NFC Passkey Bridge

VivoKey NFC Passkey Bridge makes it possible to use your Android 14 or later phone as an NFC passkey bridge for FIDO / passkey operations on desktops, laptops, and tablets that do not have an NFC reader attached or integrated.

Flexible NFC presence during PIN entry

If you tap your NFC Passkey Bridge prompts you to enter a PIN code, you are free to remove the token from the phone during this process. You will simply be prompted to re-scan your token after PIN submission.

Configuration

Once NFC Passkey Bridge is installed, you will need to configure your Android 14+ phone to present NFC Passkey Bridge as an option for passkey operations. You do this under Settings → Passwords, passkeys & accounts.

Beware, certain Android phone vendors move these settings around. For example, on some Samsung phones, you will need to go to Settings → Security and Privacy → More Security Settings → Passwords, passkeys, and autofill.

If you use some sort of password caching or password management on your phone already, you should choose to configure NFC Passkey Bridge as an additional service. If you do not use any sort of password management on your phone, consider setting NFC Passkey Bridge as your preferred service.

What about iOS / Apple?

NFC Passkey Bridge acts as a "Credential Provider Extension" on iOS to intercept FIDO2 requests like passkey registration and authentication. Unfortunately, Apple heavily restricts app extensions to simple network requests and blocks access to NFC, Bluetooth, and other forms of communication necessary for NFC Passkey Bridge to function on iOS.

However, it is possible to us an Android phone with NFC Passkey Bridge to scan passkey request QR codes from MacBook and Mac products running MacOS and route those requests to an NFC passkey token.

 

Privacy Policy for VivoKey Passkey Bridge

Effective Date: October 10th, 2025
Owner/Publisher: VivoKey Technologies, Inc.

Quick summary

  • We don’t collect, store, or share any personal data.
  • The app is a local bridge that registers as an Credential Provider on the mobile phone and relays FIDO (WebAuthn/CTAP) requests to an NFC passkey/security key.
  • No accounts, no analytics, no ads, no tracking, no cloud.

What this app does

This app integrates with mobile credential APIs to handle passkey registration and authentication requests. When a relying party (website/app) asks the phone for a credential operation, the app forwards CTAP/CBOR messages to an NFC FIDO security key and relays the response back to the system. All processing is on-device and between the OS and your NFC token.

Data we do not collect

We do not collect, store, or transmit:

  • Names, email addresses, phone numbers, account identifiers
  • Credentials, private keys, or biometric data
  • Location data, contacts, photos, or files
  • Device identifiers or advertising IDs
  • Usage analytics, crash analytics, or diagnostics

We do not run our own servers for this app and we do not send any data to third parties.

Data that may be handled locally (but not collected)

During credential operations, standard FIDO/WebAuthn data structures (e.g., relying party ID, challenge, credential IDs, public keys, authenticator responses) are handled transiently in memory to perform the operation and then discarded. We do not persist these data, write logs containing them, or transmit them to us or to any third party.

Important: Your private keys never leave your NFC token; the app merely transports protocol messages to and from the token.

Permissions

  • NFC: Required to communicate with your NFC security key.
    The app does not request permission to access contacts, location, camera, microphone, storage, or Bluetooth (unless your specific hardware requires it and you explicitly enable it).

No accounts & no profiling

The app does not create or require user accounts. We do not profile users or devices.

Children’s privacy

This app is intended for general audiences and technical users. It does not collect personal data from anyone, including children. If you believe a minor has provided us information directly (e.g., via support email), contact us and we’ll delete it.

Third parties and transfers

We do not share data with advertising, analytics, or data brokers. We do not transfer data internationally because we do not collect or store data in the first place. Interactions with websites or apps that request passkeys are governed by their privacy policies.

Security

  • Private keys remain on your NFC authenticator.
  • We do not maintain servers or databases for this app.
  • Transient data handling occurs in memory and is not persisted by the app.

Retention

We retain nothing. If you contact us for support, we will use the information you provide only to respond and will delete it once the request is resolved.

Your rights

Because we do not collect or store personal data, requests related to access, correction, deletion, portability, or objection generally do not apply.

Changes to this policy

If we make material changes (for example, if we add telemetry or server features in the future), we will update this policy and change the Effective Date above. We will keep the app’s behavior aligned with this policy.