1. Are you ready for the Galaxy S20? Here is everything we know so far!

Google Wallet and LTE Galaxy Nexus Buyers **PLEASE READ**

Discussion in 'Android Devices' started by Lazdog46, Dec 6, 2011.

  1. novemberwhiskey

    novemberwhiskey Android Enthusiast

    while i appreciate the sentiment, I don't think this has anything to do with Net Neutrality--nor do I think Net Neutrality has been passed as a law or codified as a statute.

    1. Download the Forums for Android™ app!


  2. speede541

    speede541 Android Enthusiast

    For one, I can gar-run-tee that it's more secure than the credit cards (or cash, in many respects) you already carry in your wallet.

    For another, the same protections that apply to unauthorized credit card use apply to unauthorized use of your Citibank Visa on Google Wallet, per the GW FAQ.

    This technology has a lot of promise, and the fact that it's already in use at my local Peet's is okay by me. And frankly, I have much more love for Google and all the great technologies they've brought to me, than I do for some consortium of Verizon/AT&T/T-Mobile.

    Lastly, ISIS sucked on bottom brackets, so it's only correct to assume it'll suck as a mobile payment service, too. :D
  3. s.m.knipe

    s.m.knipe Android Expert

    Probably not that far, and from the sounds of it on this and other forums, those who have "hacked" it to work on their devices have found it to work at most places that accepts the "paypass" or touch-and-go payments (those machines with the little wifi-symbol-looking-waves on them).
    Well, I don't really stand closer than 4cm to someone (a little more than an inch and a half), and actually using the application/payment authorization requires a PIN to be set/used at some point. I don't see how the NFC cloning devices will get that as well, feed it into their own app on their own (different) device (which would show up as a "new device" with the service and with the card company), and then be able to use it. Even if tight security to sufficiently prevent the stealing of the signal itself isn't in place yet, the stolen information would require more hacking (and more work) to be useable. I really don't see it as a problem...
    And for the technicalities of NFC, just google it. It is a very proximal service...
  4. I don't know of one place in North Jersey that takes NFC payments so it's not like it's going to affect me on a day to day basis. Am I disappointed? Yes. But it has the NFC so once this Isis thing is ready, even if it's a year from now, the phone should be able to utilize it.
  5. BoogieNYC

    BoogieNYC Well-Known Member

    According to the contract we each sign with Verizon, if one uses an app that violates Verizon's TOS, they can and will consider same a breach of the contract and will terminate the contract. When I signed my contract, I agreed to abide by their rules both current and future. I don't like the fact they're blocking apps, but at the same time a violation of the contract is a violation of the contract.

    In either case, judging by the number of class-action suits we've heard about or can expect to hear about in connection with the legality of blocking Google Wallet, tethering apps or the pre-emptive removal of certain malicious apps, I won't hold my breath awaiting my settlement check anytime soon.
  6. filmorejive89

    filmorejive89 Newbie

    I can't be the only one perturbed by three major wireless carriers that are colluding (errr "working together") to make a mobile payment system and then not allowing competitive alternatives on their devices. I don't know anything about antitrust law, but I feel like this may be illegal and some sort of oligopolistic industry.

    I'd try to analogize it to verizon et al. not allowing third-party navigation applications.

    Possible FCC and maybe even some antitrust violations? Good job verizon.

    Please, take all of that with a grain of salt. I have no idea if I'm even stating a relevant claim. If someone does have a working knowledge of antitrust law, I would be interested to see if is in anyway wrong or illegal.
  7. brandonhutch

    brandonhutch Well-Known Member

    Eh, I wouldn't be worried so much about an unauthorized charge as I would about identity theft. There's no telling what someone can do with a small device that could read the info right off the nfc.

    I've had my identity stolen. It's not fun.
  8. s.m.knipe

    s.m.knipe Android Expert

    Seriously man, read the statements and FAQ's on this. Google Wallet - mobile app security
    You have all the protection that normally comes associated with your card(s), plus you have a PIN to use the app and to authorize the payment, your credentials are encrypted within the app, and MasterCard's Paypass service encrypts the NFC transfer- so it isn't even your card number or identifying info that is transferred. A hacker would have to capture the signal (be within an inch and a half of your phone, while you are sending the payment during the instantaneous "tap"), re-work the signal to mirror what was captured, & crack your PIN to be able to have unauthorized use of your card. To steal your ID they would then also have to crack the encryption of the info the app & phone store in their "Secure Element" chip (your login details and Google Wallet account info), and be able to crack the encryption on the original PayPass transmission to grab the useable card number. To me, this is a whole lot more secure than say, a pickpocket or mag-stripe reader- especially because you should be able to flag "odd" (to you) transactions both at the Google Wallet/Checkout level and at your Card company's level as well.
  9. Deleted User

    Deleted User Guest

    There comes a point at which it is easier to steal your wallet than it is to create the right circumstances, programs and hardware to steal an electronic transaction.
  10. jackdubl

    jackdubl Android Expert

    They can already do this. I am not a big fan myself. In fact, they are now selling shielded wallets to prevent people from being able to read the NFC built into credit cards. They had a guy go to a mall and demonstrate how to steal it on some news show. 60 Minutes maybe. Don't remember.

