The Apple Pay monopoly debate part 2: the gatekeeper difference

I’ve always said people should pay attention to the Japan mobile payments market because there is a lot to learn from the successes and failures of the world’s first large scale mobile payment platform. There are important lessons when it comes to the EU Apple Pay monopoly debate and the downsides of having an ‘open’ iPhone secure element and eliminating Apple’s gatekeeper role.

The Osaifu Keitai mobile payment platform that launched in 2004 has supported a lot of different hardware over the years, from Symbian OS handsets to Android smartphones. During that time it has evolved from a carrier exclusive feature with SIM locked devices to the current SIM free market model. The software has evolved too, away from devices with dedicated FeliCa chips to standard NFC chips with GlobalPlatform certified embedded secure elements that do it all, like Pixel and Chinese smartphones sold in Japan. People assume there is a special ‘FeliCa chip’ on FeliCa capable devices but this isn’t the case anymore. Taken altogether those are big messy transitions.

Nikkei recently posted a scare mongering piece, typical for them, about the looming security risk of previous user Suica cards and the like left on Osaifu Keitai devices when resold on the open market. Yes, it’s true, an Android factory reset doesn’t wipe FeliCa junk off the secure element, but it has always been like this so why the sudden handwringing?

For most people this isn’t an issue. When upgrading or repairing a device through carriers or second hand retailers, they wipe both device and secure element as standard practice. It’ a potential problem for Osaifu Keitai devices sold on the open market (Mercari, etc.) as the seller is responsible for clearing off their card junk. This should be done before selling the device of course but like all things Android, it’s a piecemeal process that requires deleting cards in each payment service app (Suica, PASMO, iD, QUICPay, etc). The secure element data can also be wiped at a carrier shop data wipe kiosk. On older pre-Mobile FeliCa 4.0 devices it can be a real chore:

I just about lost my mind when I was unable to even delete Edy on my phone as Rakuten has locked me in app for “fraud.” The whole sitch is indeed ridiculous so I was super happy to see the back of Osaifu-Keitai. Apple Pay truly doing the God’s work here.

You can’t even see if you deleted all the cards as the later FeliCa versions only show “memory in use” without telling you what’s in it. And each app has a different flow & some doesn’t even allow deletion! Complete nightmare.
(Twitter comment)

On Mobile FeliCa 4.0 and later, if virtual cards are deleted, you will see ‘unused’: in that condition, the device can be transferred to a new owner and they will have no problems with it. This is what resale stores look for. Block usage data is only shown on 3.0 and below. (Felica Dude)

The Apple Pay gatekeeper role
From a usability and privacy perspective, Apple wipes the floor with Osaifu Keitai, as you would expect from an Apple product. Apple Pay is designed from the ground up to protect users from complexity by tying everything to the user Apple ID. When the user signs out of Apple ID, Wallet app contents are moved to iCloud and the iPhone secure element data is instantly wiped clean. No messy 3rd party app accounts to deal with.

Apple can do this because they ‘own’ the custom embedded secure element on their devices. They are the gatekeeper with in-house key servers that Apple Pay servers use to load card applets into the user’s Wallet app. They maintain and update the basic protocols (EMV, Mobile FeliCa, MIFARE), etc.) and take care of Wallet card housekeeping. It’s something Google Pay can’t do in Japan because it’s only a candy wrapper over the gnarly old Osaifu Keitai stack ultimately ‘owned’ by FeliCa Networks.

Does the EU want to foist the current state of Osaifu Keitai-like complexity and potential security problems on iPhone users in the name of ‘open NFC’ with a bunch of different NFC owners pulling in different directions, apps occasionally stepping on othe app NFC toes? Because that will be the reality, though people who want to eliminate gatekeepers will surely write it all off as a ‘Japanese galapagos’ thing or a FeliCa thing because it doesn’t serve their self-interest. It would be a darn shame if iPhone are forced learn the Osaifu Keitai lesson the hard way.


Related post: The Apple Pay monopoly debate part 1: context is everything

Killing the golden egg goose

Amid the swirling EU ‘iPhone must be open’ debate, there’s an angle for everybody. Every proponent, from software developers who want side-loading to payment networks and banks who want open NFC, to EU regulators who want ‘open market’ (yeah right), and especially software ‘security’ companies who want to sell endless fixes for endless security breeches engineered by… you know who, expect a bonanza. iPhone finally released from the Apple walled garden is gonna make everybody rich.

Japanese developers and tech reporter veterans are thankfully more detached and acerbic than passionately hysterical westerners who are more in love with passionate hysteria than clear thinking. Not that they love Apple, Google, Microsoft, etc., or don’t think they should be regulated in some way, they just seem more aware of practical reality. If you want to know what opening iPhone means look no further than this; Everyone’s favorite iPhone will fall prey to shitty antivirus software companies. A world where you throw money away.

Maybe shitty antivirus software companies and shitty bank payment networks will make more money from a heavily regulated and opened iPhone, in the short term, and it will be users who are forced to throw their money away because they don’t understand the complexity being forced on them. As Steve Jobs once said, customers are pay Apple to make those choices and strip away the complexity. Not anymore.

In the new world order there aren’t bundled hardware + software smart devices to choose from, users choose the hardware, then they choose the software. Good luck with that. In the long term, a new world where hardware and software can’t be sold as a closed bundle is going to break a lot of hardware development business models out there, not just Apple’s. All those passionate ‘open’ proponents better be prepared for hard reality when the cut open the iPhone goose that laid golden eggs, and find nothing.