novemberwhiskey
Android Enthusiast
while i appreciate the sentiment, I don't think this has anything to do with Net Neutrality--nor do I think Net Neutrality has been passed as a law or codified as a statute.
-
After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.
Google Wallet and LTE Galaxy Nexus Buyers **PLEASE READ**
- Thread starter Lazdog46
- Start date
-
- Tags
- galaxy nexus
speede541
Android Enthusiast
For one, I can gar-run-tee that it's more secure than the credit cards (or cash, in many respects) you already carry in your wallet.
For another, the same protections that apply to unauthorized credit card use apply to unauthorized use of your Citibank Visa on Google Wallet, per the GW FAQ.
This technology has a lot of promise, and the fact that it's already in use at my local Peet's is okay by me. And frankly, I have much more love for Google and all the great technologies they've brought to me, than I do for some consortium of Verizon/AT&T/T-Mobile.
Lastly, ISIS sucked on bottom brackets, so it's only correct to assume it'll suck as a mobile payment service, too.
s.m.knipe
Android Expert
Probably not that far, and from the sounds of it on this and other forums, those who have "hacked" it to work on their devices have found it to work at most places that accepts the "paypass" or touch-and-go payments (those machines with the little wifi-symbol-looking-waves on them).
Well, I don't really stand closer than 4cm to someone (a little more than an inch and a half), and actually using the application/payment authorization requires a PIN to be set/used at some point. I don't see how the NFC cloning devices will get that as well, feed it into their own app on their own (different) device (which would show up as a "new device" with the service and with the card company), and then be able to use it. Even if tight security to sufficiently prevent the stealing of the signal itself isn't in place yet, the stolen information would require more hacking (and more work) to be useable. I really don't see it as a problem...
http://www.google.com/wallet/how-it-works-security.html
And for the technicalities of NFC, just google it. It is a very proximal service...
SchroederNexus
Newbie
I don't know of one place in North Jersey that takes NFC payments so it's not like it's going to affect me on a day to day basis. Am I disappointed? Yes. But it has the NFC so once this Isis thing is ready, even if it's a year from now, the phone should be able to utilize it.
BoogieNYC
Well-Known Member
According to the contract we each sign with Verizon, if one uses an app that violates Verizon's TOS, they can and will consider same a breach of the contract and will terminate the contract. When I signed my contract, I agreed to abide by their rules both current and future. I don't like the fact they're blocking apps, but at the same time a violation of the contract is a violation of the contract.
In either case, judging by the number of class-action suits we've heard about or can expect to hear about in connection with the legality of blocking Google Wallet, tethering apps or the pre-emptive removal of certain malicious apps, I won't hold my breath awaiting my settlement check anytime soon.
filmorejive89
Newbie
I can't be the only one perturbed by three major wireless carriers that are colluding (errr "working together") to make a mobile payment system and then not allowing competitive alternatives on their devices. I don't know anything about antitrust law, but I feel like this may be illegal and some sort of oligopolistic industry.
I'd try to analogize it to verizon et al. not allowing third-party navigation applications.
Possible FCC and maybe even some antitrust violations? Good job verizon.
Please, take all of that with a grain of salt. I have no idea if I'm even stating a relevant claim. If someone does have a working knowledge of antitrust law, I would be interested to see if is in anyway wrong or illegal.
I'd try to analogize it to verizon et al. not allowing third-party navigation applications.
Possible FCC and maybe even some antitrust violations? Good job verizon.
Please, take all of that with a grain of salt. I have no idea if I'm even stating a relevant claim. If someone does have a working knowledge of antitrust law, I would be interested to see if is in anyway wrong or illegal.
brandonhutch
Well-Known Member
Eh, I wouldn't be worried so much about an unauthorized charge as I would about identity theft. There's no telling what someone can do with a small device that could read the info right off the nfc.
I've had my identity stolen. It's not fun.
s.m.knipe
Android Expert
Seriously man, read the statements and FAQ's on this. Google Wallet - mobile app security
You have all the protection that normally comes associated with your card(s), plus you have a PIN to use the app and to authorize the payment, your credentials are encrypted within the app, and MasterCard's Paypass service encrypts the NFC transfer- so it isn't even your card number or identifying info that is transferred. A hacker would have to capture the signal (be within an inch and a half of your phone, while you are sending the payment during the instantaneous "tap"), re-work the signal to mirror what was captured, & crack your PIN to be able to have unauthorized use of your card. To steal your ID they would then also have to crack the encryption of the info the app & phone store in their "Secure Element" chip (your login details and Google Wallet account info), and be able to crack the encryption on the original PayPass transmission to grab the useable card number. To me, this is a whole lot more secure than say, a pickpocket or mag-stripe reader- especially because you should be able to flag "odd" (to you) transactions both at the Google Wallet/Checkout level and at your Card company's level as well.
D
Deleted User
Guest
There comes a point at which it is easier to steal your wallet than it is to create the right circumstances, programs and hardware to steal an electronic transaction.
jackdubl
Android Expert
They can already do this. I am not a big fan myself. In fact, they are now selling shielded wallets to prevent people from being able to read the NFC built into credit cards. They had a guy go to a mall and demonstrate how to steal it on some news show. 60 Minutes maybe. Don't remember.
