I understand Apple's hesitancy with NFC. Factoring in how many iTunes accounts there are, imagine how insane it would be if you replaced the GS III in the above article and replace it with iPhone and the backlash for it would be Apple Maps + Antenna-Gate all rolled up into one. If and when Apple does it, they will need to go well above and beyond what is out now. Even if it's just for public perception.
Otherwise anybody can install free apps on your device.
And the upgrade, I prefer to decide myself if and when I upgrade an app.
So Apple should keep it that way.
No reason at all that this functionality can't be managed through user controls and preferences. I'm glad you like it that way, not everyone else agrees.
Apple likely requires entry of the password for multiple reasons (even for free apps):
Prevent unauthorized purchases by minors (Apple has faced legal action)
Prevent unauthorized "purchases" by unscrupulous people, for example, certain apps may attempt to escalate privileges. If a password were not required then such apps might be ubiquitous (as on competing platforms)
I do not desire to have the security issues of competing platforms. These really are minor inconveniences considering the additional level of security provided.
Apple got in trouble for unauthorized in-app purchases, not free purchases. I am not advocating there shouldn't be a password for paid purchases. Apple could have avoided the whole in-app purchases problem by shutting that off by default and requiring a password each and every time.
I agree Apple's reasons might be valid, but I find having to type my password for free apps annoying. If security is the primary issue, why not require a password to log into the phone every time? Instead, Apple knows that is annoying and made it optional. I just want a setting to turn off the password for free downloads.
I just do not see a compelling reason for the majority of the population to prefer mobile payments on a smartphone to the multitude of alternatives especially given that the act of paying itself isn't fundamentally better.
As you stated, your credit card doesn't have Bluetooth. As a result an alert that someone is "hack[ing] it with bluetooth" is unnecessary.
I didn't either (to prefer mobile payments) till I got a new card that had it and, as I said before, since I carry my wallet and phone in one case I - personally - found it more convenient. It's not how I pay for everything, but if the entire experience (not just the "tap" portion but setup, curation, tagging and notifications) was more engaging and secure (bio-scanner) I could be convinced to use it more than I do. I won't get into a debate about fundamentally "better", as that is perception. "Better" mean different things for different people in different situations.
I think you are too focusing on the "Bluetooth" portion of what I said. What I was implying is that there have been noted cases of people using Bluetooth enabled devices paird with an NFC board with the power turned up (so that you don't have to be within the minimum distance) to search for and scan NFC-enabled cards and ways to prevent it (http://lifehacker.com/5896785/foil-electronic-pickpockets-with-aluminum-foil-or-multiple-credit-cards). On a phone you may be able to have a pin needed to authorize transactions but the nfc-enabled card may not. So (hypothetically) through the course of a dinner you could theoretically have many mico-payments syphoned off your card without knowing and without triggering a pin request. What I was trying to get at was that, if the software was so designed, it would be nice to see the phone letting you know something is happening in the middle of your dinner rather than your card, voiceless, not letting you know.
Because an app MUST be tied to an account to allow redownloading in the first place. Because an app may go paid, and there would be no record of your grandfathered free purchase, so you'd whine about it to Apple, whose fault it isn't. Because developers deserve a metric for downloading that discourages abuse.
I agree Apple's reasons might be valid, but I find having to type my password for free apps annoying. If security is the primary issue, why not require a password to log into the phone every time? Instead, Apple knows that is annoying and made it optional. I just want a setting to turn off the password for free downloads.
Every time you download an app, free or not, you are agreeing terms of using the new software you just acquired. Entering in your password is like hitting agree. It's why you don't have to enter a password for updates anymore. Think about it that way and not as a financial issue. It doesn't have anything to do with the value of the app.
I'm surprised so many people are looking at this as strictly a financially issue and not a software licensing issue.
No sir, NFC has not been hacked. As I suspected, it was just an oft-repeated mistaken internet myth.
What that group did was exploit a bug in a document viewer.
