German Govt to force Apple to open NFC

The “tag” is in the app, it is generates a unique token every time it is used, based on a unique private key in the app, just like ApplePay and normal debit and credit cards. The bank has the public key and can therefore decipher the transaction. The app is called using a URI, similar to http(s) for web, ftp for file transfer, mailto for mail etc. The URI say “open the payment app and give it this transaction information”, all the OS has to do is open the default payment app (if one isn’t active). It is a standard and open protocol that every payment terminal has to understand (I think retailers have another couple of months to get their terminals changed to NFC compatible, but I only know of 1 hairdresser who doesn’t have an NFC capable terminal around here).

As above, it is standard URI based, using an open standard. One of the beauties of the thing is that it is fairly anonymous, only the banking app and the bank know about the transaction - and then the bank only knows what the amount is and who the recipient is, there is no transfer of individual items on the bill, just the total. Machine learning to decide which app to open would break this trust.

They only have a small percentage of the smartphone market, worldwide, so it can’t be seen as anti-trust. The best that can be hoped for is that it is anti-competitive, but they have managed to weedle out of that so far - just look at the browser situation on iOS, you can install other web browsers, but click on a link in another application, your web browser doesn’t open, Safari opens.

With the law being ratified at the moment, Apple would have to comply, at least in the area of NFC payment transactions.

Not really, banks and other smartphone manufacturers have several years of proof that the system is secure - heck ApplePay uses the same system. The only possible problem is if Apple doesn’t let the apps store their private keys in the secure enclave, they would have to take care of ensuring it is properly encrypted at rest on the device.

Likewise, if the iPhone has been rooted with CheckRa1n, there is a possibility that another app could read the key, but the banking apps are generally secure and won’t install on rooted Android devices by default.

Identifying who it’s from, though, in that transactional info/handshake, would give users a leg-up inthat even their 1st encounter with a given tag could be triaged by their own on-device preferences. Without it, my scenario still holds, but each new tag would require 1-time triage by the user.

But identifying the other party to the user’s device doesn’t have to mean itemized details, so I don’t see how that’s true.

Monopoly is assessed and enforced by jurisdiction, though, regardless of the situation globally. Safari as default I’m fine with, but they should give you the choice of changing the default for a given file type, just like they do on Mac OS. It’s absurd to me they’re fighting this battle on mobile for absolutely no good reason! If they’re not careful they’ll end up as bad as Microsoft was with Explorer back in the 90’s even if they never have as much market-share inthat their apps could freeze out newcomer apps which seek to operate beyond Apple’s own platform in much the way Netscape Navigator sought to operate on The Internet rather than just Windows, and couldn’t succeed because Microsoft’s dominance meant even 100% market share outside Windows wasn’t enough to get established with legitimate opportunities an open market should have afforded them.

That’s exactly the kind of thing I meant :wink:

There is no “tag”, as such, both ends are intelligent and provide unique, PFS encrypted transaction information.

The phone, and therefore, theoretically Apple, Google, Samsung, Huawei etc. would then have information about which establishments you have met. Without opt-in, that would be illegal over here.

As I said earlier in the thread, the German attitude to privacy and spying on people is worlds apart from what the US and some other countries find acceptable. They have a long and terrifying history of being tracked and spied upon in the 20th Century. What the Stasi collected is really eye-opening and terrifying, considering they didn’t have the Internet and the resources of Google & Co. They were the real masters of profiling an entire population, until Silicon Valley got involved. If you ever find yourself in Berlin, a visit to the Stasi archive is a real eye-opener.

The rest, I more-or-less agree with you.

Oh, so I guess I’m anticipating a level of abstraction that doesn’t exist yet: blockchain could facilitate auditable trails which in conjunction with proper encryption privately could allow users to engage transaction networks like you’re talking about, and choose whether or not to utilize any particular means of payment. This requires no more trust in Apple than the apps you describe being used today hosted on their devices, but has the added advantage that it keeps Apple itself just as in-the-dark as any of the vendors in the system you described, even when using ApplePay.

Yes, that’s how it works

I suspect Apple will say Auf Wiedersehen

So, as @Computeforloot answered, basically you just bring your phone close to the POS (Point of sale) device, and Apple Pay pops up on the screen, then you enter a pin code, or use Touch or Face ID (requires pressing On/Off button twice) to complete the sale. You can have multiple credit or debit cards registered, but you assign one as default, which normally pops up.

Interesting here in Australia. Woolworths is a supermarket chain. They have a membership “club”, which also uses Apple Pay on the iPhone. When you arrive at the checkout, the POS shows a screen to enter your membership number, either with a barcode card, or you tap your iPhone to the POS, and the Woolies membership card appears in Apple Pay. Then, when it is time to pay, you tap again, and your normal payment card pops up. I’m not sure if any other third party uses this function. And in the normal annoying manner, the next day I start getting emails offering discounts on all the stuff I bought the day before, good for a couple of days.

1 Like

It’s the NFC enabled payment terminal that facilities the transaction and senses the phone. This is perfectly safe and requires confirmation on your phone to complete the transaction.

The cards in your iOS wallet are actually tokenized with a generated number string along with account verification. It does not replace your physical credit/debit card.

1 Like