Germany Passes Law Forcing Apple to Open Up iPhone's NFC Chip to Apple Pay Rivals, But Loophole May Exist

[bviktor]

That's wonderful, now banks can finally say "we won't support Apple Pay, here, take our own wonderful app for your payments". Much like they already do with Google Pay. Oh you want to pay with a Watch or a Mac? Without LTE? Oh, too bad for you. We'll do it someday! Or maybe not, because our incompetent devs can't even support our mobile app properly. Oh you want a second card from a different bank? Well then, install their app too! More cards? Rinse, repeat!

Dreadful. All in the name of bank lobbyendorsing market competition.

And the best part is that the banks' biggest concern is fees. You know how much an Apple Pay transaction costs to a bank? A few basis points. That's what all the fuss is about. About a few hundredth of a percent.

And WHAT ON EARTH does all this have to do with money laundering to begin with?? What a bunch of hypocrites.

 

[weckart]

That's wonderful, now banks can finally say "we won't support Apple Pay, here, take our own wonderful app for your payments". Much like they already do with Google Pay. Oh you want to pay with a Watch or a Mac? Without LTE? Oh, too bad for you. We'll do it someday! Or maybe not, because our incompetent devs can't even support our mobile app properly. Oh you want a second card from a different bank? Well then, install their app too! More cards? Rinse, repeat!

Dreadful. All in the name of bank lobbyendorsing market competition.

And the best part is that the banks' biggest concern is fees. You know how much an Apple Pay transaction costs to a bank? A few basis points. That's what all the fuss is about. About a few hundredth of a percent.

And WHAT ON EARTH does all this have to do with money laundering to begin with?? What a bunch of hypocrites.

Take your money elsewhere, then. No shortages of banks.

 

[bsolar]

That's wonderful, now banks can finally say "we won't support Apple Pay, here, take our own wonderful app for your payments".

Note that the EU has those practices on the radar:

In a SEPA for cards, a number of impediments would be abolished, including: (i) a lack of interoperability between cards and terminals, (ii) limitations on merchants accepting certain cards, and (iii) cardholders being confused by different payment experiences across Europe.

 

[lartola]

There is Android out there and many other paying options working with the same checkout terminals as Apple Pay does.
Apple as a manufacturer is offering an option for their customers, that’s all or isn’t it?
I just hope it is possible to put in another nfc chip in future iPhones so I keep the option to only share my data with the company I chose (Apple) and no one else will be able to access the same chip.

You, like many others here, are confusing apples with oranges. The NFC chip DOES NOT STORE ANY DATA. it’s just a transmitter/receiver of data, and it can be used for other things such as connecting to gym equipment to share workout data (Apple’s gymkit feature) or to share files (Android’s tap one phone with another feature is an example of this) not just payments, so access to it by 3rd party apps can be allowed without any security risk and Apple already did some of that in iOS 13, but they still left out payment apps. Apple Pay payment data is stored in a different chip, which apple calls the SECURE ENCLAVE and is independent from the NFC, so access to it can and should remain locked away from 3rd parties.

 

[I7guy]

You, like many others here, are confusing apples with oranges. The NFC chip DOES NOT STORE ANY DATA. it’s just a transmitter/receiver of data, and it can be used for other things such as connecting to gym equipment to share workout data (Apple’s gymkit feature) or to share files (Android’s tap one phone with another feature is an example of this) not just payments, so access to it by 3rd party apps can be allowed without any security risk and Apple already did some of that in iOS 13, but they still left out payment apps. Apple Pay payment data is stored in a different chip, which apple calls the SECURE ENCLAVE and is independent from the NFC, so access to it can and should remain locked away from 3rd parties.

It seems like Apple doesn’t want to open the NFC chip to unverified third party financial applications.

 

[Lalatoon]

It seems like Apple doesn’t want to open the NFC chip to unverified third party financial applications.

Remember Apple curates all application that is in the App Store.

And besides what does unverified third party financial means - does that mean Samsung Pay or Google Pay needs verification from Apple

This has nothing to do with NFC and its security protocol. Its all about Apple Pay and its competition.

In the simplest way, Apple doesn't want competition with its Apple Pay and unfortunately for them that practice is not allowed in Germany. Like in China and Hong Kong, if they want to remain in business in Germany then they have to follow the local laws

 

[falainber]

It seems like Apple doesn’t want to open the NFC chip to unverified third party financial applications.

