That is more the fault/worry of the financial sector and not G. The fact that they gave up this amount of leeway is shocking. Their risk tolerance is very low and giving G the ability to manage virtual cards and allow payments with them is huge in itself.
Even Privacy, which does part of the same thing/idea, still only works for some cards, doesn’t work at all for credit cards (last time I checked), and has been in the sector for a similar amount of time.
G had to lock down Pay to appease the financial sector’s risk management. Anything else was DOA.
I wonder what an alternate history where Google chose not to become evil would look like.
What if they had looked at Microsoft’s Palladium proposal and thought, as pretty much everyone outside institutional IT departments did that locked devices with remote attestation was a nightmare scenario best forgotten, refused to build it, and made an effort to prevent anyone else from doing so on top of Android? Safetynet didn’t appear until 5-6 years after Android launched to the public. What if it never did? Android already had enough momentum by that point I don’t think the financial sector could refuse to be on it no matter what risk management said.
Well, I kind of know what happened in that scenario… because it did. Until Pay, there was Wallet. The original Wallet, not the current one. Wallet had a physical and virtual prepaid debit card, that you would load up and manage in the app. I used it a few times (new tech woo), and distinctively remember ordering at a McDonald’s, the clerk announced the cost, I held my Nexus 7 to the new nfc pad, they started to say ‘uhh no you have to-’ and then a success beep, and their jaw dropped. They thought it was nuts, I told them in a few years ‘this will be everywhere’.
So before Pay, there was Wallet, and it’s own little sandbox of testing if anyone would use this. A couple years later the Wallet card discontinued, and Pay took its place.
A different Wallet/Pay implementation is a possible outcome, but I’m thinking of a bigger picture where Android phones are more like PCs: no non-unlockable bootloaders, no remote attestation anywhere, barriers to root detection at the OS level, third-party ROMs encouraged.
The early days of Android were like that. I wonder if things had developed along that path, would we have a paradise for power users? A security nightmare for mainstream users? Both? Neither?
They already don’t let you use Google pay if you don’t give them control of your phone. This is just tightening the noose a little bit.
People shouldn’t use google pay in the first place. All of these things being tied together by the same group is a problem in and of itself.
Would use something else if I had the choice
Don’t you have a physical card?
Less convenient and less secure.
People shouldn’t use google
pay in the first place.Credit card in your phone case, use your banks’ website, 95+% of people right there.
Most banks don’t allow payment through their apps anymore
This also doesn’t work for shared cards under one person’s name, which is my main use for this
Push 3 degrees harder, relent 2 when there’s resistance.
Meaning, 3 steps ahead for them if there’s no resistance. 1 step ahead if there is.
Wait some time, repeat.
That is more the fault/worry of the financial sector and not G. The fact that they gave up this amount of leeway is shocking. Their risk tolerance is very low and giving G the ability to manage virtual cards and allow payments with them is huge in itself.
Even Privacy, which does part of the same thing/idea, still only works for some cards, doesn’t work at all for credit cards (last time I checked), and has been in the sector for a similar amount of time.
G had to lock down Pay to appease the financial sector’s risk management. Anything else was DOA.
I wonder what an alternate history where Google chose not to become evil would look like.
What if they had looked at Microsoft’s Palladium proposal and thought, as pretty much everyone outside institutional IT departments did that locked devices with remote attestation was a nightmare scenario best forgotten, refused to build it, and made an effort to prevent anyone else from doing so on top of Android? Safetynet didn’t appear until 5-6 years after Android launched to the public. What if it never did? Android already had enough momentum by that point I don’t think the financial sector could refuse to be on it no matter what risk management said.
Well, I kind of know what happened in that scenario… because it did. Until Pay, there was Wallet. The original Wallet, not the current one. Wallet had a physical and virtual prepaid debit card, that you would load up and manage in the app. I used it a few times (new tech woo), and distinctively remember ordering at a McDonald’s, the clerk announced the cost, I held my Nexus 7 to the new nfc pad, they started to say ‘uhh no you have to-’ and then a success beep, and their jaw dropped. They thought it was nuts, I told them in a few years ‘this will be everywhere’.
So before Pay, there was Wallet, and it’s own little sandbox of testing if anyone would use this. A couple years later the Wallet card discontinued, and Pay took its place.
A different Wallet/Pay implementation is a possible outcome, but I’m thinking of a bigger picture where Android phones are more like PCs: no non-unlockable bootloaders, no remote attestation anywhere, barriers to root detection at the OS level, third-party ROMs encouraged.
The early days of Android were like that. I wonder if things had developed along that path, would we have a paradise for power users? A security nightmare for mainstream users? Both? Neither?
Classic Google.
I remember wallet only working consistently at McDonald’s.