    Of course, I don't worry about credit cards really. Bank cards are another matter.
  11. s.m.knipe

    s.m.knipe Android Expert

    "Code Grabbers" can pick up any wireless signal they are tuned to (from NFC to garage door openers) that is being broadcast/transmitted. The difference here being that to use the PayPass credit cards, no input or verification is required to authorize the transmission of the information. In Google Wallet you have to enter a PIN to authorize the app to transmit the data.
    I'm excited for this.
  12. TylerM

    TylerM Well-Known Member

    This is ridiculous. No one is forcing you to use Verizon services. We don't need any more government intervention. Vote with your wallet. It might be inconvenient but it's a lot more efficient than the government telling a company how to run.

    Ideally Verizon would release with Wallet from the get-go but we live in America. They are allowed to do what they want even if it pisses me off. No one is forcing me to use them.
    BoogieNYC and ItalianScallion like this.
  13. jackdubl

    jackdubl Android Expert

    Ah, we'll if it isn't even transmitting anything without a user input then that's not so bad.
  14. s.m.knipe

    s.m.knipe Android Expert

    Yeah, keep in mind that that is taking their word (their page I linked above, their FAQ, PayPass' FAQ, and various articles about NFC) for it though- I haven't actually played with Wallet (or NFC for that matter) yet...
  15. Skipdawg

    Skipdawg Android Enthusiast

    Dose not bother me now. Not ready to use my smartphone in that way yet. Maybe by 2013?
  16. dguy

    dguy Android Expert

    In the future, please take at least five minutes to research the topic you want to make a thread about before posting. You'll do yourself and the forum a favor by not posting a whole bunch of false information.
  17. Lazdog46

    Lazdog46 Newbie
    Thread Starter

    s.m.knipe likes this.
  18. speede541

    speede541 Android Enthusiast

    This proximity requirement was invalidated when the new chipped passports began arriving. They, too, were supposed to have a proximity limitation.

    Some guys built a transmitter / receiver that was about the size of a pizza box, mounted it in a car window and began driving around the touristy areas of San Francisco. They were able to record a bunch of responses off of these ID cards. And while none of the information gained was identifiable back to the the individual, it did mean that that tracking of that card's number was possible as it moved throughout the city (assuming a network of sensors was deployed).

    But, like you say, the NFC system on the phone isn't active until the user activates it, so it's a whole extra level of protection.

    It's like a stop sign vs. a stop light at nighttime.
    - The stop sign (RFID) is "powered by" a car's headlights, and designed to be seen from a couple hundred feet away. But a person with a bright light and a pair of binoculars can see it from an indefinite distance.
    - The stop light (NFC) is self-powered. A user with a bright light can't make it come on. But if he has binoculars, he can see it from a great distance away when it finally does illuminate. Then the question becomes, "Is the information transmitted worth anything?"
  19. speede541

    speede541 Android Enthusiast

    I was thinking Net Neutrality didn't apply, either, but the more reading I'm doing, the more I'm seeing this as another viable response, due to agreements Verizon signed when obtaining the frequencies used.

    But I'm also seeing stories that Google signed an exclusive Google Wallet deal with Sprint. However, that sure calls into question their statement earlier this week that called out Verizon and made all the buzz.
  20. s.m.knipe

    s.m.knipe Android Expert

    Very true, but I think that Mr. Paget's (I think it was him) transmitter/receiver was very like your "binocular" analogy below- it can tell the unencrypted Plain Text data and clone that (IE reproduce the light occurrence), but that didn't really contain any usable information (syntax for the occurrence). It was basically a url-type link (actually a reference id string) to a secured database. In other words, even if a hacker can re-create the same signal Google Wallet sends to payment NFC receivers, there is a whole syntax of that occurrence that wouldn't add up- i.e. making the same purchase at the same location twice in a row, which would be known from what the ID string sent from GW to the receiver and back is linked to. (But I might not be understanding how this handshake actually works- from the FAQ it sounds like you start the GW app, tap the receiver to establish the link, GW recognizes the vendor/receiver [?] and charge amount, you authorize the purchase, GW sends confirmation to the receiver)

    To "hack"/steal from Google Wallet, it seems to me it would be the opposite of the above scenario; the thieves would have to clone the receiver, and be able to receive payment from Google Wallet & the credit card company after the transaction; plus it would raise flags as the transaction would not authorize at the legitimate cash register. To clone your device and turn around and make purchases would be impossible because they would need to be able log into your Google Wallet account (which is not based off the transmitted data and at which point your security would be completely breached anyways) in the app on their device (which would raise a flag because suddenly a second "Secure Element" would be attempting to be activated on the account). To me this seems just as secure as buying from Amazon or Google Checkout or Paypal/Ebay, if not more secure as there are more opportunities for security flags to be realized (large pizza-box-sized device nearby with laptop attached, transaction showing as completing on the phone but not the register, multiple purchases for the same amount at the same location, another "secure element" being activated that is unrecognized by you, etc.). Maybe I am just missing something on this whole thing...

    This is most appropriate and seems like a perfect analogy to me (based on my admittedly limited understanding of this)!

    I have been trying the past two days, and for the life of me I cannot figure what ISIS would be doing differently to resolve "security concerns"... any ideas? (other than it is just a branding for profit thing for AT&T, T-mobile, and Verizon?)

Galaxy Nexus Forum

The Galaxy Nexus release date was November 2011. Features and Specs include a 4.65" inch screen, 5MP camera, 1GB RAM, TI OMAP 4460 processor, and 1750mAh battery.

November 2011
Release Date
Similar Threads - Google Wallet LTE
  1. rufford155
  2. shakushinnen
  3. Milo Williamson
  4. zBernie
  5. Maskman
  6. Sheldonrichman
  7. mimac
  8. PascalAuger
  9. Queen eli
  10. Samwisegamjee

Share This Page