Which makes no sense. Unverified third party financial applications can work without NFC just fine. At most Apple can make them less convenient. Third party apps on Android (like PayPal and Venmo) work with NFC just fine and everyone is happy. Apple customers, on the other hand, have to rationalize why they do not have similar services. And such rationalization is not easy because it should put blame on anyone but Apple.

 

[Johnny Appleseed's Mom]

Apple really expects us to believe they dont have the capability to protect customer data with other bank pay options? That implies they are incapable at a high level. It's monopolistic behaviors like this that slow progress and increase societal demand to break up big tech

 

[sir1963nz]

why would anyone even want to use anything other than Apple Pay?

Because Apple Pay is not supported in all countries or by all banks.

Because my Credit card has a NFC chip in it that I can tap and go too, and its not proprietary .The same standard is used by pretty much all banks.

Because Apple dumps stuff (wifi access points, printers, servers, etc etc) banks have far more incentive to stay and improve.

Because my bank is local and has legal responsibilities to the market, they are no hidden away in the USA not paying local taxes.

Because if I go to the USA customs won't snoop into my Credit Card, but they may take my phone off me.

Because pulling my wallet out and flopping it onto the card reader does not require my finger print or me to look at my phone

Because I can use my phone to translate the local language for an item while I pay for it, I can also be using my phone as a phone while paying.

Because my Credit card does not force me to outlay a huge sum of money just to do what my credit card does for free

 

[I7guy]

Remember Apple curates all application that is in the App Store.

And at this time, they are not curating apps that make open use of the NFC, except for some verified apps.

And besides what does unverified third party financial means - does that mean Samsung Pay or Google Pay needs verification from Apple

They will never run IOS.

This has nothing to do with NFC and its security protocol. Its all about Apple Pay and its competition.

In the simplest way, Apple doesn't want competition with its Apple Pay and unfortunately for them that practice is not allowed in Germany. Like in China and Hong Kong, if they want to remain in business in Germany then they have to follow the local laws

Maybe they don't want any app except apple pay, and other verified apps, due to the sensitivity of ones financial information. They get to call the shots. As to whether they follow the local laws as you think they will be doing is really up for debate.

Which makes no sense. Unverified third party financial applications can work without NFC just fine. At most Apple can make them less convenient. Third party apps on Android (like PayPal and Venmo) work with NFC just fine and everyone is happy. Apple customers, on the other hand, have to rationalize why they do not have similar services. And such rationalization is not easy because it should put blame on anyone but Apple.

Which, apple customers are rationalizing anything? That's just unfortunately seems to be the generic hyperbolic MR type of observation. What exactly are apple customers missing? Samsung pay?

 

[ksnell]

There is Android out there and many other paying options working with the same checkout terminals as Apple Pay does.
Apple as a manufacturer is offering an option for their customers, that’s all or isn’t it?
I just hope it is possible to put in another nfc chip in future iPhones so I keep the option to only share my data with the company I chose (Apple) and no one else will be able to access the same chip.

Correct me if I am wrong but wouldn't an NFC SDK sandbox each application? I am not a developer but I think they are much more separated than you are making it seem. Otherwise you would need two CPUs, two cellular radios, etc.

 

[Tech198]

Just disable Apple Pay in Germany and let the 20% of phone users complain to the elected officials. See how long the legislation lasts.

I have speakers that use NFC. Would I like Apple to enable connection with a tap? Yes. Not having isn't a deal breaker. Most times tapping takes longer than going thru a menu and choosing a Bluetooth speaker.

You buy an Apple device and you get the functionality listed. Don't like it? Buy something else. Your choice.

That would be the easier option.. If you can't fix it, break it.

 

[lartola]

Maybe they don't want any app except apple pay, and other verified apps, due to the sensitivity of ones financial information.

For the 1000th time OPENING ACCESS THE NFC DOES NOT COMPROMISE ONES FINANCIAL INFORMATION, because Apple Pay does not store actual account information on the device and the information it does store, the device account number, is located in a different chip that Apple calls the secure enclave. DON’T INSIST ON USING THAT ARGUMENT TO JUSTIFY APPLE’S BEHAVIOR. If opening access to the NFC did compromise financial information, Apple wouldn’t have allowed 3rd parties to access the NFC chip at all, and they do allow 3rd parties to access it starting in iOS 13 for everything but contactless payments.
[automerge]1574041495[/automerge]

It seems like Apple doesn’t want to open the NFC chip to unverified third party financial applications.