They sent the link to the document via NFC just for the publicity value, but they could've just as well sent the link via email or text. The delivery method didn't matter; the bug was with the viewer, not with the comms.
Obviously it also had nothing whatsoever to do with NFC payments.
No sir, NFC has not been hacked. As I suspected, it was just an oft-repeated mistaken internet myth.
What that group did was exploit a bug in a document viewer.
They sent the link to the document via NFC just for the publicity value, but they could've just as well sent the link via email or text. The delivery method didn't matter; the bug was with the viewer, not with the comms.
Obviously it also had nothing whatsoever to do with NFC payments.
Dude, that's semantics. It doesn't matter that NFC as a delivery system sent an exploit or the delivery system its self was exploited for this instance. NFC was still used as a means to exploit a hole in the device and for a delivery system that most people only recognize as a means to transfer payment (much like many people though bluetooth was the earpiece) it's a shot to confidence. Especially a delivery system that takes very little interaction to transfer data.
No don't get me wrong. I'm not against NFC, nor am I being anti-android/samsung/whathaveyou. All i am saying is that a delivery system that is going to be the backbone for wireless transactions won't suffer from more security measures and I applaud Apple for waiting on this one. The ramifications of getting this wrong, unlike say Maps, would be catastrophic.
edit:
there are other instances of NFC exploited. again, not against it but it could use some tightening up before apple hitches it's buggy to it:
Wow, using a barcode scanner to transfer information! Whoda thunkit?
It truly is more of an implementation than a novel invention. It will be very handy though and would allow compatibility with other smart phones (rather than the bump technique). And since the patent office is letting the courts deal with ridiculous patents rather than denying them in the first place (thus allowing more revenue from filings) -- I don't blame Apple for trying.
Dude, that's semantics. It doesn't matter that NFC as a delivery system sent an exploit or the delivery system its self was exploited for this instance.
I hear what you're saying -- that people only hear the phrase "NFC has been hacked" and they (falsely) think that it has something to do with NFC itself or with NFC based store payments, when it doesn't.
However, I see no reason to continue to contribute to that ignorance.
The delivery system itself is not the problem, and NFC based credit card payments have not been hacked. (On smartphones.)
Quote:
there are other instances of NFC exploited. again, not against it but it could use some tightening up before apple hitches it's buggy to it:
"This isn't the result of some inherent flaw with NFC, but rather due to the fact that the transit systems tested just didn't activate security measures to lock down the read/write permissions (on the cards) effectively."
It's not even the fault of the transit cards. As the group who did it points out, it's the reader software used by certain transit systems, which fails to recognize that the same data is being used again, or set a card flag to help prevent it.
I agree with the first part of your critique. I hate typing in my App ID to get a free App. Make that optional. As to automatic downloads, I think the problem with that is many people might not like updates to perfectly functioning apps to be updated automatically. If anything, that should be optional as well.
If you hate typing your Apple ID then change your iTunes setting.
All these GREAT ideas and patents...........Why aren't we seeing some of them in the iPhone??? These are great, things people would want to see. Unfortunately it seems that the all these patents just go in Apples vault and never come to fruition in any product.
Bottom Line: Apple is innovating, just never using what they invent.
The delivery system itself is not the problem, and NFC based credit card payments have not been hacked.
As that article points out...
"This isn't the result of some inherent flaw with NFC, but rather due to the fact that the transit systems tested just didn't activate security measures to lock down the read/write permissions (on the cards) effectively."
It's not even the fault of the transit cards. As the group who did it points out, it's the reader software used by certain transit systems, which fails to recognize that the same data is being used again, or set a card flag to help prevent it.
You are right, and I agree... however its the hub of a whole "wheel" system. Blaming the reader is fine (and justified) but it can effect the experience just the same, especially to customers who aren't supposed to know or care about the individual machinations. Just that a flaw showed up in the system that handles how they purchase morning coffee. if more security could be added either during the NFC transaction or just before or just after to increase security, then why not?
