Germany Passes Law Forcing Apple to Open Up iPhone's NFC Chip to Apple Pay Rivals, But Loophole May Exist

[swm]

Making the NFC capability available to third parties does not necessarily threaten the security of your data though.

not really. now the entire phone ecosystem, incl. the operating system and their secure enclaves are trusted to a single entity. if that entity is compromised, your entire data on that device is compromised. so that is a huge amount of trust.

now if any bank can access the NFC subsys with its own app, you just open up the possibilities for infiltration. if the banking app is compromised, your data on that part is defenseless. if the OS ecosystem is compromised, the same applies.

but i give your this: it is enough to have one bogus NFC-capable app to basically get access to any NFC capable peripherals. so in theory the device can just try to interact with its surroundings without you knowing. is this impossible? absolutely not: developers are smart, they already found many ways to overcome certain artificial limitation to the various privacy subsystems. due to the sheer numbers apps get submitted to the app store (of any other platform) sooner or later one will pass through. one should never ever allow any low-level access to hw.

also - albeit this is just a totally convenience issue - i have no idea how a phone, which is capable to host multiple NFC-capable wallet apps will react if its getting near to a terminal. with apple wallet, you can just choose one from the many cards you registered there as default. if there are 'competing' apps from multiple different banks, what happens then? who'll be the first?
[automerge]1574081699[/automerge]

The future isn’t government micro-regulating the tech industry either.

something tells me that this ruling is in favour of the banks and not the customers. god they must be pissed they have to give a cut to apple to be able to get access to the desirable customer base.

 

[Lalatoon]

Apple can only verify certain things about the app, hence the hoopla about tracking software in ios apps. Unverified to me means a Samsung Pay type of app, which could use the NFC to enter unauthorized transactions.


Yes, some very limited circumstances, including the MTA. I doubt the MTA will compromise anyone's financial information.

Im confused... what is NFC unauthorized transactions? Try reading this one its short but its informative...

What is NFC and how does it work? Everything you need to know

NFC, or near-field communication, is a wireless standard that enables contactless payments, keyless entry, and more.

www.androidauthority.com

 

[Romeo_Nightfall]

It's not clear to me what makes you think they wouldn't stop and what are you afraid they would go after. Are you implying the EU would try to open up the Secure Enclave? To which end?

To clarify: I believe there is always danger for authorities to over-extend their power, but this needs to be argued with something more substantial, otherwise it risks being just FUD.

what substance do You need? Government around the world are openly fighting encryption, guess why? They just want to now everything. Substance enough? I don’tlike Apple anymore under Hollywood Tim, but at least their things still work and are relatively save.
i stand here fully with Apple not to let the stupid banksters rob my iPhone!

 

[bsolar]

what substance do You need? Government around the world are openly fighting encryption, guess why? They just want to now everything. Substance enough? I don’tlike Apple anymore under Hollywood Tim, but at least their things still work and are relatively save.
i stand here fully with Apple not to let the stupid banksters rob my iPhone!

There is actually no payment information in the Secure Enclave authorities cannot get already...

The Secure Enclave and the tokenisation Apple Pay employs ensure the Primary Account Number are not provided to the merchant so that the merchant cannot abuse it, but the bank clearly has this information. If the authorities are after your payment history they will just ask your bank like they already can do.

 

[bsolar]

now if any bank can access the NFC subsys with its own app, you just open up the possibilities for infiltration. if the banking app is compromised, your data on that part is defenseless. if the OS ecosystem is compromised, the same applies.

This objection doesn't make sense in the face of Apple itself actually allowing third-party applications access to NFC capabilities for specific app categories already. Apple does allow these apps, so Apple must believe this risk of "infiltration" is not relevant enough.

Granted, I doubt these apps have special access to the Secure Enclave, but so would a third-party payment app.

