Apple To Face EU Antitrust Charge Over NFC Chip

Apple will be hit with an EU antitrust charge over its NFC chip technology -- Reuters reported Wednesday, citing people familiar with the matter -- a move that puts it at risk of a possible hefty fine and could force it to open its mobile payment system to rivals. From a report: The iPhone maker has been in European Union antitrust chief Margrethe Vestager's crosshairs since June last year when she launched an investigation into Apple Pay. Preliminary concerns were Apple's NFC chip which enables tap-and-go payments on iPhones, its terms and conditions on how mobile payment service Apple Pay should be used in merchants' apps and websites, and the company's refusal to allow rivals access to the payment system. The European Commission has since narrowed its focus to just the NFC chip, which can only be accessed by Apple Pay, one of the sources said.

Apple Pay

[saloomy]

Is open to rivals though. It is not like just the Apple Card works on it. Even readers that are just NFC work through it.

Re:

[fred6666]

Apple is making a cut every time you are using a credit card through Apple Pay. They do not allow competition.

Re:Apple Pay

[Anubis IV]

I'm unclear why that shouldn't be the case. They've built a hardware platform that allows for contactless payments and charge a reasonable fee for cards that want to make use of that system for payment, which has always been open to them. That was true even before they had their own card in this space. I understand that Android phones allow access to that chip from third-party apps, and I certainly have no problem with them doing that, but I fail to see any argument for why companies should be compelled to open it up.

As much as I'll get on Apple's case for acting anticompetitively elsewhere when it comes to payments, I don't see the argument here.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Anubis IV]

They've built a hardware platform that allows for contactless payments

Given they give out iPhones for free, and nobody pays for them, they should be able to charge whatever they want.

Engaging in multiple avenues for making profit may be distasteful, but it is inherently neither a crime nor anticompetitive. There are times when it can be, certainly (e.g. I'd argue, as the courts are starting to, that Apple has been acting anticompetitively when it comes to in-app payments because it's been stifling competition by limiting the ability of devs to use or even mention alternatives within their own products), but I haven't heard anyone lay out such an argument here. Apple doesn't owe anyone a

Re:

[guruevi]

You can use the NFC chip for other apps.

You could even use the NFC chip for payments, but then everyone would have to implement their own API which wouldn't be flexible or compatible (see for example MasterCard, LifeLock, Square, PayPal, Visa, Samsung and Huawei all attempting or having attempted to establish a separate NFC payment scheme, some even have iOS apps).

The issue at hand is that the EU wants Apple to provide (for free) the software and cloud infrastructure as well. Similar to how they want the Ap

Re:Apple Pay

[AmiMoJo]

The issue is much wider than just payments. On Android any app can use NFC, and NFC is designed to facilitate that. When an NFC device is scanned by the phone it exchanges data that the phone can use to select an app to handle it.

Apple doesn't allow that. Only Apple Pay is allowed to use NFC on an iPhone.

Re:

[Sebby]

Only Apple Pay is allowed to use NFC on an iPhone.

Not quite correct - the NFC chip can be used by applications [apple.com], just not for anything related to payments.

Re:

[mysidia]

just not for anything related to payments.

Well, this restriction is a problem - it makes perfect sense that the EU may be fining them for Unfair competition due to the arbitrary restriction on what business purposes 3rd parties are allowed to use the NFC for.

Re:

[swillden]

Only Apple Pay is allowed to use NFC on an iPhone.

Not quite correct - the NFC chip can be used by applications [apple.com], just not for anything related to payments.

The restrictions are broader than that.

NFC devices in phones can act in one of two ways, they can act as a reader, where they send commands to contactless smart cards[*], and they can also act as cards, which receive commands from a reader. In the contactless smart card protocols there is no notion of equal peers, every communication is initiated by the "reader" and responded to by the "card". The NFC hardware in iPhones can of course act in both roles, but apps only have reader-role APIs, which means t

Re:

[DanTheMan827]

It also doesn't allow for an app to switch the NFC into host-card emulation mode. An app can only poll for tags and other devices operating as a tag, it can't simulate anything.

