EZ Pass or it's equivalent, they still snap your picture. Why? Because they can. Those pictures can be used to track you.

Same thing with the surveillance cameras that are all ready everywhere (both government run, and those run by private entities that partner voluntarily with the government). Go to a professional sporting even, an airport, a mall, often times a park. They got ya.

Documents for crossing national borders have had RFID chips in them for years. What's on the chip is simply a digital representation of the antiquated international encoding standard for the information at the bottom of the photograph page. The document scanned through an optical reader, fed into a database and checked. The only thing different is the collection method. Instead of optical reader, the system is using RFID technology.

Driver's licenses in the US have had bar codes on them that meet a universal standard nationwide for almost 15 years now. When you hand it to a police officer, or other government representative with access to the database, it's scanned via optical reader and the same data that's on the card is passed through the system. Using RFID to pass this information isn't a serious departure from the implementation of the technology as it is used at present. It simply eliminates the need for a stand alone optical scanner and the fixed costs associated with the gathering point of the information.

When it's too late? That ship sailed a long time ago. You use any technology (cell phone, smart phone, credit card/debit card/atm. Make a withdraw at a bank, drive a car with OnStar installed whether it's activated or not, get your paycheck direct deposit), well, they've got you. The machine learning they now use to comb banking records are to the point where they can tell if you like your scotch on the rocks or neat. That's not an exaggeration.

Only way to dodge "the man" these days is to amass about $250,000 in cash, go south of the border with no credit cards, debit cards, or cell phone, buy a burner when you get to Mexico (don't talk on it), crawl across the mountains and buy a shack in Belize under an assumed name. Then live off scorpions and millipedes for the rest of your days.

If you knew the TRUE extent of what's all ready in place as we have this polite exchange, you would probably drop an o-ring or hack up a lung. I've seen it in action first hand, and everything I saw was 5+ years ago. Given the natural progression of technology, everything I've seen is in "buggy whip" territory by now.

Reading the RFID chips in cards is small small potatoes. Worst thing it's gonna do is get you on the airplane a little faster after you endure the Kabuki theater that is a TSA grope....
Rating: 2 Votes
5 weeks ago
Actually surprised we're for once some frontrunner in an tech area...
Rating: 1 Votes

[ Read All Comments ]