 

[nightflight82]

You can do those things as of iOS 13. Your office and the metro need to support loading your details into the iPhone before you can use NFC. Blame them, not Apple.
[automerge]1573944658[/automerge]


Tokenisation absolutely benefits you in bricks and mortar stores as this is where most of the skimming occurs; at compromised terminals. Tokenisation allows a single transaction only per token and all your credit card details are kept private. Non tokenised transactions send all your CC details to the terminal which is what allows skimming to happen in the first place.

I am sure banks and retailers have enough security of their own..not saying it cant happen but there is always a risk. from apples part possible an overkill... My bank at least if there is any unauthorised charge would refund it straight away..

 

[bandalay]

Since the security is all software, that would make it difficult to argue that it would put security at risk...

Oh, but it's not…

Apple Pay security and privacy overview – Apple Support (AU)

See how your Apple Pay personal and payment information and transaction data is protected.

support.apple.com

 

[I7guy]

Im confused... what is NFC unauthorized transactions? Try reading this one its short but its informative...

What is NFC and how does it work? Everything you need to know

NFC, or near-field communication, is a wireless standard that enables contactless payments, keyless entry, and more.

www.androidauthority.com

An unauthorized transaction is a transaction you didn’t ask the third party app to make.
[automerge]1574094535[/automerge]

Plenty of people in this thread are looking for rational for Apple restrictions. Samsung Pay is indeed better than Apple Pay but this goes beyond the NFC thingy. iPhone users are missing the ability/convenience of being able to use NFC for things like PayPal, Venmo and plenty of other payment and money transfer services. Other people also mentioned public transportation passes that can't work with iPhones (where Apple Pay is accepted as a payment for one fare but not as a permanent pass).

Plenty of people also understand that not everything does everything. Samsung pay may indeed not be better than Apple Pay as I can use Apple Pay for online purchases.

iPhone users can use Venmo, et al so I’m not sure what that is all about. Plus Apple is enabling the iPhone for use with public transportation and that has already started.

 

[adnbek]

I find it kind of humorous that my list of blocked users regularly chimes in with asinine comments like the one you responded to.

I don’t understand how macfacts hasn’t been banned yet. It’s clear he is trolling (in many many threads mind you) and isn’t that against the forum rules?
[automerge]1574098544[/automerge]

Better question, why would anyone be against having the option of using something other than Apple Pay?

Because having everything in one app is better for the user. If this law were to be passed and enforced, expect every service that uses NFC to launch their own app instead. Having all your cards and passes in one place is way better than the clusterf*** of apps you’ll end up needing to accomplish the same tasks.
[automerge]1574098752[/automerge]

apple really wants it's 30% cut of each sale

Apple doesn’t take 30% on Apple Pay transactions. Do your research.

 

[Amazing Iceman]

I think that is great idea. Forcing Apple let use install Android on their iPhone. I would love Android on iPhone... And Hackintosh has already existed (and it isn't like Apple never allowed Mac runs on comptiable hardware before)

Android is crap; every time I have to support someone trying to get something working simple on Android, I realize how crappy it is. And each vendor adds their own share of crap to it. So running Android on an iPhone will not make Android better.

Hackintosh is a hack, illegal under the macOS EULA terms. But I would like to see it become a possibility without having to use a hack.

 

[bsolar]

Because having everything in one app is better for the user. If this law were to be passed and enforced, expect every service that uses NFC to launch their own app instead.

The law would not prevent users to stick with Apple Pay if they so wish.

This would only be an issue if payment terminals start to discriminate applications, e.g. blocking some apps or only accepting others, "forcing" users to forfeit this or that app to pay at this or that merchant. The EU has already on its agenda to make such arbitrary limitations illegal though, since they intend NFC payments to be standard.

Furthermore, what if the "one app" sucks or is limited compared to what competitors offer, or has different features? It's s true that choice is a double-edged sword, but so is lack of choice.

 

[tranceme]

There is freedom of choice. People who do not like ApplePay can buy other devices. If they provide a better customer experience, and Apple lost business over it, they would be forced to change. In Germany, Apple's iPhone as under 25% of the market. That seems like people have a pretty easy option (which over 75% of users have exercised).

Finally someone making sense.

