zlacker

>>wicket+(OP)
My Android phone prevents me from taking screenshots if an app author doesn't want me to.

My Android phone prevents me from recording phone calls at the request of my carrier, even though it's totally legal for me to do so in my jurisdiction.

I'm not loving where this is all going.

>>jeffpa+D5
I tried to debug a google pay issue with a Bank once:

- Bank told me to go to Google.

- Google support told me to go to the Bank.

- (... few emails later...)

- Google support told me to make screenshots of the banking app and google pay.

So have a second phone ready, or stop complaining :) A few years later and 3 phones later... it works again!

>>szszrk+5E
Google Pay requires SafetyNet verification, which means it only works with a Google-approved hard & software combination, so not with GrapheneOS for example...

I hate that banks use this proprietary "standard" for NFC payments

>>preiss+LJ
I get where that one is coming from though - tap-to-pay is considered second-factor-authenticated, aka no PIN entry is necessary at the PoS terminal because the user already entered their PIN or presented biometric credentials to the smartphone.

If a malware were able to snatch the key material that represents the credit card outright or it could (by running as root) act to the TEE like it were Google Pay's NFC controller app, it would enable the actor controlling the malware to spoof the credit card on their own phone... and since tap-to-pay is considered authenticated, chances are next to zero you can dispute the payment.

>>mschus+bQ
>If a malware were able to snatch the key material that represents the credit card

I'm pretty sure that data is stored in the secure enclave, which is impossible to access by design, root, no root, bootloader unlocked, google approved or not.