Knowing the EU that would not stop them as they just hate success !
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
EU Officially Objects to Apple Limiting Third-Party Access to Apple Pay NFC Capabilities
- Thread starter MacRumors
- Start date
- Sort by reaction score
Do you know how hard it is to get someone to use different passwords when they have never locked their front door and they leave their keys in the car when they park?
There is a reason for this, if you need to know why then look at how awful and shoddy the security is with Android.
I know you may think that Android is ultra secure but I have news for you....it is not!
I live in the US and I would have to drive farther today to be back to POTS technology but it’s still not farther than 100 miles and I would still be in my home state. And pretty much all the states that surround my state are pretty much the same: a few larger population areas (cities of 15,000-300,000 people or more) with large areas of less than 50 people per square mile where a town of 3500 is considered large. These areas aren’t at the top of the communication technology scale or even close.Credit card companies changed the rules. If a shop accepts a swipe and that swipe is a fraudulent transaction, the shop takes on the burden. Many US companies switched to reading the chip JUST to avoid this (that’s why when you swipe and your card has a chip, it forces the use of the chip).Some have done the numbers and discovered that they don’t have enough fraud to merit switching the entire company over (new hardware, new wiring likely, new training definitely, etc.).
A study DID find, though, that as companies were switching over, the burden of fraud was shifting from the chip enabled companies to those that hadn’t switched yet. Which, of course, then accelerated those companies path towards the chip readers.
BTW, chip-and-PIN was needed outside the US because while the US has had "real time transactions," for some time (meaning merchants immediately sent off the credit card information to the issuer for verification… and could be declined immediately) in other parts of the world without a telecommunications network like the US, there was a lag between the transaction and when the merchant would send the card information. Meaning, those passing fraudulent card numbers are out of the shop with the goods before the issuer can do anything about it.
How weird. I wonder how the implementation differs to the one in Europe because I remember I was able to use ApplePay anywhere in Europe where it showed "Credit Card" and Apple Pay was not even officially launched in many of those countries at that time. ApplePay seems to have been recognised by the system just like any other tap to pay credit card.
You have a choice then, use iPhone as directed and be more secure or use Android with over 15 different options for NFC and mobile wallets and be less secure.
You do not get to have it both ways, so I would not complain but then I guess some people just have to complain about anything and everything eh?
Well, how we can help EU understand that?
If I wanted a choice in this matter, I would buy an Android.
Neither is iPhone.
On android if the device is not rooted you are safe. But if you root and are stupid then your ****ed
On an iPhone the equivalent is... a profile.
News flash you can sideload apps with a random profile? or install some add profile or people follow and instlal profiles for some stupid reason.
a profile can track, read messages, view your screen, access your data and even impose limitations on the iphone.
Aka Device security is up to the user.
You can not make a device secure unless you restrict a user from doing stuff like...... installing profiles on an iphone.
The other thing is apple cites security.... So what's the security risk for the payment api? The payment API would only expose that particular app that a 3rd party would make to use it..
Or is apple saying the security is so **** on an iPhone that allowing anyone else to use Payment fva NFC would expose all payment information on the entire device. aka indicating apple has no security around payment info and only protects stuff by not letting people use it.
Which is ****in horrible. When using an api other apps calling this API do not need access to anything else on the device or anything else using the same API.
If another app wanted to add NFC payments what security vulnerability is there? Apple would not explain that either.
More like the regulators proving how dumb and shortsighted they are.
Opening up the NFC chip isn't guaranteeing that a security breach will happen, but you can bet real money hackers will shift their focus here (and if/when a breach occurs, the consequences will be damn near catastrophic).
The EU needs to go pound sand and ****.
The EU needs to go pound sand and ****.
So you think that the Play Store is safe then?
How about Dendroid or the more than 850,000 malware apps that have existed to date on the Play Store.
In that case Apple Pay should work on Google Pixel and Samsung Galaxy phones…
In line with a report late last week, the European Commission today officially announced that it has issued a Statement of Objections to Apple over its restrictions that prevent third-party services from accessing the NFC capabilities of the iPhone, thereby restricting competition in mobile wallets on iOS.
The statement is a preliminary view that will need to be confirmed with further investigation before any consequences can be administered, but lays out the direction the investigation is headed.European Commission Executive Vice-President Margrethe Vestager argues that access to NFC is a requirement for viable mobile wallet services at brick-and-mortar locations.Vestager mentions that Apple has cited security as its rationale for not allowing third-party access to NFC, but that regulators' investigation have not found any evidence of that risk.