 

[LovingTeddy]

Android is crap; every time I have to support someone trying to get something working simple on Android, I realize how crappy it is. And each vendor adds their own share of crap to it. So running Android on an iPhone will not make Android better.

Hackintosh is a hack, illegal under the macOS EULA terms. But I would like to see it become a possibility without having to use a hack.

I don’t care if you think Android is crap. I like Android and it suit my needs. I would like to install Android on my iPhone and get ride of iOS all together. But that is something next to impossible. So I just went grab Android phone along side my iPhone.

I have been doing hackintosh few year ago. But I gave up, I went back to dual boot Windows 10 and Linux Mint.

 

[lartola]

apple really wants it's 30% cut of each sale

On Apple Pay transactions Apple only gets 0.15% of the fee the bank charges merchants for accepting Visa, Mastercard, etc. The 30% cut Apple gets is in the appstore from app purchases and subscriptions, not from Apple Pay transactions. Don’t confuse apples with oranges.
[automerge]1574116228[/automerge]

There is freedom of choice. People who do not like ApplePay can buy other devices. If they provide a better customer experience, and Apple lost business over it, they would be forced to change. In Germany, Apple's iPhone as under 25% of the market. That seems like people have a pretty easy option (which over 75% of users have exercised).

Yeah, for those buying their first-ever smartphone there is total freedom of choice. For those who already made that choice in the past and are now unhappy with it, however, it’s not so easy to switch once they’re already in one ecosystem where they’ve purchased movies, music and/or tv, subscribed to services such as cloud storage and magazines or even have a credit card.

It’s just like in the early days of cellphones in the US, back in the 2000s. There was total freedom of choice when you bought your first phone, but when you already had service you were pretty much captive with your carrier because it was very hard to switch carriers if you weren’t satisfied with the service since, besides having to wait until the contract expired, at that time all the phones were carrier branded and locked up to the carrier whose brand they bore so switching carriers always meant having to buy a new handset. Not to mention that before portability existed, customers also had to get a new phone number when changing carriers.

 

[Wildblood]

if they don't support Apple Pay, they don't support any phone payment as far as I see... all Apple Pay is is a way to use your credit card of choice without having the physical card on you. its not like there's some other factor for choice

Germany is a major cash country. Just try to end a day without cash! Google Pay on iPhones will be used by 2 people everyday. I don’t understand the rush.

 

[dsut4392]

Better question, why would anyone be against having the option of using something other than Apple Pay?

Because if banks are able to develop their own NFC payment apps, they will do that INSTEAD OF supporting Apple Pay. In Australia, three banks brought a similar case in our courts, which thankfully failed. Each of those banks had refused to allow Apple Pay with their cards (I had accounts with two of the three) until their court case failed.

Far from increasing competition, opening up NFC to the banks' own apps would have been a barrier (inconvenience factor) to competition because I would have had to have a separate app for each bank and choose between them at the time of payment. Apple pay on the other hand easily lets me choose between cards from both my local banks plus Amex without having to switch to separate apps. I haven't routinely carried my wallet in over a year because contactless payment is ubiquitous here. About the only thing I use cash for nowadays is paying the babysitter.

 

[HeadphoneAddict]

I don’t understand how macfacts hasn’t been banned yet. It’s clear he is trolling (in many many threads mind you) and isn’t that against the forum rules?
[automerge]1574098544[/automerge]


Because having everything in one app is better for the user. If this law were to be passed and enforced, expect every service that uses NFC to launch their own app instead. Having all your cards and passes in one place is way better than the clusterf*** of apps you’ll end up needing to accomplish the same tasks.
[automerge]1574098752[/automerge]


Apple doesn’t take 30% on Apple Pay transactions. Do your research.

The last number I read online was Apple only gets 0.15% of each Apple Pay transaction performed when other bank's credit cards are being used.

 

[lartola]

Far from increasing competition, opening up NFC to the banks' own apps would have been a barrier (inconvenience factor) to competition because I would have had to have a separate app for each bank and choose between them at the time of payment. Apple pay on the other hand easily lets me choose between cards from both my local banks plus Amex without having to switch to separate apps. I haven't routinely carried my wallet in over a year because contactless payment is ubiquitous here. About the only thing I use cash for nowadays is paying the babysitter.