Of course, I don't worry about credit cards really. Bank cards are another matter.
s.m.knipe
Android Expert
"Code Grabbers" can pick up any wireless signal they are tuned to (from NFC to garage door openers) that is being broadcast/transmitted. The difference here being that to use the PayPass credit cards, no input or verification is required to authorize the transmission of the information. In Google Wallet you have to enter a PIN to authorize the app to transmit the data.
I'm excited for this.
TylerM
Well-Known Member
This is ridiculous. No one is forcing you to use Verizon services. We don't need any more government intervention. Vote with your wallet. It might be inconvenient but it's a lot more efficient than the government telling a company how to run.
Ideally Verizon would release with Wallet from the get-go but we live in America. They are allowed to do what they want even if it pisses me off. No one is forcing me to use them.
Ideally Verizon would release with Wallet from the get-go but we live in America. They are allowed to do what they want even if it pisses me off. No one is forcing me to use them.
jackdubl
Android Expert
Ah, we'll if it isn't even transmitting anything without a user input then that's not so bad.
s.m.knipe
Android Expert
Yeah, keep in mind that that is taking their word (their page I linked above, their FAQ, PayPass' FAQ, and various articles about NFC) for it though- I haven't actually played with Wallet (or NFC for that matter) yet...
In the future, please take at least five minutes to research the topic you want to make a thread about before posting. You'll do yourself and the forum a favor by not posting a whole bunch of false information.
Lazdog46
Newbie
video of a guy using the Google Wallet on the Galaxy Nexus at a Gas Station:
How does Google Wallet work? Really well! - YouTube
How does Google Wallet work? Really well! - YouTube
speede541
Android Enthusiast
This proximity requirement was invalidated when the new chipped passports began arriving. They, too, were supposed to have a proximity limitation.
Some guys built a transmitter / receiver that was about the size of a pizza box, mounted it in a car window and began driving around the touristy areas of San Francisco. They were able to record a bunch of responses off of these ID cards. And while none of the information gained was identifiable back to the the individual, it did mean that that tracking of that card's number was possible as it moved throughout the city (assuming a network of sensors was deployed).
But, like you say, the NFC system on the phone isn't active until the user activates it, so it's a whole extra level of protection.
It's like a stop sign vs. a stop light at nighttime.
- The stop sign (RFID) is "powered by" a car's headlights, and designed to be seen from a couple hundred feet away. But a person with a bright light and a pair of binoculars can see it from an indefinite distance.
- The stop light (NFC) is self-powered. A user with a bright light can't make it come on. But if he has binoculars, he can see it from a great distance away when it finally does illuminate. Then the question becomes, "Is the information transmitted worth anything?"
speede541
Android Enthusiast
I was thinking Net Neutrality didn't apply, either, but the more reading I'm doing, the more I'm seeing this as another viable response, due to agreements Verizon signed when obtaining the frequencies used.
But I'm also seeing stories that Google signed an exclusive Google Wallet deal with Sprint. However, that sure calls into question their statement earlier this week that called out Verizon and made all the buzz.
s.m.knipe
Android Expert
Very true, but I think that Mr. Paget's (I think it was him) transmitter/receiver was very like your "binocular" analogy below- it can tell the unencrypted Plain Text data and clone that (IE reproduce the light occurrence), but that didn't really contain any usable information (syntax for the occurrence). It was basically a url-type link (actually a reference id string) to a secured database. In other words, even if a hacker can re-create the same signal Google Wallet sends to payment NFC receivers, there is a whole syntax of that occurrence that wouldn't add up- i.e. making the same purchase at the same location twice in a row, which would be known from what the ID string sent from GW to the receiver and back is linked to. (But I might not be understanding how this handshake actually works- from the FAQ it sounds like you start the GW app, tap the receiver to establish the link, GW recognizes the vendor/receiver [?] and charge amount, you authorize the purchase, GW sends confirmation to the receiver)
To "hack"/steal from Google Wallet, it seems to me it would be the opposite of the above scenario; the thieves would have to clone the receiver, and be able to receive payment from Google Wallet & the credit card company after the transaction; plus it would raise flags as the transaction would not authorize at the legitimate cash register. To clone your device and turn around and make purchases would be impossible because they would need to be able log into your Google Wallet account (which is not based off the transmitted data and at which point your security would be completely breached anyways) in the app on their device (which would raise a flag because suddenly a second "Secure Element" would be attempting to be activated on the account). To me this seems just as secure as buying from Amazon or Google Checkout or Paypal/Ebay, if not more secure as there are more opportunities for security flags to be realized (large pizza-box-sized device nearby with laptop attached, transaction showing as completing on the phone but not the register, multiple purchases for the same amount at the same location, another "secure element" being activated that is unrecognized by you, etc.). Maybe I am just missing something on this whole thing...
This is most appropriate and seems like a perfect analogy to me (based on my admittedly limited understanding of this)!
I have been trying the past two days, and for the life of me I cannot figure what ISIS would be doing differently to resolve "security concerns"... any ideas? (other than it is just a branding for profit thing for AT&T, T-mobile, and Verizon?)