Security. I'm quite happy as an iPhone user to have Apple be the only ones in the loop for NFC payments. I'm generally happy with all other restrictions mentioned in the suit (no 3rd party app stores, no super apps, etc). It seems that this suit is brought on behalf of other companies (device and app makers, etc) and has a tenuous benefit to the public. There is a fair alternative available in Android for those who don't want to be in the iOS ecosystem.
FWIW I use Linux on my desktop computer, believe in open source, etc. Since mobile phones have become much more than phones and are now a sort of master key to your entire life, I am happy to have that key reside in as high a trust environment as I can find.
Why do you think a banks NFC payment app might not be secure? If ios is a platform then another NFC app could be as secure. Regardless, users should be given a choice. You can continue using Apple Wallet app, some other users might prefer other apps.
The concern is bad actors - that some random app (not your bank) gets access to NFC.
Choice isn't always good. Especially where consumers don't really understand all the implications. My mom doesn't benefit from choice here, she is actively harmed by it, she knows it, she uses Apple to avoid it.
Your mom already chooses to use Apple for this reason, so presumably would also not use a third-party App Store or sideloaded apps, so she could still benefit from the Apple security blanket even while theoretically having choice.
Yeah, though hopefully there is some sort of warning (or setting that prevents sideloading when enabled) that makes her think twice. Or, you could perhaps make her a “kids” profile unable to install anything without permission.
Sure - but why? Part of Apple's value prop is convenience. This extra app store thing doesn't sound convenient for Apple's customers. Apple isn't trying to make life difficult for consumers, they do make life difficult for developers and others in the ecosystem in many cases - but it's almost always to make life easier for their end customers.
Then nobody will use them if Apple allows them. If they do it like Google, by default users cannot sideload or install alternative app stores anyway. It's opt-in. Why do you want to prevent people who actively want to do these things with their phones from doing them?
If Apple's goal is to make things as "easy" for people as possible, then they should just not have any app store at all. And they shouldn't offer different configurations. They should just release an Apple iPhone that comes however it comes and nothing about it can be modified. That would be super convenient!
>> Why do you want to prevent people who actively want to do these things with their phones from doing them?
I don't want to. I want Apple to make the decision. I want Apple to make 1000s of decisions for me around my phone. They seem to be good at it, at least with respect to end users.
And, no, a non-app store phone wouldn't be convenient. Uber is very convenient. So is my banking app. There are dozens of very convenient apps on my phone.
Honest question: Do you have any example that the approach Android takes to the NFC stack enables exploits that are not possible on iOS in regard to NFC payments?
I don't have an example, but I believe your question supports my point. From everything I've observed, Apple is generally better at providing a secure ecosystem than the variety of major parties that comprise the Android ecosystem. So if I remain in the Apple ecosystem I'll need to devote less energy to answering questions like the one you've asked than otherwise.
Ok, that is fair and there can be a difference in opinion between making such choices more based on subjective opinion and personal feeling vs. basing that mainly on evidence and I do not want to dismiss the former. I understand that the convenience and peace of mind of a solution one trusts have value, and I do not discount those facts, even if I take a different approach to this situation, digging into White papers and whatnot, partly for enjoyment and personal interest. I can even recommend the Apple Platform Security Guide [0]. It's quite a good read, actually.
But no one would force you or anyone else to leave that Apple ecosystem you hold in high regard. There would simply be more opportunity for alternatives that, if they are well implemented, may even provide such a robust product for such a long time that even devoting little energy to the decision on security grounds may make it more appealing than Apples. Or maybe some feature, such as the one I described for accessing banking institutions after office hours, might make such an impact on your situation, that you become more open to those additional choices. And if not, again, you may stick with Apple all the same.
> But no one would force you or anyone else to leave that Apple ecosystem you hold in high regard. There would simply be more opportunity for alternatives
“Opportunity for alternatives” is not free. There will be a trade off to enabling it, and my perception is that it’ll negatively affect those who are happy with the status quo.
If the current trade-off is considered anticompetitive, there may be enough incentive to create a new model. Bell telephone offered free long distance calls on their network, the happiness of their customers didn't protect them when regulators started questioning how competitive Bell's strategy was.
Maybe it will negatively affect those who are happy with the status quo. That has no bearing on the righteousness of a person or company's actions, especially if they're in a position to deny competitors market access.
It has bearing on whether a case should be brought. The goal of antitrust legislation in the US has been largely to protect consumers. It's slightly more gray than that, but by and large that's the goal.
