Unfortunately the fact that NFC can’t be used on anything that’s rooted anymore is kind of a deal breaker. If I could use google pay and my normal banking apps with GrapheneOS I would switch to it today.
Unfortunately the fact that NFC can’t be used on anything that’s rooted anymore is kind of a deal breaker.
NFC can be used on GOS, and they frown on rooting.
If I could use google pay and my normal banking apps with GrapheneOS I would switch to it today.
It’s due to PlayIntegrity API wanting a “Google certified OS,” which is ironically less secure than hardware attestation that GOS supports. I doubt Google would change their model, but your bank might. Some banks do support GOS, and they have changed at the request of their customers before. Send them the GOS documentation and you might get lucky.
Technically you’re correct, but it’s effectively the same thing since I’ve literally never used NFC for anything besides contactless payment and initial phone setup when migrating from an older Android phone to a newer one. For most people NFC is synonymous with contactless payment.
big detail. I connect my Sony XM4s to my phone with NFC multiple times a day. not to mention that you still can use Google Pay on rooted devices with some workarounds. not to mention that some bank apps don’t use Google Pay for contactless payments at all. I’ve been paying via NFC with my bank app on a rooted phone for years until they scrapped their own solution and adopted the GPay approach instead.
Sorry, I don’t understand the motivation here, you want to not let Google spy on you via their OS, but are perfectly happy to give them your entire payment record?
Not my entire payment record but certainly everything I use my phone to pay for. I’m willing to give Google some of my info as long as I’m in control of what info I’m giving them. Everything I do on my phone is too much. If a 3rd party offered a NFC payment app I’d happily use that over GPay, but until that exists GPay is the only option. Ultimately GPay is safer than using actual credit cards because it’s more resistant to skimming. The extra security outweighs the loss of privacy in this specific case. I’m not happy about that but there doesn’t seem to be a better alternative at this time.
You know that if someone skims your card and makes a fraudulent purchase, you will likely be able to get your money back, right?
What do you think will happen if someone exploits a 0-day in GPay to do this? How could your bank know the purchase was fraudulent? At least with a card it is obvious that this can happen.
If you care about “secure” payments that much, why not use cash?
You know that if someone skims your card and makes a fraudulent purchase, you will likely be able to get your money back, right?
Sure but it’s a major pain in the ass. Every time it happens I have to cancel my current cards, request a new one, find all the services I’m currently paying with the now cancelled card and update them to a different card while I wait for the replacement, and then maybe remember to swap them back when the new card shows up. It doesn’t happen constantly but if I use cards to pay they seem to get skimmed about once every year or two.
What do you think will happen if someone exploits a 0-day in GPay to do this? How could your bank know the purchase was fraudulent? At least with a card it is obvious that this can happen.
Literally never happened before, but same way they know a credit charge is fraudulent, I tell them. Also if someone found a 0-day in GPay I wouldn’t be the only one complaining of fraudulent charges, they’d be flooded with complaints.
If you care about “secure” payments that much, why not use cash?
Because that’s a pain in the ass. I don’t care about “secure” payments, I care about not having to spend days dealing with the aftermath of it. Paying with cash means I need to constantly go to ATMs to withdraw money, and if I’m doing that my odds of getting my card skimmed actually go up so it doesn’t even protect my from that.
Literally never happened before, but same way they know a credit charge is fraudulent, I tell them.
The reason I brought this up is because I read a story of a European guy who had someone pay for something in Brazil using his card, through GPay. He didn’t get his money back, as the bank didn’t believe him (as GPay is supposed to be secure). Take this with a grain of salt though, as I can’t find this story now.
Also if someone found a 0-day in GPay I wouldn’t be the only one complaining of fraudulent charges, they’d be flooded with complaints.
Not necessarily. Maybe a company like Pegasus is already exploiting a 0-day to see the purchase history of people, but they’re smart enough to not attract attention by stealing.
Unfortunately the fact that NFC can’t be used on anything that’s rooted anymore is kind of a deal breaker. If I could use google pay and my normal banking apps with GrapheneOS I would switch to it today.
NFC can be used on GOS, and they frown on rooting.
It’s due to PlayIntegrity API wanting a “Google certified OS,” which is ironically less secure than hardware attestation that GOS supports. I doubt Google would change their model, but your bank might. Some banks do support GOS, and they have changed at the request of their customers before. Send them the GOS documentation and you might get lucky.
https://grapheneos.org/articles/attestation-compatibility-guide
not being able to use contactless pay does not equal “NFC can’t be used on anything”.
Technically you’re correct, but it’s effectively the same thing since I’ve literally never used NFC for anything besides contactless payment and initial phone setup when migrating from an older Android phone to a newer one. For most people NFC is synonymous with contactless payment.
big detail. I connect my Sony XM4s to my phone with NFC multiple times a day. not to mention that you still can use Google Pay on rooted devices with some workarounds. not to mention that some bank apps don’t use Google Pay for contactless payments at all. I’ve been paying via NFC with my bank app on a rooted phone for years until they scrapped their own solution and adopted the GPay approach instead.
If you get a pixel watch you can pair it and use that for Google Pay FYI and have Graphene OS on your phone.
Sorry, I don’t understand the motivation here, you want to not let Google spy on you via their OS, but are perfectly happy to give them your entire payment record?
Not my entire payment record but certainly everything I use my phone to pay for. I’m willing to give Google some of my info as long as I’m in control of what info I’m giving them. Everything I do on my phone is too much. If a 3rd party offered a NFC payment app I’d happily use that over GPay, but until that exists GPay is the only option. Ultimately GPay is safer than using actual credit cards because it’s more resistant to skimming. The extra security outweighs the loss of privacy in this specific case. I’m not happy about that but there doesn’t seem to be a better alternative at this time.
You know that if someone skims your card and makes a fraudulent purchase, you will likely be able to get your money back, right?
What do you think will happen if someone exploits a 0-day in GPay to do this? How could your bank know the purchase was fraudulent? At least with a card it is obvious that this can happen.
If you care about “secure” payments that much, why not use cash?
Sure but it’s a major pain in the ass. Every time it happens I have to cancel my current cards, request a new one, find all the services I’m currently paying with the now cancelled card and update them to a different card while I wait for the replacement, and then maybe remember to swap them back when the new card shows up. It doesn’t happen constantly but if I use cards to pay they seem to get skimmed about once every year or two.
Literally never happened before, but same way they know a credit charge is fraudulent, I tell them. Also if someone found a 0-day in GPay I wouldn’t be the only one complaining of fraudulent charges, they’d be flooded with complaints.
Because that’s a pain in the ass. I don’t care about “secure” payments, I care about not having to spend days dealing with the aftermath of it. Paying with cash means I need to constantly go to ATMs to withdraw money, and if I’m doing that my odds of getting my card skimmed actually go up so it doesn’t even protect my from that.
The reason I brought this up is because I read a story of a European guy who had someone pay for something in Brazil using his card, through GPay. He didn’t get his money back, as the bank didn’t believe him (as GPay is supposed to be secure). Take this with a grain of salt though, as I can’t find this story now.
Not necessarily. Maybe a company like Pegasus is already exploiting a 0-day to see the purchase history of people, but they’re smart enough to not attract attention by stealing.