Re:

[tatroc]

I use the nfc yubikey as a second factor on my iPhone 8. I do not use the lightening port, I just hold the nfc yubikey near the top of iPhone. NFC seems to work with other apps even on an older iPhone (running iOS 15)--

Re:

[Anubis IV]

The issue is much wider than just payments. [...] Apple doesn't allow [any third-party apps to use NFC].

Actually, they do. Apple began providing the Core NFC framework [apple.com] to developers in iOS 13 (back in 2019), with support going all the way back to the iPhone 7. The framework is in widespread use among third-party and first-party apps. For instance, scan an NFC tag with an NDEF URI record that's prefixed with fb:// and the Facebook app will handle it. Similarly with Safari or Microsoft Edge being able to handle website URLs. Similarly with sharing contacts in Popl, triggering automations in Shortcuts, automatic

Re:

[DanTheMan827]

CoreNFC only allows an app to function in reader mode, there are no public APIs to make the hardware act as a NFC card.

Re:

[Anubis IV]

Agreed, and that's something I wasn't aware of at the time I wrote my comment, otherwise I would have called it out. Now that I'm aware of it, I would suggest that any conversation about iOS' NFC support deserves to have an asterisk next to it until Apple opens that functionality up.

That said, it bears repeating that the assertion at the crux of the previous comment that...

When an NFC device is scanned by the phone it exchanges data that the phone can use to select an app to handle it.

Apple doesn't allow that.

...is factually incorrect. That is functionality that iOS devices support, and has been for years.

Re:

[fred6666]

If Apple's fee was reasonable, nobody would like to create a competing payment method using the NFC chip.
If Apple blocks it, it's because they know they would loose money. It's just like their 30% cut on the app store. If the fee was reasonable, they wouldn't fear sideloading because nobody would care.

That being said, it's a matter of antitrust, therefore usually has something to do with market dominance. If Apple had only 1% of the market, I guess no country would care regulating Apple. But in some countri

Re:

[guruevi]

Apple does allow side loading your (eg. open source) apps, it's relatively simple. You can also use the NFC chip. There are other app stores for iOS which are supported by Apple (eg. Enterprise App Stores), and there are off-brand (typically pirate) app stores that aren't officially supported by Apple.

You just can't freeload on the Apple infrastructure and not notify the user you are giving them rights they would otherwise not have. But if a bank wanted to include their clients into a managed infrastructure

Re:Apple Pay

[fred6666]

Apple does allow side loading your (eg. open source) apps, it's relatively simple.

No it's not. On Android, you enable sideloading, and click on the APK to install it. That APK can be a store which will allow you to fetch more programs.
You can't do that on iOS, you have to jailbreak it.
That's why Epic is fighting Apple in courts. They want to be able to sell their games to iPhone owners without paying 30% to Apple, and they can't.

You can also use the NFC chip.

Of course you can. But not as a payment method, bypassing Apple Pay, which was the subject of this discussion.

Re:

[guruevi]

I think you misunderstood.

You can send people a configuration profile that allows them to accept apps from, for example, your own MDM solution, those apps don't have to be signed by Apple. That is how those pirate app stores work without jailbreaking. The problem is that an MDM can push just about anything which most people wouldn't trust. But Facebook got into trouble for doing just that, they were force-VPNing 'beta testers' into their own network so they could potentially scan all traffic.

You can also co

Re:

[DanTheMan827]

This is not an acceptable solution, it is not sideloading, it's enterprise deployment (which is limited only to employees mind you)

Re:

[Anubis IV]

As someone with experience writing and then deploying apps via MDM, I don't think it's unfair to refer to it as a form of sideloading, but I agree that it is not what people typically think of, is not an acceptable solution for everyday use, is not simple to set up, and I will additionally point out that it—if done outside the context of a business—comes with a massive number of additional security and privacy concerns beyond those that are common with conventional sideloading. MDMs are fine for

Re:

[fred6666]

I think you misunderstood.

