EU Officially Objects to Apple Limiting Third-Party Access to Apple Pay NFC Capabilities

[I7guy]

[...]

We are basing our debate around the current paradigm but this can and should be shifted. Forcing Apple and WhatApp to share messaging API's? An absolute nightmare of security and vulnerability. Getting a consortium to design an open E2EE messaging standard (like how email works) for the whole mobile industry to use? Solution!

[...]

Email is an industry standard at this point. Imessage is a proprietary, value added product from a company producing a hardware/sofware bundle...quite the difference. And imessage already does interact with the lcd ()lowest common denominator) of SMS.

 

[Sophisticatednut]

Email is an industry standard at this point. Imessage is a proprietary, value added product from a company producing a hardware/sofware bundle...quite the difference. And imessage already does interact with the lcd ()lowest common denominator) of SMS.

EMAIL isn’t an industry standard. It’s just a name for a system. And this is how messenger can be constructed around.

There are three common protocols used to deliver email over the Internet: the Simple Mail Transfer Protocol (SMTP), the Post Office Protocol (POP), and the Internet Message Access Protocol (IMAP)

SMTP, POP, and IMAP mail messages are encrypted using SSL/TLS, ensuring privacy on your network.
Directly stated by apple

 

[RadioHedgeFund]

EMAIL isn’t an industry standard. It’s just a name for a system. And this is how messenger can be constructed around.

There are three common protocols used to deliver email over the Internet: the Simple Mail Transfer Protocol (SMTP), the Post Office Protocol (POP), and the Internet Message Access Protocol (IMAP)

SMTP, POP, and IMAP mail messages are encrypted using SSL/TLS, ensuring privacy on your network.
Directly stated by apple

This person gets it.

Its not about changing iMessage; its about changing messaging as a whole so you can send a message from iMessage to WhatsApp without issue.

 

[I7guy]

EMAIL isn’t an industry standard. It’s just a name for a system. And this is how messenger can be constructed around.

There are three common protocols used to deliver email over the Internet: the Simple Mail Transfer Protocol (SMTP), the Post Office Protocol (POP), and the Internet Message Access Protocol (IMAP)

SMTP, POP, and IMAP mail messages are encrypted using SSL/TLS, ensuring privacy on your network.
Directly stated by apple

Email protocols are an industry standard, which loosely means email is an industry standard. Email clients aren't standard.

 

[RadioHedgeFund]

Email protocols are an industry standard, which loosely means email is an industry standard. Email clients aren't standard.

No, but I can send an email from one client to another without issue.

We need an industry IM standard that works cross-client like email.

 

[BaldiMac]

This person gets it.

Its not about changing iMessage; its about changing messaging as a whole so you can send a message from iMessage to WhatsApp without issue.

What neither of you get is that e2e encryption between networks is an extremely hard problem that requires multiple levels of trust and complexity. It also exacerbates problems that have plagued email such as identity verification and spam.

No, but I can send an email from one client to another without issue.

We need an industry IM standard that works cross-client like email.

Email is a horrible standard to emulate.

 

[Sophisticatednut]

Email protocols are an industry standard, which loosely means email is an industry standard. Email clients aren't standard.

Just as Bluetooth 5 and Wi-Fi 6 is a industry standard wireless communication technology. The client can be anything as long as it has the ability to communicate with these standards it’s interoperable.

 

[I7guy]

Just as Bluetooth 5 and Wi-Fi 6 is a industry standard wireless communication technology. The client can be anything as long as it has the ability to communicate with these standards it’s interoperable.

Correct. As long as the vendor wants to support those protocols. Most of the world does not legislate proprietary and value added products on mass produced for consumer oriented devices.

 

[I7guy]

No, but I can send an email from one client to another without issue.

We need an industry IM standard that works cross-client like email.

Sure. For those vendors who want to participate with the intellectual property. For those don’t, cest le vie.

 

[Unregistered 4U]

No, but I can send an email from one client to another without issue.

We need an industry IM standard that works cross-client like email.

Isn’t that SMS? I can send an SMS message to any phone I know the number of.

 

[I7guy]

No, but I can send an email from one client to another without issue.

We need an industry IM standard that works cross-client like email.