First of all, what the heck are unverified 3rd party applications? apple verifies everything that’s uploaded to the appstore. Second, if Apple were worried about an app compromosing security in any way they would simply reject it and not allow it to be listed in the Appstore.

 

[I7guy]

For the 1000th time OPENING ACCESS THE NFC DOES NOT COMPROMISE ONES FINANCIAL INFORMATION, because Apple Pay does not store actual account information on the device and the information it does store, the device account number, is located in a different chip that Apple calls the secure enclave. DON’T INSIST ON USING THAT ARGUMENT TO JUSTIFY APPLE’S BEHAVIOR. If opening access to the NFC did compromise financial information, Apple wouldn’t have allowed 3rd parties to access the NFC chip at all, and they do allow 3rd parties to access it starting in iOS 13 for everything but contactless payments.

Such a hyperbolic post. I don't have to justify anything. I am discussing my viewpoint on the matter. So I'll say it again. Apple probably doesn't want unverified third party apps using the iphone NFC for financial transactions. I'm only guessing here, but you don't know apples decision process on this, only second guessing them.

 

[lartola]

Such a hyperbolic post. I don't have to justify anything. I am discussing my viewpoint on the matter. So I'll say it again. Apple probably doesn't want unverified third party apps using the iphone NFC for financial transactions. I'm only guessing here, but you don't know apples decision process on this, only second guessing them.

1) What exactly do you mean by unverified 3rd party apps? there is no such thing because apple verifies everything submitted to the Appstore.

2) Apple did open up 3rd party access to the NFC chip in iOS 13. If it compromised anyone’s financial information, they wouldn’t have done that. They would have left the NFC completely locked just as it used to be before iOS 13.

 

[I7guy]

1) What exactly do you mean by unverified 3rd party apps? there is no such thing because apple verifies everything submitted to the Appstore.

Apple can only verify certain things about the app, hence the hoopla about tracking software in ios apps. Unverified to me means a Samsung Pay type of app, which could use the NFC to enter unauthorized transactions.

2) Apple did open up 3rd party access to the NFC chip in iOS 13. If it compromised anyone’s financial information, they wouldn’t have done that. They would have left the NFC completely locked just as it used to be before iOS 13.

Yes, some very limited circumstances, including the MTA. I doubt the MTA will compromise anyone's financial information.

 

[falainber]

Which, apple customers are rationalizing anything? That's just unfortunately seems to be the generic hyperbolic MR type of observation. What exactly are apple customers missing? Samsung pay?

Plenty of people in this thread are looking for rational for Apple restrictions. Samsung Pay is indeed better than Apple Pay but this goes beyond the NFC thingy. iPhone users are missing the ability/convenience of being able to use NFC for things like PayPal, Venmo and plenty of other payment and money transfer services. Other people also mentioned public transportation passes that can't work with iPhones (where Apple Pay is accepted as a payment for one fare but not as a permanent pass).

 

[lukecaan]

I have to admit, although I'm not too worried about them opening up the payments side of things I wish they would open up the NFC chip so that my public transport card can get put on my apple wallet. It's not a proper wallet until I can get my ID and my Transport card on it, then I'm a happy customer. Android users in my city have this available to them and it's god damn annoying

 

[IGI2]

Yes. If they felt that would generate the best customer experience, they should be able to do that. Customers have a choice to buy or not to buy their product. If they do not agree with Apple's decision, they have choices. Given that Apple's market share in Germany is about 25%, it seems that it is pretty easy for people to choose other options.



It is a component integrated with the Secure Enclave, that Apple built. The customer did not pay for the NFC chip, they paid for the product that Apple sold them. Apple is clear about this upfront and if people do not like their decisions, they have options.



Again, if Apple disclosed that before people purchased the devices, unless they have a monopoly position (in the actual market of smart phones, not iPhones), that is between them and the market.

Again, I am not advocating that they do these things, just arguing that your position is flawed. Apple sells a complete package that most Apple users like. Forcing them to open every component costs resources and introduces potential security issues that does nothing to benefit most of their users and actually harms them.

