Pixel 3 Global NFC Evolution

Reader feedback and discussion from my earlier post analyzing the fuzzy state of iPhone 7 FeliCa and its possible support of Apple Pay Octopus, resulted in some interesting information about the Pixel 3 Japanese FeliCa model. From FeliCa Dude’s epic Reddit Octopus on iPhone 7 post:


<reader comment> Regarding the Pixel though, are you sure that the non-Japanese Pixel 3 models even have an eSE <embedded secure element>? I was under the impression that these were HCE <host card emulation> only.

<Felica Dude answer> All the Pixel 3 devices have an eSE, but it might not be able to be enabled by the end-user, and even if it is possible, it won’t be provisioned. A teardown of the global edition Pixel 3 XL (G013C) reveals a <NXP> PN81B.

The NXP PN81 announced in February is all-in-one off the shelf global NFC chip that includes both the frontend NFC A-B-F hardware and the necessary embedded secure element (eSE) + keys for EMV, FeliCa and MIFARE. The odd thing is that the Google Pixel 3 Japanese model apparently doesn’t use the PN81 for FeliCa, and has a separate FeliCa chip sitting in the fingerprint sensor assembly inside the back case.

Google Pixel 3 JP SKU iFixit teardowns do not exist but I did run across an interesting article from the Keitai Watch site showing a Pixel 3 JP SKU being taken apart for repair at an iCracked repair shop.

Just for kicks, I called the iCracked shop and asked about repairing a faulty FeliCa Pixel 3 device. The Pixel 3 repair technician explained that a FeliCa chip replacement was not expensive because it is not on the motherboard, “it’s attached to the fingerprint sensor assembly.” Look carefully at the picture from Keitai Watch piece and you can see the back case with fingerprint sensor assembly that the technician was referring to.

Disassembled Pixel 3 JP model from Keitai Watch

This presents a very strange situation. All Pixel 3 SKUs have the FeliCa ready PN81 chip but don’t use it, while Pixel 3 Japan SKUs apparently have another separate FeliCa chip attached to the back case finger sensor assemble. Google alludes to this on the Pixel 3 support page: If you purchased your Pixel 3 or Pixel 3a phone in Japan, a FeliCa chip is located in the same area as the NFC. There is also the recent batch of Pixel 3a Japan SKUs with bad FeliCa chips, but reports of bad NFC (EMV) Pixel 3a international SKUs have not surfaced; this also suggests a separate FeliCa chip. Why have two FeliCa chips in a device when one will do?

My take is different from FeliCa Dude: the Pixel 3 does not use the PN81 eSE or ‘pie in the sky’ HCE for anything. Instead, Google Pixel 3 uses the Titan M chip Secure Enclave as the virtual eSE for EMV and MIFARE, similar to what Apple does with the A/S Series Secure Enclave. Titan M FeliCa support was either not ready, or Google wanted to test the Japanese market before making a custom hardware commitment.

The point of all this is that Google has laid the foundation for a global NFC Pixel 4 made possible by a custom Google chip. The Titan M is Google’s answer to Apple’s A/S Series Secure Enclave that can host any kind of virtual embedded secure element for any kind of transaction technology, from EMV to PBOC.

I might be wrong, but even if my virtual eSE on Titan M take is incorrect, taken all together with the NXP PN81 development, I think Pixel 4 will finally be the global NFC Android device that many have hoped for.

Advertisements

Apple Pay Octopus and the Pixel 4 Global NFC Question

Apple Pay Octopus on iOS 13 this fall puts Pixel 4 and Google Pay in an awkward market position. Pixel 3 is a success in the Japanese market because of the inclusion of a dedicated FeliCa chip in Japanese models. Non-JP Pixel 3 models have a global NFC ready NXP PN81 chip but FeliCa is not activated for some reason, inbound users cannot use Google Pay Suica, or anything else, in Japan.

The question for Pixel 4 is this: will Google Pay use all the features of the NXP PN81 chip, or go with a custom implementation of FeliCa on their own chip for a global NFC device along with an enhanced Google Pay that seamlessly incorporates and builds on Osaifu Keitai software (killing off JP carrier Osaifu-Keitai SIM nonsense for good) instead of simply candy wrapping it, like they do for Pixel 3 JP Google Pay.