Whatsapp, signal and the others. These companies have volunteered to make a product that is cross platform.

 

[Unregistered 4U]

So, I believe SSL/TLS just means that you’re connecting to a trusted email server. The connection is encrypted, but, at rest at the email provider, it’s not encrypted. It’s encrypted again when transmitted to another trusted email server, but again, at rest, unencrypted. This enables the automatic scanning they do for security threats and malware attachments (if the data was always encrypted, all they’d see is a packet of a certain being transmitted).

The broad expectation is that between one trusted server and another, there shouldn’t be any worries. For people that implicitly trust all the humans that work at all the email providers? This isn’t a problem for them. There are still a few people that feel that as long as there’s a human in the path, it’s a security risk (this is why most large companies set up and administer their own email servers). And, also why these companies tell their employees not to put any critical information in external emails… and why, when requested as part of an investigation, companies can provide the text of any emails sent or received within a reasonable timeframe… you get the picture.

SMS is like email. The “SSL/TLS” for SMS are the technologies they use to connect you to their network. Any “works like email” solution for instant messaging would yield connections where the messages in transit are readable by all the providers (just like SMS is readable). For a lot of people, those encrypted connections are an important part of the entire feature and they’re fine using WhatsApp to chat with folks on WhatsApp or Signal to chat with folks on Signal because that’s a small price to pay for the security.

There are those that just figure that “technology can do anything” and assume that if they can think of it, it can be done. Unfortunately, when you’re talking about security and technology, there are a few tried and true ways to obtain it. And Flexibility and Security are usually at opposite corners where you have to design more for one or the other.

 

[RadioHedgeFund]

Isn’t that SMS? I can send an SMS message to any phone I know the number of.

Its more like Google's RCS standard where you can create groups and such but cross-platform. Plus SMS doesn't send pictures of GIFs.

 

[Sophisticatednut]

What neither of you get is that e2e encryption between networks is an extremely hard problem that requires multiple levels of trust and complexity. It also exacerbates problems that have plagued email such as identity verification and spam.

This have been fixed for decades. The biggest hinder is brand lock-in.

Nothing is stopping multiple protocols to exist side by side separately. Nothing stops every conversation to use it’s own uneque public and private key without sharing it with a server or for the server to be able to read it. Apple does it and signal does it etc

 

[JKAussieSkater]

What "NFC smartphone" market? It didn't exist before Apple got there! Banks wanted permission to negotiate together (aka collude) in order to prevent a brand new competitor from entering a brand new market. They just wanted to take advantage of Apple's new technology without paying Apple.

Sounds like you are taking the banks argument at face value.

Now I know you didn't read the article. You're just forming an opinion based on speculation or some sources beyond the scope of the article I referenced and linked to.

As for the "NFC smartphone market not existing before Apple got there"… Wikipedia has a page showing that NFC mobile phones began no later than the Nokia 5140 in 2003, and for smartphones no later than the Nokia C7 in 2010. Apple's first NFC device was the iPhone 6 in September 2014. Apple was rather late to the game, wouldn't you say?

As for the banks preventing a competitor, which I feel I already addressed in my previous reply to you, Australia is a notable leader in contactless payments. The Reserve Bank of Australia (who actually mint the cash and loan money to the banks) released the statistics of how Australians paid in 2019: Only 1/20 transactions are made with mobile phones (i.e. Apple Pay / Android Pay), whilst 4/5 (or comparatively, 16/20) are made with physical contactless debit/credit cards. Based on this information alone, to say the Banks were preventing competition rather than seeking to use NFC technology is a little absurd... Apple Pay has barely made a splash in the ocean of Australian transactions, because Australians had already been using contactless payments for almost a decade before Apple Pay was introduced.

 

[Unregistered 4U]

Apple does it and signal does it etc

Apple does it from one Messages client to another Messages client with only them in between. Signal does it from one Signal client to another Signal client with only them in between. This is how everyone that HAS implemented it has implemented it.

Signal doesn’t have Apple’s encryption keys, so the only thing Messages could send to Signal is an encrypted glob.

 

[Sophisticatednut]

Apple does it from one Messages client to another Messages client with only them in between. Signal does it from one Signal client to another Signal client with only them in between. This is how everyone that HAS implemented it has implemented it.

