Keith I Myers – 2014-12-31 18:27:47-0500 – Updated: 2014-12-31 21:22:17-0500I made a prediction back in September that Apple Pay’s NFC Implementation was flawed but many doubted me (Seriously… read the comments on the thread below). Not bad for a “Armchair NFC Expert”
I was indeed spot on, This article posted by +SlashGear ( http://www.slashgear.com/apple-pay-glitch-prevents-adding-cards-on-reset-31361245/ ) and +9to5Mac ( http://9to5mac.com/2014/12/31/apple-pay-glitch/ ) confirm my prediction.
I do need to add one correction to +SlashGear ‘s post. This is NOT a glitch, rather the expected behavior of using a NFC “Secure Element” vs Host Card Emulation. Early Android Phones had the same issue before Google moved to Host Card Emulation in Android 4.4.
Apple’s own forums are flooded with complaints. https://discussions.apple.com/thread/6722536?start=60&tstart=0Originally shared by Keith I MyersApple has a problem on their hand and they don’t even realize it. Per Apple, they are using NFC with a “Secure Element” to power the new Apple Payment System.
There is a reason why Google has moved away from the “Secure Element” and replaced with it with “Host Card Emulation” a year ago.
“Secure Elements” work by setting up an encryption method between the NFC radio and the OS. This is a one-time key that is destroyed whenever the phone is factory reset. Once destroyed, it essentially hard bricks the “Secure Element”. To avoid this, users will need to go into Apple’s wallet and clear the Secure Element from within the application prior to a factory reset.
Apple has a problem on their hand and they don’t even realize it. Per Apple, they are using NFC with a “Secure Element” to power the new Apple Payment System.There is a reason why Google has moved away from the “Secure Element” and replaced with it with “Host Card Emulation” a year ago.”Secure Elements” work by setting up an encryption method between the NFC radio and the OS. This is a one-time key that is destroyed whenever the phone is factory reset. Once destroyed, it essentially hard bricks the “Secure Element”. To avoid this, users will need to go into Apple’s wallet and clear the Secure Element from within the application prior to a factory reset.This problem was huge when it debuted with the Samsung Galaxy Nexus, HTC EVO 4G LTE and 2012 Nexus 7. Note, all of these phones are VERY OLD and Apple is just starting to play catch up.
Shared with: Public, Keith I Myers, 9to5Mac, SlashGear+1’d by: MOHAMMED ALMUKAYNIZI, Chad Burton, Joseph Cappellino, Francis S, Gregg Lantz, Katy Kasmai, Terry Stout, C K, Vito Vizziato, Ben Thornsberry, Pablo Arista, Philip WingfieldReshared by: MOHAMMED ALMUKAYNIZI, Pablo Arista, Terry HutchinsonPhilip Wingfield – 2014-12-31 18:43:55-0500Fully agree. But again, its an Apple device, and people blindly flock to it regardless of poor implementations of software or hardware features. The company does not learn from others mistakes, and we all pay the price. Because it is faulty, Apple may very well do away with NFC payments, or disable them on a device that touted it as a feature, and we will see even less NFC compatible terminals and devices. I need to look into the Apple “don’t call me iWatch” watch again, and see if it also uses secure element. I believe it does, in which case we will see this same problem again when a more convenient NFC payment option first launches (I would love to have NFC payments wrist-mounted).Antonio Jiles – 2014-12-31 18:44:02-0500Awesome find. I read through some of the old comments on the old thread. Most dont understand the “secure element” google used to use for wallet to operate. I’m so glad google moved away from this.Keith I Myers – 2014-12-31 18:47:02-0500Re-reading a few of the comments, I love how I was called an “armchair NFC Expert”. If course, I will point out that I am actually a very accomplished software engineer IRL. Philip Wingfield – 2014-12-31 18:47:21-0500 – Updated: 2014-12-31 18:48:24-0500Lol +Keith I Myers. You don’t even need to be a software expert (I am in no way an expert), you just need to understand technology and why things have changed. Reading is the important skill here.Siva G – 2014-12-31 22:50:47-0500+Keith I Myers @ amazing.comJoseph Cappellino – 2015-01-01 09:49:49-0500The benefit of using the secure element is that you don’t require an Internet connection like you do with host card emulation. This is a problem with services that are south inside buildings.
But, one of the downsides to the score element is just what you said. I remember almost killing my secure element in my S4. I somehow restored it. I don’t remember how, but it was a real pain. I know it involved rooting and replacing the libraries or something, or I just lucked out.
Also, one of the other reasons Google switched to HCE was to circumvent Verizon, AT&T and T-Mobile. They were blocking it in order to promote their not yet complete (at the time) payment system, SoftCard (then ISIS). They were complaining about security risks in using the SE, but everyone knew the team reason. Once Google switched, there s nothing they could do.
What they need to figure out is how to make it work without an Internet connection… And get rid of CurrentC (or at least make calls to enable those terminals again).