HCE Secure Element in the Cloud is pie in the sky

Stefan Heaton’s blog piece “The reason Mobile myki isn’t available on iPhone… yet” is all the proof you need that Google inspired endless nonsense and confusion with Android Pay Host Card Emulation. This was shortly after the NFC “secure element” wars were over, with the mobile carrier locked SIM card secure element losing out to the embedded secure element (eSE) on smartphone chip. Google’s network connection dependent HCE secure element in the cloud strategy for Android seemed like it would solve everything and free NFC from the evil clutches of mobile carrier SIMs and the cost of eSE hardware. Except that it didn’t. It’s eSE or nothing now.

So why is Heaton spouting Google HCE support on Apple Pay nonsense? He confuses HCE as a hardware secure element when it actually means an Android Pay HCE virtual secure element hosted in the cloud or in an app. People who should know better have been sowing confusion ever since.

Myki is MIFARE which has never had anything to do with HCE, a payment solution for Android devices without a hardware secure element. Neither has FeliCa, which Google Pay users outside Japan assumed would work for Suica until they found out HCE-F is fakeware that nobody uses, not even Google, and lost their shit. As FeliCa Dude pointed out, “HCE-F is not useful for card emulation…because the API has been needlessly crippled.

What nobody has said, and I think it’s worth pointing out, is that the Android Pay to Google Pay shift was also a break with HCE and Google pretending to provide a ‘free’ secure element strategy for all Android licensees (update: note Google’s “Android Ready SE” alliance).

Instead, Google is now focused on Pixel hardware and their own eSE strategy, all other Android licensees and manufacturers be dammed and left to find their own solution. I guarantee you that, in time, Google will be doing most, if not all, of the same security hoops that Apple does now, for Google Pay card emulation (not host card emulation) for Google Pixel platform eSE access.

So yes, Apple does limit NFC Secure Element (in Apple Silicon) access with PassKit NFC certificates. But Apple Pay MIFARE is real MIFARE, and Apple Pay FeliCa is real FeliCa. Public Transport Victoria (PTV) can apply for a myki card PassKit NFC certificate just like any developer. And for goodness sake Stefan, stop writing sentences that confuse Express Mode payment cards (EMV credit/debit cards) with regular Express Mode transit cards (FeliCa, MIFARE, PBOC). Suica is not a credit card and emulating EMV at a transit gate doesn’t automatically make a credit card into a Apple Pay Suica transit card, not by a long shot. If your aim is promoting open loop over closed loop, that’s one thing. Either way, your LinkedIn blog post is not doing your LinkedIn resume any favor.

Related: Smart Navigo HCE power play