iOS NFC Double Engagement Bug: Race Condition Causes Failed Verifications

[dariocast]

iOS NFC Double Engagement Bug: Race Condition Causes Failed Verifications

Problem Description

iOS applications using multipaz for NFC-based mDL verification experience a race condition where a second NFC engagement occurs during BLE data exchange, causing verification to fail. The wallet receives two separate engagements with different ephemeral keys, leading to connection failure.

Root Cause

In NfcTagReader.ios.kt, there's a timing window between successful NFC engagement completion and NFC session invalidation. During this window (approximately 2-3 seconds), a second NFC tag detection can trigger another complete handover sequence before the session is properly closed.

Evidence from Logs

To replicate the error we used an Android wallet and the problem appears everytime we attempt an nfc verification. With QR + BLE verification the problem doesn't appear. These logs are a summary of the log we see from the bluetooth components on the device.

2026-01-08 17:24:16.468 - First engagement: DeviceEngagement with key "79e2a7795d..."
2026-01-08 17:24:17.592 - BLE connection established
2026-01-08 17:24:19.449 - DeviceRequest received over BLE
2026-01-08 17:24:19.456 - SECOND engagement: NEW DeviceEngagement with key "7575240b..." (different!)
2026-01-08 17:24:19.492 - Second SELECT APPLICATION APDU sent

Impact

• Verification fails after successful NFC engagement and BLE connection
• Wallet receives duplicate/conflicting engagement data
• Poor user experience with intermittent failures
• Particularly problematic for iOS where NFC session handling differs from Android

Proposed Fix

Add guard flag and immediate session invalidation to prevent second tag detection during the race window:

1. Add interactionCompleted flag to IosTagReader class
2. Guard against second tag detection in didDetectTags callback
3. Invalidate NFC session immediately after successful engagement for BLE transport
4. Update session handling logic in beginSession method

Code Location

File: multipaz/src/iosMain/kotlin/org/multipaz/nfc/NfcTagReader.ios.kt

This affects the iOS NFC implementation in multipaz library and should be prioritized for the next release to fix NFC verification reliability issues.

[davidz25]

How long is the holder's device in the NFC field of the reader? The way the interaction is designed is such that you are supposed to tap, not hold the two devices together like a sandwich...

I'll try to see if I can reproduce this.

[dariocast]

We tried applying the fix and the double scan appear to have gone 90% of times but therefore it isn't a fix. We also tried doing the simple tap, without holding, and it appear to mitigate the problem

[davidz25]

I tried reproducing this with Multipaz TestApp on an iPhone as the reader and Multipaz TestApp on an Android phone as the wallet. I cannot reproduce this.

Are you calling NfcTagReader.scanMdocReader() in a loop? If so, that would explain the behavior and you shouldn't do that...

[dariocast]

At the moment there is no loop, we use it in a kotlin multiplatform library method using coroutines. Specifically we use:
val scope = CoroutineScope(SupervisorJob() + Dispatchers.Main)
a preliminary scope and then, inside we use:
val verificationScope = CoroutineScope(Dispatchers.Main + handler)
where handler is an exception handler. As far as we know, the nested coroutine scopes should not interphere in the scenario (indeed on android it works correctly)