Thursday, May 5, 2022

EU Objects to Apple Limiting Third-Party Access to NFC

Eric Slivka:

In line with a report late last week, the European Commission today officially announced that it has issued a Statement of Objections to Apple over its restrictions that prevent third-party services from accessing the NFC capabilities of the iPhone, thereby restricting competition in mobile wallets on iOS.

[…]

European Commission Executive Vice-President Margrethe Vestager argues that access to NFC is a requirement for viable mobile wallet services at brick-and-mortar locations.

John Gruber:

Apple took a vibrant, perfectly balanced market where NFC payments were used by almost no one and turned it into a market where Apple Pay is accepted at most brick and mortar retailers and millions of iPhone users enjoy using it, with whatever credit and debit cards they choose. Let’s get back to a balanced market, right?

It’s hard to tease out what caused what because access to iPhone’s NFC hardware was tied to the availability of Apple Pay. So we went from Apple blocking progress in this area to promoting its own (very good) solution. There was never a market where customers could choose among alternatives.

The E.C. complaint wavers between claiming Apple Pay dominates NFC payments on iPhones and dominates the entire industry. The latter was true as recently as October 2017, when Apple Pay accounted for 90 percent of all contactless transactions globally, where it was available. As I noted at the time, that’s a remarkable achievement for a platform that by all accounts is a distant second to Android in global market share.

It is, but we also know that—separate from NFC—the App Store generates more than double the revenue of the Google Play Store. (Hardware revenue is also disproportional.) So how much of the payments difference is because Apple Pay is so good and how much of it relates to iOS and Android customers being different?

Nick Heer:

In Canada, where tapping to pay for stuff has been similarly commonplace for years, people use their cards about twice as often as they use a mobile wallet, according to a 2021 report from Payments Canada[…]

[…]

If mobile wallet apps were so much more amazing to use, should they not have much greater adoption than this? It is ironic that the one clear benefit they provide — security — is cited as a reason against their use.

This report also found Apple Pay is used more than Samsung Pay only by four percentage points, even though iPhones are about twice as popular here as Samsung phones.

John Gruber:

I don’t see how the security implications of any of these features — payments, car keys, getting into hotel and dorm rooms — are not obvious.

[…]

I mean, it’s all just ones and zeroes. Apple could allow users to add third-party wallet apps and grant them permission to be invoked simply by double-pressing the side button. But what happens then? Do you get an extra step where the user has to choose which wallet to use, Apple Wallet or a third-party one? Or does the third-party one replace Apple Wallet? What happens when you add a second third-party wallet app? It would get confusing very quickly.

It is not obvious to me that this couldn’t be opened up in a secure way. It’s true that things could get more confusing, though the same could be said of many other areas that are (rightly) not locked down today. The question is whether the potential benefits are worth it.

Ben Brody:

Apple told the Wall Street Journal it is “setting industry-leading standards for privacy and security” while providing would-be competitors access to the technology on the same terms as it operates. The pushback echoes Apple’s defense in other antitrust cases, including those targeting its App Store: The company often insists that features that appear to create a closed ecosystem funneling consumers through its products are merely security protections.

Nick Heer:

Are the security features it has built for Apple Pay unique to the implementation of that service, unable to be reproduced by or for third parties? I am asking honestly. Apple’s statement manages to be both misleading — “Apple Pay […] has ensured equal access to NFC” makes no sense — and vague about its security standards. Apple’s security guide suggests deep hardware and software integration lends Apple Pay a superlative level of security, but it does not say anything about why this could not be made available to third parties.

John Gruber:

Is the E.C.’s argument that any third-party app should be able to wake up and respond to an NFC tap?

[…]

To me it’s clear that the wallet itself belongs as part of the system. It’s the elements inside the wallet that should be open to third-party apps, which is exactly how Apple Wallet works. That NFC card readers in retail point-of-sale terminals only work with credit and debit cards isn’t Apple’s fault or responsibility, and Apple Pay integrates with any and all credit and debit cards that choose to support Apple Wallet.

So, because Apple makes the phone, they should get a percentage of every credit card transaction that goes through the phone’s NFC chip? And what potential features might we be losing out on? For example, there’s no way to sync my Apple wallet with a non-Apple device.

Update (2022-05-09): Damien Petrilli:

Also because of Apple lockdown, most NFC public transport systems are android only (ex: Paris, Lyon in France)

9 Comments RSS · Twitter

I’m kind of tired with Gruber right now

Frankly, a lot of that also seems to stem from the American knee-jerk reaction to anything “regulation”, worsened by the fact that this is potential regulation from outside America.