You can say that because you were lucky that Australia was one of the first countries to have Apple Pay outside the US, but look at the millions of people who live in countries where Apple Pay is still unsupported after five long years. If Apple hadn’t locked up the NFC chip, those iphone owners would already be using their iphones to make NFC contactless payments with their bank’s app. Because Apple locked it up, they’re basically stuck with old school payment methods such as cash and physical cards until their local banks reach an agreement with Apple (which may never actually happen) unless they switch to Android, which is not always as easy to do as some people in these forums make it sound.
[automerge]1574131358[/automerge]

The last number I read online was Apple only gets 0.15% of each Apple Pay transaction performed when other bank's credit cards are being used.

Yeah, but it’s still a bit of a speculation. We don’t know for sure, since Apple keeps everything top secret. Nor do we know what fees the other big techs such as Google or Samsung charge the banks (some people claim they don’t charge any, but I believe that’s rather naive: if they charge no fees then what‘s in it for them? how do they profit from people using their mobile wallet?)

 

[Abazigal]

Better question, why would anyone be against having the option of using something other than Apple Pay?

I guess my issue is that this doesn’t have to be an antitrust case to begin with. On some level, I am fine with German regulators declaring that a widely-deployed NFC standard for smartphones would be good for the country and that all smartphone vendors have to comply. There is really no need to try to justify this by claiming that Apple is acting in an unfair or monopolistic manner, and have all this debate in the first place.

Whether we agree with it or not would then be immaterial, because it’s now their country, their rules. And it’s clearly worked with China, so...

 

[I7guy]

You can say that because you were lucky that Australia was one of the first countries to have Apple Pay outside the US, but look at the millions of people who live in countries where Apple Pay is still unsupported after five long years. If Apple hadn’t locked up the NFC chip, those iphone owners would already be using their iphones to make NFC contactless payments with their bank’s app. Because Apple locked it up, they’re basically stuck with old school payment methods such as cash and physical cards until their local banks reach an agreement with Apple (which may never actually happen) unless they switch to Android, which is not always as easy to do as some people in these forums make it sound.
...

This is no different than android pay or google pay where google has to work with the banks on a country by country basis in the same way that apple has to work with the banks. The only difference is Samsung Pay, which is limited to a subset of Samsung phones, but still subject, at times, to entering a PIN if needed.

 

[PBMB]

I don't see why Apple Pay and the like are a big deal. Banks provide us with cards that work without contact for years now. They are much more simple to use in a store than a phone.

 

[ericwn]

Truer words were never spoken.

So with an iPhone I shouldn’t be able to use it as a token or use nfc for anything but Apple Pay? What a wonderfully silly idea. Neither me nor the majority of other customers bought iPhone in the know of this restriction.

Pointing to other manufacturers and say go there is hardly a professional solution. The chip can easily be used for more than it is and it’s not for reasons only Apple know.

Microsoft had to open their system to let other browsers in. Nobody told these people to just buy a Mac if they want a different software.

Provide options is the customer friendly approach.

 

[ericwn]

Now do you guys understand why the UK is leaving the EU? ... Germany is essentially the capital of this horrific regime and unfortunately silly notions like this tend to spread like Californian wildfires regardless of the messes they cause. Example: the euro..

Oh no a government interfering with a corporation’s attempts to limit consumer options.

Yeah it’s looking great for the UK with all the bright guys in charge now.

Joke of the day.

 

[bobob]

I don't see why Apple Pay and the like are a big deal.

Security.

Banks provide us with cards that work without contact for years now. They are much more simple to use in a store than a phone.

Simpler?

 

[PBMB]

Security.

I don't see how a debit card is less secure during transactions.

Simpler?

Yes. You just get your card out and touch the terminal. There is no simpler than this. If the amount payed exceeds some limit, you just type the four digit code of the card.