If Google goes with the first choice, Google Pay Octopus becomes a future possibility. It would also force other Android smartphone manufacturers to follow suit.

If Google keeps that same Pixel 3 arrangement they have for Pixel 4, a separate hardware model for Japan, Google Pay Octopus becomes a murky proposition. More of the same would be a shame. I hope Google does the smart thing and the right thing: global NFC on all devices is the way to go.

HCE Secure Element in the Cloud is pie in the sky

Stefan Heaton’s blog piece “The reason Mobile myki isn’t available on iPhone… yet” is all the proof you need that Google inspired endless nonsense with Android Pay HCE support. This was shortly after the NFC “secure element” wars were over, with embedded Secure Element (eSE) on SIM cards losing out to eSE on smartphone chips. A secure element in the cloud approach seemed like it would solve everything, except that it didn’t.

myki is MIFARE which has never been compatible with HCE. Neither is FeliCa, which Google Pay users outside Japan assumed would work for Suica until they found out HCE-F was dead in the water and lost their shit.

What nobody has said, and I think it’s worth pointing out, is that the Android Pay to Google Pay shift was also a break with HCE and Google providing, or pretending to provide, a secure element strategy for all Android licensees. Instead, Google is focused on Pixel and their own eSE, all other Android licensees and manufacturers be dammed and left to find their own solutions. I guarantee you that, in time, Google will be doing most, if not all, of the same security hoops that Apple does now, for Google Pay card emulation (not host card emulation) for Google Pixel platform eSE access.

So yes, Apple does limit NFC Secure Element (implemented in the A Series Secure Enclave) access with PassKit NFC certificates. But Apple Pay MIFARE is real MIFARE, and Apple Pay FeliCa is real FeliCa. Public Transport Victoria (PTV) can apply for a myki card PassKit NFC certificate just like any developer. And for goodness sake Stefan, stop writing sentences that confuse Express Transit payment cards (EMV credit/debit cards) with regular Express Transit cards (FeliCa, MIFARE, PBOC). Suica is not a credit card and emulating EMV at a transit gate doesn’t automatically make a credit card into a Apple Pay Suica transit card, not by a long shot. If your aim is promoting open loop over closed loop, that’s one thing. Either way, your LinkedIn blog post is not doing your LinkedIn resume any favor.

UPDATE: Yep, myki is coming to Apple Pay, nothing to do at all with HCE support.

More Apple Pay Octopus

UPDATE: Apple Pay Octopus is coming with iOS 13

Note: For simplicity and convenience I have migrated and merged older Octopus related posts here. All new Octopus related developments will be posted separately.

I assumed the Octopus Coming to Apple Pay post would be ignored in the end of year rush period. However the timing perfectly coincided with an Octopus Cards Limited press conference where the CEO demurred any Octopus tie-up with Apple and the post got much more attention than I ever anticipated. Obviously there are lots of iPhone users in Hong Kong who want Apple Pay Octopus. A few readers were confused by the situation and asked for some clarification.

First of all the source who correctly predicted last years Smart Octopus on Samsung Pay launch tipped me about the Apple Pay launch. That in itself was enough for me but here’s the thing: if Octopus Cards Limited (OCL) is really serious about expanding Octopus use on mobile platforms, taking the next step of getting Octopus on Apple Pay is the only way to achieve that.

Digital Wallets like Apple Pay and Samsung Pay are the most tightly integrated NFC software and hardware digital wallet platforms out there with integrated FeliCa, but Apple is the only one to implement the necessary Secure Element on their own A Series/S Series hardware with FeliCa Networks keys, and sell the package globally. All the major NFC technologies are standard on Apple Pay: NFC A-B-F, EMV, FeliCa, MIFARE, VAS.