Signal doesn’t have Apple’s encryption keys, so the only thing Messages could send to Signal is an encrypted glob.

Its almost you didn’t even have expand that analogy to a solution. How do you think difrent banks communicate with E2EE encryption using different protocols and encryption technology

Your private key is always on your phone and never leave it and unique to your phone.

The public key is what’s shared.
And there is nothing stopping apples iMessaging client to use signals protocol to send to a signal server that goes to the signal app.

Apple doesn’t have your encryption key’s. Your phone does.

 

[5232152]

Sounds like the experience you’re looking for is available on Android. The “people” have the power to not buy an iPhone and choose Android instead if they don’t like how iOS works. Personally, us iPhone users like not having 10 different, mostly ****** apps for paying for stuff, and love having it all available and ready in one good, safe app that works across all Apple devices. Apple Pay being the only form of payment is probably the reason why banks even get up off their asses to get support for Apple Pay, which benefits us, users.
The law shouldn’t be telling companies how they want them to run their business, unless they’re breaking the law - which Apple isn’t.

Fully disagree. If a software solution becomes the dominate (or one of) in a space the law has to follow. If it wasn't for GDPR your data would be a commodity of your life and nothing you could do about it. What a dystopian world that would be ala 1984. So yes, letting companies free wheel is absolutely bad for you, me and every consumer. Apple doesn't want you the best they want the investors best and that does not align with yours. Business 101.

 

[I7guy]

Fully disagree. If a software solution becomes the dominate (or one of) in a space the law has to follow. If it wasn't for GDPR your data would be a commodity of your life and nothing you could do about it. What a dystopian world that would be ala 1984. So yes, letting companies free wheel is absolutely bad for you, me and every consumer. Apple doesn't want you the best they want the investors best and that does not align with yours. Business 101.

Yes, the government wants to force apple to give everybody who has not contributed a dime to the development of iPhone or its software a free ride.

 

[Unregistered 4U]

Its almost you didn’t even have expand that analogy to a solution. How do you think difrent banks communicate with E2EE encryption using different protocols and encryption technology

Your private key is always on your phone and never leave it and unique to your phone.

The public key is what’s shared.
And there is nothing stopping apples iMessaging client to use signals protocol to send to a signal server that goes to the signal app.

Apple doesn’t have your encryption key’s. Your phone does.

Those “boxes” in the middle of those diagrams you posted (note, there’s ONE set of boxes in each). These are from presentations given by each of those technology companies, I presume? As Signal or WhatsApp is talking about THEIR OWN solution, those servers in between each transaction are THEIR OWN servers. “Through a centralized WhatsApp server” as WhatsApp states. And Note, at no time does any of the messages LEAVE the loop between one client, that server, and the other client.

I think you misinterpret the boxes to mean “internet”. That’s not what those means. This is a closed loop with trusted clients and trusted servers owned by the company, no other parties involved. Any additional parties decrease the security because of the need for an intermediary as Apple’s not going to change their encryption method to WhatsApp’s and vice versa.

 

[Sophisticatednut]

Those “boxes” in the middle of those diagrams you posted (note, there’s ONE set of boxes in each). These are from presentations given by each of those technology companies, I presume? As Signal or WhatsApp is talking about THEIR OWN solution, those servers in between each transaction are THEIR OWN servers. “Through a centralized WhatsApp server” as WhatsApp states. And Note, at no time does any of the messages LEAVE the loop between one client, that server, and the other client.

I think you misinterpret the boxes to mean “internet”. That’s not what those means. This is a closed loop with trusted clients and trusted servers owned by the company, no other parties involved. Any additional parties decrease the security because of the need for an intermediary as Apple’s not going to change their encryption method to WhatsApp’s and vice versa.

Not at all.
Apple doesn’t need to change their encryption in any way.
The only thing needed is for iMessage to support WhatsApp or signals protocol, and then send the message to their respective servers depending on what service the recipient uses.
Apple can do this multiple times to other it’s only a question of identifying what messaging app to send to

 

[Sophisticatednut]

Yes, the government wants to force apple to give everybody who has not contributed a dime to the development of iPhone or its software a free ride.

