The authentication with the German eID card uses the „Extended Access Control“ protocol according to [BSI-TR3110] as depicted in the following figure. This protocol in particular comprises in step (2) the so called „Terminal Authentication“, where the card-verifiable certificate (cert) of the service provider (eService) is transmitted from the PICC-SAL via the IFD-API according to [ISO24727] and the NFC-stack of the smart phone to the eID card (PICC) in order to be verified with a corresponding VERIFY CERTIFICATE command according to [ISO7816] (part 8, section 11.11).
Unfortunately the currently available NFC-enabled smart phones do not support extended length APDUs and consequently the verification of the card-verifiable certificate and hence the entire authentication protocol fails. On Android-based smartphones the supported APDU-length can be determined with the getMaxTransceiveLength function for example. While the typical size of the transmitted certificates is more than 400 Bytes, many currently available smartphones are only able to transmit 261 Bytes via NFC without major modifications of the operating system.
It remains to hope that future smart phones will be able to support longer APDUs and/or future generations of eID cards will support the so called „Command Chaining“ according to [ISO7816] (part 4, section 22.214.171.124).