Octopus on Google Pay might look nice on paper but it can’t achieve anything of scale yet because of the highly fragmented nature of Android: to date hardware manufacturers have yet to produce an answer to Apple’s global FeliCa iPhone and Apple Watch, even though everybody’s smartphone has a NFC A-B-F chip. Not even Google has pulled it off. Huawei says they are planning to add global Felica but it will take time.

OCL is playing coy because majority shareholder Hong Kong MTR has added QR Codes and EMV contactless to the transit gate mix removing the exclusive Octopus Card franchise, but the technology and market politics don’t mesh. On one hand you have a fast, established and ‘open’ in-house contactless payment system (as in anybody can buy a plastic Octopus card and ride) basically run by public transit companies. On the other hand you have slow and ‘closed’ contactless payment systems (as in only people with certified credit cards and bank accounts can ride) run by major outside credit/debit network companies chipping off money from both customers and transit companies.

In this context putting Octopus on Apple Pay isn’t just adding a card to a digital wallet platform, it is also a statement of who ultimately controls, operates and benefits from the public transit gates. It’s more about market politics than technology, in other words another battle in the contactless payment turf wars. The outcome will be fascinating to watch but determines whether Octopus will remain a great transit payment platform for Hong Kong with a future, or not.

Update
It looks like we’ll have to wait a while longer for Octopus on Apple Pay.

Pixel 3 FeliCa details and Google Pay roadmap

Note: I’m updating and consolidating Pixel 3 information here instead of separate posts

Pixel 3 FeliCa related information is trickling in as devices get ready to ship. Pixel 3 details will give us a good idea of the Google Pay roadmap and answer some lingering questions:

  • Do Pixel 3 JP models have a Google custom FeliCa embedded Secure Element (eSE) implementation or use Sony FeliCa chips, and is the hardware the same across all SKUs?

The Pixel 3 JP models have a different hardware configuration. Google did the quickie solution of sticking a FeliCa chip in it, i.e. one Pixel 3 hardware configuration for Japan, another Pixel 3 hardware configuration for everywhere else. Not exactly the elegant long term vision thing that does not bode well for a global FeliCa Pixel 4: if Google is not creating its own custom Embedded Secure Element (eSE), the prospects of a global FeliCa Pixel next year are dim.

On the plus side Express cards with power reserve are a given as this feature already exists on Android Osaifu-Keitai smartphones with FeliCa chips. The down side is that this means Google Pay on Pixel 3 is exactly what it is on Android Osaifu-Keitai: a candy colored UI wrapper around the Osaifu-Keitai stack, an alternative front end. All icing, no cake. You get what Google Pay Japan supports but you have to add missing pieces like iD on your own. Even worse Pixel 3 apparently locks users into SIM free MVNO Osaifu-Keitai apps and their limitations, i.e. full Docomo iD support cannot be added.

  • Does Google Pay in Pixel 3 Japanese SKUs implement NFC switching?

iOS 10 didn’t have NFC switching support and was a big reason that Apple only activated FeliCa Apple Pay in the Japanese iPhone 7 and Apple Watch 2 models. NFC switching was necessary to support Global FeliCa iPhone 8 and later/Apple Watch 3 and later so that users could mix different card types (EMV, FeliCa, China Transit) in Wallet and have it all ‘just work’. If Google Pay does not support NFC switching then we have another reason why Pixel 3 is not global FeliCa.

  • Does Pixel 3 have express cards with power reserve?

As noted above Pixel 3 JP SKUs have a dedicated FeliCa chip like any other Japanese Android Osaifu-Keitai smartphone out there, the answer is yes.

Update: iFixit posted a Pixel 3 teardown, content and title updated

Update 2: the hardware for Pixel 3 JP SKUs has a dedicated FeliCa chip, major rewrite.

Update 3: Google Pay Japan on Pixel 3 is ‘pure’ Google Pay with the current limitations like no iD support and only allows installation of the ‘SIM Free MVNO’ version even on Pixel 3 devices from Docomo.

Update 4: None JP Google Pixel 3 models have the global NFC ready NXP PN81 but have not used it for FeliCa support, going with a separate hardware model for Japan. FeliCa Dude has posted some great information regarding the Pixel 3 NXP PN81 chip and Hong Kong Octopus card support