No I didn't. Enterprise solutions are not convenient or realistic to use for sideloading, as other have said. Neither is compiling and signing your own version.

Re:

[guruevi]

Not sure why it isn't realistic, it's definitely more realistic than your end user downloading the 15GB Android toolkit and put their Android in developer mode by going to an obscure menu and tapping 15 times and then going into terminal to type in an arcane command to upload the app.

Re:

[fred6666]

Well that's the thing. You don't need to do that. You only need to enable unknown source and install your sideloaded APK.
Nothing obscure, no terminal, no PC required. I don't even know where you took that from.

Re:

[Anubis IV]

it's a matter of antitrust, therefore usually has something to do with market dominance. If Apple had only 1% of the market, I guess no country would care regulating Apple. But in some countries they are popular enough to warrant some regulation.

I'd love to hear where you think that is, because there was a report just a few weeks ago indicating that of all the people who have ever used Apple Pay, only 6% are active users today. Even if we assumed the iPhone had 50% market share (other than the US and UK, it's nowhere close to that), and even if we assumed that literally every active iPhone supported Apple Pay (they don't), and even if we assumed that literally every single iPhone user in the world had used Apple Pay (they haven't), we'd still only

Re:

[fred6666]

We are not talking about the Apple Pay market share on the global payment market, but the iPhone market share in the smartphone market, obviously. So it's something like 15% globally, which is, thankfully, not that much. But yes, in some major countries it is dangerously high (50%).

The 30% Apple fee is applicable where I said it is applicable: the App Store. I never said Apple Pay had anything close to 30% fees.

The banks agree to pay the fee in exchange for getting access to the platform, and they're able to eat the fee because the platform is promised to deliver better security than a physical card, resulting in lower overhead for the banks as they deal with fewer instances of fraud.

Or, should we say, they pay the fee because they don't want to loose customers who would switch t

Re:

[Anubis IV]

We are not talking about the Apple Pay market share on the global payment market, but the iPhone market share in the smartphone market, obviously.

No, not obviously. There is no doubt that we're talking about the global payments market here. Contrary to the factually incorrect information you may have seen up-modded elsewhere in these threads, this chip is already open for use by app developers in other markets, so the only change this regulation would bring about is to players in the payments market. I think there's a valid argument that Apple Pay is largely irrelevant because we're talking about the chip, not Apple's service that uses the chip, and

Re:

[DanTheMan827]

For what it's worth, I was seriously considering switching to another bank that supported Apple Pay prior to my own bank adding it. I wouldn't say that is as far-fetched as you think it is

Re:

[Anubis IV]

Thanks for calling that out. Just to clarify, I wasn't saying it was farfetched that some people would switch based on a lack of Apple Pay at a bank. I was arguing that it was farfetched that banks would be swayed by a product with such low market penetration.

Re:

[Malc]

If there are fees, perhaps these should be charged back to the customer. Same with credit card fees. This would make the system transparent, relieve the merchant of any costs based on the customer's choice of payment method and encourage competition. Perhaps the EU should focus on this approach to upend the market.

Re:

[Anubis IV]

While I'd love to see it, I think the big concern is that it would lead to a large amount of consumer confusion. Would we actually expect people to puzzle out as they stand in line whether they want the (1) 3% + $0.25 fee or the (2) 2.8% + $0.30 fee or the (3) lower of either 2.5% + $0.50 and 3.125% with a minimum of $0.25? What about cash handling fees that many merchants pay to banks or security firms? While the fact that it's opaque definitely leads to problems, you have to admit that it solves some as w

question

[GoTeam]

It would seem to me that opening the chip to others would decrease security. I don't have enough information (on my own or from TFA) to know for sure. Can someone let me know if this is untrue?