All these GREAT ideas and patents...........Why aren't we seeing some of them in the iPhone??? These are great, things people would want to see.
Unfortunately it seems that the all these patents just go in Apples vault and never come to fruition in any product.
Bottom Line: Apple is innovating, just never using what they invent.
The patents were just released, we don't know how they will be implemented or if they are reliant on software/hardware not yet perfected. Apple follows an internal schedule, they don't just push out a device whenever they think of something - doing so now could destabilize current product chains, suppliers may not be able to source all the parts for a mass rollout without proper testing... there are tonnes of factors. Most importantly, how do you know it isn't? Nothing has been announced and no one knows anything for sure. For all we know this IS in the next one. Your bottom line is nonsense. If you can learn anything about apple its that they aren't in the "specs" game and never have been. it's not about individual inventions, it's how those inventions are paired with other items (be it software or hardware) that make a solution (passbook, messages, FaceTime, fusion drive, time machine, Siri, airplay, iCloud, ect...). Each one of those are made up of pairings of individual technologies to make one seamless solution to a problem. This is one technology, lets see what it becomes part of.
Using a Samsung Galaxy SIII — one of the most popular smartphones available in Canada — and a free app downloaded from the Google Play store, CBC was able to read information such as a card number, expiry date and cardholder name simply holding the smartphone over a debit or credit card.
I still have to enter my AppleID to download FREE apps and app updates still don't happen automatically. Here's a thought for Apple: Make your current features less of a pain in the ass before adding new features, mmmmmkay?
i believe there is a setting for automatic updates in settings.
Comments
Quote:
Originally Posted by KDarling
How is an NFC transaction not secure? (Are you repeating an internet myth?)
NFC can be more secure, that and battery drain were cited reasons to hold off from Apple's view. NFC has been hacked before:
http://thenextweb.com/google/2012/09/19/security-researchers-hack-android-via-nfc-samsung-galaxy-s-iii/
I understand Apple's hesitancy with NFC. Factoring in how many iTunes accounts there are, imagine how insane it would be if you replaced the GS III in the above article and replace it with iPhone and the backlash for it would be Apple Maps + Antenna-Gate all rolled up into one. If and when Apple does it, they will need to go well above and beyond what is out now. Even if it's just for public perception.
Quote:
Originally Posted by FotoDirk
This is needed for security.
Otherwise anybody can install free apps on your device.
And the upgrade, I prefer to decide myself if and when I upgrade an app.
So Apple should keep it that way.
No reason at all that this functionality can't be managed through user controls and preferences. I'm glad you like it that way, not everyone else agrees.
Apple got in trouble for unauthorized in-app purchases, not free purchases. I am not advocating there shouldn't be a password for paid purchases. Apple could have avoided the whole in-app purchases problem by shutting that off by default and requiring a password each and every time.
I agree Apple's reasons might be valid, but I find having to type my password for free apps annoying. If security is the primary issue, why not require a password to log into the phone every time? Instead, Apple knows that is annoying and made it optional. I just want a setting to turn off the password for free downloads.
Quote:
Originally Posted by MacBook Pro
I just do not see a compelling reason for the majority of the population to prefer mobile payments on a smartphone to the multitude of alternatives especially given that the act of paying itself isn't fundamentally better.
As you stated, your credit card doesn't have Bluetooth. As a result an alert that someone is "hack[ing] it with bluetooth" is unnecessary.
I didn't either (to prefer mobile payments) till I got a new card that had it and, as I said before, since I carry my wallet and phone in one case I - personally - found it more convenient. It's not how I pay for everything, but if the entire experience (not just the "tap" portion but setup, curation, tagging and notifications) was more engaging and secure (bio-scanner) I could be convinced to use it more than I do. I won't get into a debate about fundamentally "better", as that is perception. "Better" mean different things for different people in different situations.
