{"id":19994,"date":"2018-01-01T15:08:18","date_gmt":"2018-01-01T20:08:18","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=19994"},"modified":"2018-01-01T19:15:02","modified_gmt":"2018-01-02T00:15:02","slug":"pressing-the-side-button-to-confirm-payments-on-iphone-x","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2018\/01\/01\/pressing-the-side-button-to-confirm-payments-on-iphone-x\/","title":{"rendered":"Pressing the Side Button to Confirm Payments on iPhone X"},"content":{"rendered":"<p><a href=\"https:\/\/daringfireball.net\/2017\/12\/side_button_to_confirm_payments_on_iphone_x\">John Gruber<\/a>:<\/p>\n<blockquote cite=\"https:\/\/daringfireball.net\/2017\/12\/side_button_to_confirm_payments_on_iphone_x\">\n<p>These remarks caught my attention because a technically-savvy family member was confused by the same thing the first time they tried to buy an app on their new iPhone X. They showed me the phone <a href=\"https:\/\/daringfireball.net\/misc\/2017\/12\/double-click-to-pay.mp4\">with the &ldquo;Double Click to Pay&rdquo; animation<\/a> and asked me, &ldquo;What am I supposed to double click here? It doesn&rsquo;t work.&rdquo; What they had tried was double tapping on the &ldquo;Double Click to Pay&rdquo; label on screen. When I explained that the animation was pointing to the physical side button, the proverbial light bulb went off.<\/p>\n<p>This is an interesting design dilemma. The reason why Apple requires you to press the physical side button to confirm a purchase with Apple Pay or in the App Store is because pressing the side button can&rsquo;t be faked by an app. If it was an on-screen button, a nefarious app could present a fake Apple Pay button. With any normal app, clicking the side button once will always lock the screen, and double-clicking will put you in Apple Pay mode. Only Apple&rsquo;s own software can override the side button like this. Double clicking the side button to confirm a purchase effectively guarantees that it was a legitimate payment experience.<\/p>\n<\/blockquote>\n<p>I&rsquo;m sure there must be a good reason, but I don&rsquo;t understand what problem this is solving. A fake payment button is not actually going to charge me. And prior to Touch ID, payment confirmations used regular software buttons.<\/p>\n\n<p>Update (2018-01-01): <a href=\"https:\/\/twitter.com\/NSExceptional\/status\/947938829503225858\">Tanner Bennett<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/NSExceptional\/status\/947938829503225858\">\n<p>I had this question too. Consider this scenario:<\/p>\n<p>Say the payment UI uses an on-screen button. A malicious app presents a fake IAP dialog that looks just like the real one. When you try to use Face ID, what it really does is use ARKit to detect your face then fakes the Face ID popup and tells you it couldn&rsquo;t recognize your face. Now, when you hit the blue Install button, it will ask for your iTunes password.<\/p>\n<p>So, it doesn&rsquo;t apply to Apple Pay so much as it applies to phishing for your iTunes password.<\/p>\n<p>All of this could be faked, except the Double-Click to Confirm, which would either lock the phone or trigger Wallet.<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>John Gruber: These remarks caught my attention because a technically-savvy family member was confused by the same thing the first time they tried to buy an app on their new iPhone X. They showed me the phone with the &ldquo;Double Click to Pay&rdquo; animation and asked me, &ldquo;What am I supposed to double click here? [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"","apple_news_api_id":"","apple_news_api_modified_at":"","apple_news_api_revision":"","apple_news_api_share_url":"","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[],"tags":[91,995,31,1472,1573,169,48,573],"class_list":["post-19994","post","type-post","status-publish","format-standard","hentry","tag-appstore","tag-apple-pay","tag-ios","tag-ios-11","tag-iphone-x","tag-payments","tag-security","tag-touch-id"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/19994","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=19994"}],"version-history":[{"count":2,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/19994\/revisions"}],"predecessor-version":[{"id":19999,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/19994\/revisions\/19999"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=19994"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=19994"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=19994"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}