Truer words were never spoken.

 

[bsolar]

Again, if Apple disclosed that before people purchased the devices, unless they have a monopoly position (in the actual market of smart phones, not iPhones), that is between them and the market.

It's not necessary to be a monopoly, just to have a "position of strength" in the market, namely a "dominant position".

There is not a clear definition of "dominant position": I believe Apple is definitely in a "position of strength" and it's definitely using it to stifle competing products and services on their platform - potentially legitimately!

I doubt with the "traditional" interpretation these practices are illegal since Apple's position is strong but not so that it can be considered "dominant", the ballpark guideline figure being 40% market share (definitely much more than Apple's).

This is IMHO the reason the EU is grumbling since a good while but didn't do much: they have "something", but no clear-cut case. The EU could argue the 40% share figure is only a guideline and non-binding and proceed against Apple, Apple would definitely dispute them being dominant and would have arguments supporting that too.

It's the reason I believe it's in the best interest of Apple to find a compromise, since if the EU finds itself unable to enforce the policies they want, they are likely to decide the current antitrust regulation is in need of an extension...

 

[manu chao]

Yes. If they felt that would generate the best customer experience, they should be able to do that. Customers have a choice to buy or not to buy their product. If they do not agree with Apple's decision, they have choices. Given that Apple's market share in Germany is about 25%, it seems that it is pretty easy for people to choose other options.

Should Apple also be able to block, eg, Spotify or Fitbit or Netflix? In this case, Spotify is a very good example. Your 25% market share argument would say that Apple should have the right to block Spotify as people clearly have the option to use Android if they want to use Spotify (instead of Apple Music). But it should be clear as day that competition between Spotify and Apple Music on iPhones puts pressure on both services to improve their offerings.

 

[manu chao]

It's not necessary to be a monopoly, just to have a "position of strength" in the market, namely a "dominant position".

There is not a clear definition of "dominant position": I believe Apple is definitely in a "position of strength" and it's definitely using it to stifle competing products and services on their platform - potentially legitimately!

I doubt with the "traditional" interpretation these practices are illegal since Apple's position is strong but not so that it can be considered "dominant", the ballpark guideline figure being 40% market share (definitely much more than Apple's).

This is IMHO the reason the EU is grumbling since a good while but didn't do much: they have "something", but no clear-cut case. The EU could argue the 40% share figure is only a guideline and non-binding and proceed against Apple, Apple would definitely dispute them being dominant and would have arguments supporting that too.

It's the reason I believe it's in the best interest of Apple to find a compromise, since if the EU finds itself unable to enforce the policies they want, they are likely to decide the current antitrust regulation is in need of an extension...

Without some antitrust pressure in other areas at that time, Microsoft might have snatched up Google early on. Imagine where we would be if Google search and Android would be part of Microsoft today.

The question of monopoly or dominant position always depends on how you define the market. If you define the market as contactless payments on Apple devices, Apple's position is clearly a monopoly at the moment or at least a dominant position.

 

[NightFox]

Yes, because crafting a new law to specifically target a single company doesn't sound like "vendetta" at all.

But a specific new law would be unavoidably applicable to everyone, rather than just pulling an arbitary law out of the statute books whenever the government has a specific company in its sights.

 

[GalileoSeven]

For the 1000th time OPENING ACCESS THE NFC DOES NOT COMPROMISE ONES FINANCIAL INFORMATION, because Apple Pay does not store actual account information on the device and the information it does store, the device account number, is located in a different chip that Apple calls the secure enclave. DON’T INSIST ON USING THAT ARGUMENT TO JUSTIFY APPLE’S BEHAVIOR.

Are you honestly naiive enough to think if the EU can get Apple to open up the NFC, that they'll just stop there??

Yeah, this might not have privacy/security implications, but down the line, something will. Mark my words, this is a slippery slope

 

[bsolar]

Are you honestly naiive enough to think if the EU can get Apple to open up the NFC, that they'll just stop there??

Yeah, this might not have privacy/security implications, but down the line, something will. Mark my words, this is a slippery slope

It's not clear to me what makes you think they wouldn't stop and what are you afraid they would go after. Are you implying the EU would try to open up the Secure Enclave? To which end?

To clarify: I believe there is always danger for authorities to over-extend their power, but this needs to be argued with something more substantial, otherwise it risks being just FUD.