Re:

[omnichad]

NFC for payments works a lot like TOTP, except using your credit card as the source key. NFC does not have much to do with security - it's just a communications protocol that handles plain, unencrypted text.

Re:

[GoTeam]

I got that part. I guess I meant the security of allowing competitors to access their chip. Can the normal function of the chip be interrupted or incorrectly accessed by poorly written or malicious code?

Re:

[omnichad]

It's not even just competitors. Android supports NFC for receiving passwords for connecting to wifi, associating with a wireless printer, and so much more. Apple says NFC is only for payments and then limits it to only them.

I can't think of a single security risk of allowing access to NFC hardware. This is like allowing only apple keyboards to connect to Bluetooth. The payment recipient hardware does not provide any useful data to be stolen either. Unless you're worried about someone maliciously paying

Re:

[mysidia]

I got that part. I guess I meant the security of allowing competitors to access their chip.

They have access to functions of the chip [apple.com] EXCEPT for an arbitrary restriction that discriminates against Apps for a certain business purpose -- ("Core NFC doesn't support payment-related Application IDs."). Apple apparently has this special restriction prohibiting 3rd party Payment apps from using the chip, But other apps which are not payment apps such as Password vaults, authenticators, file decryptors, etc, ar

Enclave

[JBMcB]

The only thing I could think of is that there is some special function that sends a payment authentication token directly from the secure enclave to the NFC chip, keeping payment information outside of iOS. Otherwise, I can't think of a good technical reason to not allow developers to use NFC for their own payment system.

Developers can already access the secure enclave, and the only thing keeping them from using the NFC chip to make payments is the library used to access the NFC chip in iOS doesn't support

Re:

[GoTeam]

Thanks. That helps me out a bit and gives me some helpful info for further research.

Re:

[Anonymous Crowded]

It would seem to me that opening the chip to others would decrease security. I don't have enough information (on my own or from TFA) to know for sure. Can someone let me know if this is untrue?

I suspect this is a back-end "waaaah" in the EU. They cried in the US . . . but the complaint was that the vendor got no data, only a "Credit From Apple: OK" and the card issuers only get a "Charge from Apple" and no personal or product data. It wasn't until they severed this link that we all found out how big of a deal this was.

This reduces your data's gatekeeper to one, Apple.

I can't remember, but I assume Android quickly matched the business model so it's probably the same thing.

Say what you ca

Re:question

[thegarbz]

This reduces your data's gatekeeper to one, Apple.

How about reducing it to zero? I run my bank's own app to handle the bank's own card. Zero reason for Apple or Google to have anything remotely to do with my financial transactions.

Not everything needs a gatekeeper.

Re:

[Anubis IV]

When you use Apple Pay, the vast bulk of that data stays on your device.

While I agree Apple Pay is better than physical cards, let's not overstate things.

When you use Apple Pay, the credit card processor still gets that data, as does the bank, as does whoever they sell it to. So, three of the four you listed. The merchant doesn't, which is nice given that they're the least regulated and most likely to either abuse or fail to protect that data, but Apple gets it instead, so it's a tradeoff. Arguably it's still an improvement because dealing with a single company is better for yo

Re:

[thegarbz]

I trust a banking company regulated by strict financial rules far more than a tech gadget company any day.

Here's a hint: If Visa / MasterCard / Amex / My Bank have an issue that in any way negatively affects me, they are fucked.
If Apple has an issue I'm SOL.

Not everyone lives in a country without consumer protection laws.

Re:

[Anonymous Crowded]

This reduces your data's gatekeeper to one, Apple.

How about reducing it to zero? I run my bank's own app to handle the bank's own card. Zero reason for Apple or Google to have anything remotely to do with my financial transactions.

Not everything needs a gatekeeper.

Unless you're using cash, NO gatekeeper means you have the bank and the vendor. Two is the count there.