I think you are too focusing on the "Bluetooth" portion of what I said. What I was implying is that there have been noted cases of people using Bluetooth enabled devices paird with an NFC board with the power turned up (so that you don't have to be within the minimum distance) to search for and scan NFC-enabled cards and ways to prevent it (http://lifehacker.com/5896785/foil-electronic-pickpockets-with-aluminum-foil-or-multiple-credit-cards). On a phone you may be able to have a pin needed to authorize transactions but the nfc-enabled card may not. So (hypothetically) through the course of a dinner you could theoretically have many mico-payments syphoned off your card without knowing and without triggering a pin request. What I was trying to get at was that, if the software was so designed, it would be nice to see the phone letting you know something is happening in the middle of your dinner rather than your card, voiceless, not letting you know.
Originally Posted by woodycurmudgeon
And how exactly does that make it any better?
Because an app MUST be tied to an account to allow redownloading in the first place. Because an app may go paid, and there would be no record of your grandfathered free purchase, so you'd whine about it to Apple, whose fault it isn't. Because developers deserve a metric for downloading that discourages abuse.
Quote:
Originally Posted by TBell
I agree Apple's reasons might be valid, but I find having to type my password for free apps annoying. If security is the primary issue, why not require a password to log into the phone every time? Instead, Apple knows that is annoying and made it optional. I just want a setting to turn off the password for free downloads.
Every time you download an app, free or not, you are agreeing terms of using the new software you just acquired. Entering in your password is like hitting agree. It's why you don't have to enter a password for updates anymore. Think about it that way and not as a financial issue. It doesn't have anything to do with the value of the app.
I'm surprised so many people are looking at this as strictly a financially issue and not a software licensing issue.
Quote:
Originally Posted by websnap
NFC has been hacked before:
http://thenextweb.com/google/2012/09/19/security-researchers-hack-android-via-nfc-samsung-galaxy-s-iii/
No sir, NFC has not been hacked. As I suspected, it was just an oft-repeated mistaken internet myth.
What that group did was exploit a bug in a document viewer.
They sent the link to the document via NFC just for the publicity value, but they could've just as well sent the link via email or text. The delivery method didn't matter; the bug was with the viewer, not with the comms.
Obviously it also had nothing whatsoever to do with NFC payments.
Quote:
Originally Posted by KDarling
No sir, NFC has not been hacked. As I suspected, it was just an oft-repeated mistaken internet myth.
What that group did was exploit a bug in a document viewer.
They sent the link to the document via NFC just for the publicity value, but they could've just as well sent the link via email or text. The delivery method didn't matter; the bug was with the viewer, not with the comms.
Obviously it also had nothing whatsoever to do with NFC payments.
Dude, that's semantics. It doesn't matter that NFC as a delivery system sent an exploit or the delivery system its self was exploited for this instance. NFC was still used as a means to exploit a hole in the device and for a delivery system that most people only recognize as a means to transfer payment (much like many people though bluetooth was the earpiece) it's a shot to confidence. Especially a delivery system that takes very little interaction to transfer data.
No don't get me wrong. I'm not against NFC, nor am I being anti-android/samsung/whathaveyou. All i am saying is that a delivery system that is going to be the backbone for wireless transactions won't suffer from more security measures and I applaud Apple for waiting on this one. The ramifications of getting this wrong, unlike say Maps, would be catastrophic.
edit:
there are other instances of NFC exploited. again, not against it but it could use some tightening up before apple hitches it's buggy to it:
http://gizmodo.com/5945669/some-nfc-hackers-managed-to-develop-a-free-train-ride-app
Wow, using a barcode scanner to transfer information! Whoda thunkit?
It truly is more of an implementation than a novel invention. It will be very handy though and would allow compatibility with other smart phones (rather than the bump technique). And since the patent office is letting the courts deal with ridiculous patents rather than denying them in the first place (thus allowing more revenue from filings) -- I don't blame Apple for trying.Quote:
Originally Posted by websnap
Dude, that's semantics. It doesn't matter that NFC as a delivery system sent an exploit or the delivery system its self was exploited for this instance.