You could replace NFC with Bluetooth and Apple Pay with headphones and it’s obvious how absurd the argument is to say that only Apple should have access to that hardware for “security” reasons.

Gruber earning his access again, with the tired, and childish belief that companies create markets, and having done so, they are in some way entitled to rule over them, like feudal lords.

Apple's cut of NFC transactions should either be zero, or every company who has transactions processed through NFC, who provides Apple with the opportunity to sell their iPhones on the basis of NFC making Apple's devices more alluring to the consumer, should be entitled to a cut of Apple's iPhone sales revenue.

30% off the top of the retail price, kept as a pool for distribution sounds like a fair and familiar amount for some reason.

Out of all regulations prepared by the EU, this is in my opinion the least controversial. Opening up the NFC interface would unlock a lot of innovation and actually make the iOS platform more useful in many ways. I'm thinking about electronic IDs, applications in healthcare, electronic keys.

Apple can't possibly support all applications and use cases worldwide with their heavily restricted APIs and Wallet app and is massively hindering innovation in my opinion.

The only reason I can see why they fight this so vigorously is that they want to protect their revenue sharing agreements with banks and other users.

Also, it's not like other Apple's apps (iMessages, Mail, Calendar, Podcasts) are the best in class in every respect. I'm happy for having a choice in these other categories.

I like Grubbers extremely narrow view of how people use NFC in shops.

I rarely see people pay using their phones. But I regularly see people use NFC with their credit cards.

Is this different in the states? I haven't been there since 2016 but back then I was shocked by how dated payment systems were.

Lots of people looking at the signature on my card, no PIN codes ever. And that was in San Francisco.

ProfessorPlasma

Unless I am missing something, hasn't Apple already allowed third party access to its NFC through Wallet? I can open hotel rooms, dorms, and I can buy a lock that opens my house with NFC with my iPhone now. Apple also has a way to securely host my drivers license, so the argument that it is a safety concern has already been passed.

> Apple could allow users to add third-party wallet apps and grant them permission to be invoked simply by double-pressing the side button. But what happens then? Do you get an extra step where the user has to choose which wallet to use, Apple Wallet or a third-party one? Or does the third-party one replace Apple Wallet?

Yes? You can change your default web browser, why not your wallet app, camera app, maps app, etc?

Harry Belafonte

Seems it's all about security and yet those security issues seem to be able to be resolved by agreeing to pay a commission on any payment that might pass through them.

It’s hard to tease out what caused what because access to iPhone’s NFC hardware was tied to the availability of Apple Pay. So we went from Apple blocking progress in this area to promoting its own (very good) solution. There was never a market where customers could choose among alternatives.

I agree that Gruber’s conclusion is premature. But NFC did exist on Android phones for years before the iPhone had it, and while some people talked about it, payments weren’t yet a big thing. Google also tripped over itself re-tooling it several times before they got it right.

Did payments become big because of Apple Pay, or because they simply took several years to gain momentum? Probably a bit of both.

It is not obvious to me that this couldn’t be opened up in a secure way. It’s true that things could get more confusing, though the same could be said of many other areas that are (rightly) not locked down today. The question is whether the potential benefits are worth it.

I worry that the EU looks at this purely from an antitrust idealism perspective. And it’s not clear to me what those potential benefits even are, for the consumer.

I’m less worried about security than I am about privacy. Apple Pay enforces a mechanism where the two key stakeholders in a purchase (your bank, and the store you’re buying from) have less information than they otherwise would, and are less able to profile your purchasing behavior. Apple has more information than they otherwise would, but 1) it doesn’t seem key to their business model to use that information, and 2) they don’t get that much information anyway.

It also doesn’t seem, 8 years in, that this was a ploy of Apple to insert themselves as the middleman who collects a high percentage. By all accounts, their Apple Pay cut is quite small.

So, the EU seems stuck in a “what if a third-party competitor made a cheaper or otherwise better offering?” hypothetical that hasn’t actually been borne out at all on Android.

The company often insists that features that appear to create a closed ecosystem funneling consumers through its products are merely security protections.

A statement can be both self-serving and accurate.

Yes? You can change your default web browser, why not your wallet app, camera app, maps app, etc?

Maps, sure.

Camera is a bit trickier. One of my longstanding hopes is that Apple finds a way to make their camera integrations work better with third-party apps. (For example, the camera button on the lock screen.) But that isn’t easy to do in a secure manner.

Wallet? There’s a lot of ways that can go wrong.

Leave a Comment