Re:

[Orrin Bloquy]

The important thing is that without doing any research, you formed an opinion then asked us to validate or refute it. Good job!

Mesh fences.

[Ostracus]

Retitled, Walled Garden has sprung a leak.

NFC Chip

[JBMcB]

The European Commission has since narrowed its focus to just the NFC chip, which can only be accessed by Apple Pay, one of the sources said.

That's weird. There's a library to access it. It doesn't support payment application IDs, maybe that's what they are talking about.

https://developer.apple.com/do... [apple.com]

Re:

[omnichad]

There's bound to be confusion, because for MANY years, Android could use NFC for all sorts of useful purposes but Apple had provided no API to access it until iOS 11. It was for payments only, and specifically only Apple Pay.

Re:

[mysidia]

If your iPhone App is a "mobile wallet" or App whose purpose is to Send or Receive payments, such as Paypal's app, Etc, Then your App is considered a Payment app. You will not be able to publish to the app store without a "Payment application ID"; This means your app will be denied access to NFC by the library, because of your app's application Id.

wallets

[mehtars]

This is about other wallet apps being able to access the NFC chip to make payments through it. The first question is, in the states would always be: is Apple a monopoly? Then the next would be are they bundling to prevent competitors out. I am not sure if in Europe they would be asking the same sets of questions...

Re:

[TigerPlish]

Spend time and fortune developing a solution that's more secure than the competitor's.. and then Europe expects Apple to allow the competitors access to payments using that solution -- a solution the competitors didn't create?

It's commie thinking like this which made our ancestors get in a rickety, leaky old boat and get the hell out.

No. If Google / Samsung / whoever wants NFC payment chips, do it themselves. Besides, don't many of the android phones use some kinda mag-stripe buzzer thing to talk to the P

Re:

[omnichad]

No. If Google / Samsung / whoever wants NFC payment chips, do it themselves. Besides, don't many of the android phones use some kinda mag-stripe buzzer thing to talk to the POS card swiper? I remember seeing that some years ago. Why they do'nt use that, huh? But no, gotta use / abuse that which someone else created. Because equity or fairness or some shit.

What is this nonsense you're spouting?

NFC payments was not invented by Apple. It was invented by EMV (Europay, Mastercard, Visa) and is the same exact communications protocol as in the wireless-enabled credit cards. The first implementation on a phone using NFC was Google Wallet on Android.

Re: wallets

[reanjr]

Nuh uh, Steve Jobs invented credit cards and sold the idea to MasterCard and Visa. No one gives Him the credit He deserves.

Re:

[Applehu Akbar]

Fucking commie socialist monarchist (authoritarian) shits. Thats why we left.

It happens that Ii'm visiting Budapest this week. Remember the discussions we have had on this site about the annoying cookie approval line that the European GDPR privacy ruling has put across the bottom of the first page of every website? When you're in the EU, almost every page of every site assaults you with a full-page GDPR popup explaining the EU cookie rules in excruciating detail, sometimes with multiple choice selections to fine-tune your privacy options for every nibble of data you get online.

Why i

Re: wallets

[pacija]

NO. I developed it. I made it, you want to use, you either pay me, or come up with your own - that doesn't infringe patents.

It is more like: You developed it. You made it. You want to sell it in our market you respect our rules or GTFO.

Re:

[vbdasc]

Spend time and fortune developing a solution that's more secure than the competitor's.. and then Europe expects Apple to allow the competitors access to payments using that solution -- a solution the competitors didn't create?

Nobody was forcing Apple to stay in the EU market, the last time I checked.

Re:

[vbdasc]

The AARD story comes to mind. When Microsoft, in their infinite wisdom, decided to not allow running Windows 3.1 in non-Microsoft/IBM DOS implementations. They even had similar arguments - including "why don't these alternative DOS vendors spend the millions for R&D and create their own Windows?" The story didn't end well for Microsoft. In the notoriously non-commie USA.