I hear what you're saying -- that people only hear the phrase "NFC has been hacked" and they (falsely) think that it has something to do with NFC itself or with NFC based store payments, when it doesn't.
However, I see no reason to continue to contribute to that ignorance.
The delivery system itself is not the problem, and NFC based credit card payments have not been hacked. (On smartphones.)
Quote:
there are other instances of NFC exploited. again, not against it but it could use some tightening up before apple hitches it's buggy to it:
http://gizmodo.com/5945669/some-nfc-hackers-managed-to-develop-a-free-train-ride-app
As that article points out...
"This isn't the result of some inherent flaw with NFC, but rather due to the fact that the transit systems tested just didn't activate security measures to lock down the read/write permissions (on the cards) effectively."
It's not even the fault of the transit cards. As the group who did it points out, it's the reader software used by certain transit systems, which fails to recognize that the same data is being used again, or set a card flag to help prevent it.
Quote:
Originally Posted by TBell
I agree with the first part of your critique. I hate typing in my App ID to get a free App. Make that optional. As to automatic downloads, I think the problem with that is many people might not like updates to perfectly functioning apps to be updated automatically. If anything, that should be optional as well.
If you hate typing your Apple ID then change your iTunes setting.
Unfortunately it seems that the all these patents just go in Apples vault and never come to fruition in any product.
Bottom Line: Apple is innovating, just never using what they invent.
Originally Posted by BUSHMAN4
Why aren't we seeing some of them in the iPhone?
Because not every gimmick deserves its place in a real product.
These are great, things people would want to see.
Things people THINK they want to see.
Bottom Line: Apple is innovating, just never using what they invent.
Abject nonsense.
Quote:
Originally Posted by KDarling
The delivery system itself is not the problem, and NFC based credit card payments have not been hacked.
As that article points out...
"This isn't the result of some inherent flaw with NFC, but rather due to the fact that the transit systems tested just didn't activate security measures to lock down the read/write permissions (on the cards) effectively."
It's not even the fault of the transit cards. As the group who did it points out, it's the reader software used by certain transit systems, which fails to recognize that the same data is being used again, or set a card flag to help prevent it.
You are right, and I agree... however its the hub of a whole "wheel" system. Blaming the reader is fine (and justified) but it can effect the experience just the same, especially to customers who aren't supposed to know or care about the individual machinations. Just that a flaw showed up in the system that handles how they purchase morning coffee. if more security could be added either during the NFC transaction or just before or just after to increase security, then why not?
Quote:
Originally Posted by BUSHMAN4
All these GREAT ideas and patents...........Why aren't we seeing some of them in the iPhone??? These are great, things people would want to see.
Unfortunately it seems that the all these patents just go in Apples vault and never come to fruition in any product.
Bottom Line: Apple is innovating, just never using what they invent.
The patents were just released, we don't know how they will be implemented or if they are reliant on software/hardware not yet perfected. Apple follows an internal schedule, they don't just push out a device whenever they think of something - doing so now could destabilize current product chains, suppliers may not be able to source all the parts for a mass rollout without proper testing... there are tonnes of factors. Most importantly, how do you know it isn't? Nothing has been announced and no one knows anything for sure. For all we know this IS in the next one. Your bottom line is nonsense. If you can learn anything about apple its that they aren't in the "specs" game and never have been. it's not about individual inventions, it's how those inventions are paired with other items (be it software or hardware) that make a solution (passbook, messages, FaceTime, fusion drive, time machine, Siri, airplay, iCloud, ect...). Each one of those are made up of pairings of individual technologies to make one seamless solution to a problem. This is one technology, lets see what it becomes part of.
Found this today too:
Quote:
Using a Samsung Galaxy SIII — one of the most popular smartphones available in Canada — and a free app downloaded from the Google Play store, CBC was able to read information such as a card number, expiry date and cardholder name simply holding the smartphone over a debit or credit card.
http://www.cbc.ca/news/canada/manitoba/story/2013/04/23/mb-smartphones-skimmer-credit-card-winnipeg.html?cmp=rss