I guess you are against FRAND agreements as well. And that apple was in the wrong for suing Qualcomm for taking out a higher fee than they liked even tho they signed the contract?

 

[RadioHedgeFund]

Now I know you didn't read the article. You're just forming an opinion based on speculation or some sources beyond the scope of the article I referenced and linked to.

As for the "NFC smartphone market not existing before Apple got there"… Wikipedia has a page showing that NFC mobile phones began no later than the Nokia 5140 in 2003, and for smartphones no later than the Nokia C7 in 2010. Apple's first NFC device was the iPhone 6 in September 2014. Apple was rather late to the game, wouldn't you say?

As for the banks preventing a competitor, which I feel I already addressed in my previous reply to you, Australia is a notable leader in contactless payments. The Reserve Bank of Australia (who actually mint the cash and loan money to the banks) released the statistics of how Australians paid in 2019: Only 1/20 transactions are made with mobile phones (i.e. Apple Pay / Android Pay), whilst 4/5 (or comparatively, 16/20) are made with physical contactless debit/credit cards. Based on this information alone, to say the Banks were preventing competition rather than seeking to use NFC technology is a little absurd... Apple Pay has barely made a splash in the ocean of Australian transactions, because Australians had already been using contactless payments for almost a decade before Apple Pay was introduced.

I had this colourful wonder in 2012 and was using NFC tags for all sorts of things as well as pairing to speakers. Payments needed a secure SIM as well as NFC but this was sadly not supported by UK carriers.

Apple didn't create the market but they did at least make it a whole lot less painless. Credit where credit is due.

 

[BaldiMac]

This have been fixed for decades. The biggest hinder is brand lock-in.

Nothing is stopping multiple protocols to exist side by side separately. Nothing stops every conversation to use it’s own uneque public and private key without sharing it with a server or for the server to be able to read it. Apple does it and signal does it etc
View attachment 2001199View attachment 2001200View attachment 2001201

You're just posting how e2e works within a single service. It doesn't support your claim.

Now I know you didn't read the article.

I'm the foremost expert on what I've read, and I know your wrong.

You're just forming an opinion based on speculation or some sources beyond the scope of the article I referenced and linked to.

No, I'm not. I'm basing it on the MacRumors post that you linked to.

As for the "NFC smartphone market not existing before Apple got there"… Wikipedia has a page showing that NFC mobile phones began no later than the Nokia 5140 in 2003, and for smartphones no later than the Nokia C7 in 2010. Apple's first NFC device was the iPhone 6 in September 2014. Apple was rather late to the game, wouldn't you say?

I didn't say NFC didn't exist. Apple certainly didn't invent it. But the market for NFC smartphone payments was negligible before Apple Pay.

As for the banks preventing a competitor, which I feel I already addressed in my previous reply to you, Australia is a notable leader in contactless payments. The Reserve Bank of Australia (who actually mint the cash and loan money to the banks) released the statistics of how Australians paid in 2019: Only 1/20 transactions are made with mobile phones (i.e. Apple Pay / Android Pay), whilst 4/5 (or comparatively, 16/20) are made with physical contactless debit/credit cards. Based on this information alone, to say the Banks were preventing competition rather than seeking to use NFC technology is a little absurd... Apple Pay has barely made a splash in the ocean of Australian transactions, because Australians had already been using contactless payments for almost a decade before Apple Pay was introduced.

So, by these numbers Apple Pay was used in less than 5% of transactions after 2 years. How does that support your claim that they were the real monopoly before they entered the market?

Its almost you didn’t even have expand that analogy to a solution. How do you think difrent banks communicate with E2EE encryption using different protocols and encryption technology

By decrypting the transactions between providers. With messaging, if the message is decrypted when you switch networks, then it's not e2e encrypted.

 

[JKAussieSkater]

So, by these numbers Apple Pay was used in less than 5% of transactions after 2 years. How does that support your claim that they were the real monopoly before they entered the market?

On this, you have a point. I misused the word monopoly. What I really meant was "Apple were unnecessarily restricting the technology customers had purchased in a way that effectively prevents competition with NFC payment services on Apple branded technology".