With respect, this second part is so dependent on "well implemented" and a party acting in good faith (ie not being a scam) that it's basically a worthless argument.
I don’t know what you’re referring to. Trust is a fundamental part of security. Without trust you need to be ever vigilant in an ever expanding set of domains and technologies, or you have to shrink your vulnerability surface area down to something that you can at all times personally comprehend and manage. This will not work for 99.99% of the population.
If you pry up the pavement on the way to hell, you'll find good intentions underneath. Trust whoever you want, but don't turn around and make claims you're unwilling to defend. The security Apple offers is far from unconditional - the plethora of iPhone-related data leaks is a dead horse well-beaten on this site.
For your safety, I hope the government looks out for you. Because nobody else is going to do your due diligence, evidently not even yourself.
You imply Apple isn't a better choice than the android ecosystem(s) with respect to safety/security/privacy (because you reply to the comment that this appears to be the case). This is, at least on the surface, not the general perception. But given you talk so much about doing due diligence, I assume you have some insight as to why Apple isn't the better choice on these dimensions?
I'm genuinely all ears, because this has not been my observation, but I've never done and in-depth study of the matter.
You're all good. It's been a few months since I've written one of these comments out entirely, so I'll give you the rundown:
- Android is Open Source. Google itself is a ghoulish company nowadays, few people are wrong in assuming that. For all of iOS' security taglines though, you can't build it yourself and create a further-hardened version. "Features" like Apple routing traffic around your VPN cannot be un-programmed. This doesn't necessarily make Android a better OS, but it absolutely enables better overall privacy and proves that a better ideal is realistic. I don't personally hold Google in high regards security-wise, but the AOSP has nothing to hide. You can go see for yourself.
- Apple's software can't be trusted. pbourke's correct in that consumers have to make a choice about trust when selecting hardware, but I see no evidence that Apple's approach is working. Their services turn over personally-identifying data to governments by the ten-thousands, and in countries like China your iCloud server lives in a CCP-owned facility. Apple does nothing to resist obvious government censorship ploys, and is indeed a decade-old member of America's PRISM program. Without any transparency holding Apple accountable, you really have to hold on the question - can you trust them?
- Neither Google nor Apple make good OSes, in part because neither one is motivated to compete with the other. Google treats Android as a technology dumping ground and a defacto unifying platform for their various hairbrained hardware endeavors. Apple treats iOS like Hotel California. Both companies have found a niche in ignoring each other, and Apple has used it as an excuse to pursue business strategies Google could never dream of. It's a threat to the market no matter how either of us feel about it.
The DOJ put it best, this morning: "Apple deploys privacy and security justifications as an elastic shield that can stretch or contract to serve Apple’s financial and business interests."
No no, peace of mind has no value. Just ask the big brains at the DOJ. Safety, peace of mind, convenience - these are zero value items. Only choice matters.
Sorry, that was a joke. I should have lathered on more obvious sarcasm. The DOJ don't understand very basic computer security. It's disgraceful. Agree with everything you say here - the antitrust regulators seem to have forgotten who they are supposed to be protecting - consumers, not apple competitors.
The fee is paid by card issuers. It's 0.15% for cc and 0.5 pennies for debit cards. Card issuers take a large chunk of change in interchange fees, this is a tiny, tiny proportion of it. Even if they managed to pass the cost on (which they almost certainly cannot given the nature of that business), spread across it might be 0.00000x % increase in costs. And, it's quite likely to actually reduce costs for card issuers due to reduced fraud and reduced physical card issuance (those cards actually cost money to produce).
And once you get into grad school they teach that those nice little graphs you drew in high school and undergrad were simplifications of the real world, and whether costs are passed on or not is very dependent on the specifics of the market. And then you hit the real world and realize, it's even more complex again when the costs are felt for some subset of transactions and not others, there are multiple parties to a transaction, etc etc.
Yes, exactly. Free money from the sky is exactly it.
It's definitely not coming out of card issuers pockets, from their fat interchange fees, that they may be happy to pay due to reduced fraud and other costs. Nope, the free sky money thing is it.
I question the governments decision to include this in the complaint. Surely Visa's 2-3% fee has a greater impact on the wider economy than Apple's 0.15%.
While that may be true for nfc payments, a lot of the accusations in the document are excused by Apple using bad-faith arguments in the name of security. Then there’s the 30% tax, which is just anticompetitive extortion.
FWIW I use Linux on my desktop computer, believe in open source, etc. Since mobile phones have become much more than phones and are now a sort of master key to your entire life, I am happy to have that key reside in as high a trust environment as I can find.