Article Link: EU Officially Objects to Apple Limiting Third-Party Access to Apple Pay NFC Capabilities
Yeah because the Play Store is perfect and totally safe eh? ?Yeah, we wouldn't want anything like this to happen on iOS: https://9to5mac.com/2021/05/07/emai...os-users-were-affected-by-xcodeghost-malware/
... oh, wait...
Care to explain why there was an exploit for Apple Pay in combination with Visa cards when Samsung Pay in combination with Visa cards was not affected? That exploit was found in 2021 by researchers at the University of Birmingham and University of Surrey, published and peer reviewed. Following your logic, it should have been the other way around... Apple Pay / Visa safe and Samsung / Visa affected and not vice versa.
Not sure what Apple will do in response to this, but maybe they should mention that the NFC standard is just a standardized way for a mobile device to communicate wirelessly with a very-close-by retail payment terminal. There's nothing in the NFC standard that requires any particular mobile device to participate in any particular third-party bank, credit card, mobile wallet, or whatever.
Apple's just using NFC the way it wants to — and following the NFC standard so well that CVS and RiteAid had to shut down NFC on all their registers just to block Apple Pay (back when their CurrentC obligations required them to do so).
Apple's just using NFC the way it wants to — and following the NFC standard so well that CVS and RiteAid had to shut down NFC on all their registers just to block Apple Pay (back when their CurrentC obligations required them to do so).
Apple gets a cut (0.15%) for cards added to Apple Pay and when more users use Apple Pay, Apple can, and will, pressure banks to give a bigger cut because there's no competition on iOS devices.
For people that will say banks are greedy, Apple is also greedy.
Last edited:
Don't move the goalpost, you said iOS is safe because it's closed and when an API is opened up it's not safe anymore. That's clearly not true, as shown by this. There are plenty more such incidents.
There is no system out there that is 100% safe. If you're so worried, care to explain how exactly Apple's high level API that gives basic NFC access would be used to compromise data from a developer point of view? Even if someone who doesn't partner with Apple, you can gain access to it today by simple reverse engineering. You can use something like https://ghidra-sre.org, same way George Hotz did for gaining access to the Neural Engine which is also closed down by Apple.
The security argument is fear mongering at its best, but I understand people doing it. I've said it in another thread so I'm going to quote myself:
Yep, I think things got a little sticky when Apple released their own card, too - not only are they competing with the various other banks (indirectly as the card is issued by Goldman Sachs), but also collecting off the top on transactions. Initially, most banks didn't mind, as Apple Pay being more secure offset potential costs of fraud, but I think it's definitely in a weird place.
On the other hand, I'd really hate it if we got to the point that to use credit card X, you'd need to load a special other app and open that like some of the early NFC payments on Android that weren't in Google Wallet. I'm hoping this leads to options, rather than making the current set up worse for people that like that.
And that is the only reason Apple doesn't want banks to gain access to NFC. They're getting a cut for every transaction and similar to the cut in the App Store, it's huge for them.
That gate issue is on your security vendor as NFC has been open for things like that for the last 5 years. I am able to use my Yubikey NFC with my phone just fine.
The US is a unique beast for payment technology—most small businesses use the little Ingenico, Verifone, etc. terminals that have a number pad for debit PIN and a screen that's usually 2-3" in size. Out of the box, these have all interfaces enabled, so there's a lot of places that Apple Pay works at that don't officially advertise the capability (much like Canada and Europe).
For a lot of big chains, they've used Verifone mx915 or mx925 or Ingenico iSC Touch 250s, which can have custom software loaded on (usually larger, color screens with advertising or loyalty programs and such). As some of this dates back to before contactless was popular (since we're a country that hung on to magstripe way too long), a lot of these terminals were set up with contactless disabled and getting it enabled with the custom software can be a pain.
There's also retailers like Walmart or Kroger that are against making it easier to use credit cards in any way (they begrudgingly take them, but would much rather encourage you to use their payment system, ideally with a debit card so they can avoid the higher interchange fees and scrape some data about your purchase). Finally, Home Depot had contactless enabled in the early days of Apple Pay, but it didn't work reliably on one card network (I think it was Mastercard?) and instead of fixing it, they disabled it for everyone.
In reality, no merchant needs to do anything special in the US to support Apple Pay/Google Pay/NFC/etc., but some have been actively working against it for various stubborn political reasons and that's the "unique to the US" issue.
It’s embarrassing that Walmart and Home Depot don’t support tap to pay. My little independent liquor store can support it but not these big box retailers? If Target and most grocery stores can then Walmart and Home Depot can too.
You do know that credit card companies easily get 2%+ on all transactions plus a per-transaction fee, right? Greedy, greedy Apple, charging a fraction of that!
The way some talk you’d think iOS devices shouldn’t have a web browser because that wouldn’t be secure enough.