Hi, I want to pay with online prepaid visa in person. I could add it to Google Pay, but Google Pay doesn’t support NFC payments on GrapheneOS. Do you know any other app that lrts you do that?

  • JackGreenEarth@lemm.ee
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    9
    ·
    1 year ago

    Why hasn’t someone made a FOSS NFC payments app yet? Any bored Android FOSS developers, please make this your next project.

    • Psiczar
      link
      fedilink
      English
      arrow-up
      22
      ·
      1 year ago

      If it was as simple as writing an app it would be done by now. The problem is authorisation, the bank isn’t going to action the transfer request just because Bob’s Banking app says so. The request either needs to come from their own app or from one of their partners (Apple).

    • helenslunch@feddit.nl
      link
      fedilink
      English
      arrow-up
      16
      arrow-down
      1
      ·
      edit-2
      1 year ago

      Those aren’t just payment apps, they’re a payment service. Google, Apple and Samsung are “trusted” providers to process payments.

      Some FOSS developer could theoretically make an app to process Google Pay but they’d need Google’s authentication, which is never going to happen, for a variety of reasons.

      • solrize@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        3
        ·
        1 year ago

        I’d be interested to know what happens if you use one of the official apps on a rooted phone.

          • solrize@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            That suggests you can get credentials out of the phone, at least for non-google phones. I doubt that the Moto G that I just got has a security chip like the one in the Pixels and Iphones. It’s possible though. I do want to start messing with the phone’s NFC reader, though more as a general security thing than for payments in particular. Maybe I’ll get to understand it better.

    • cttttt@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      It’s more down to trust and attestation than a technical implementation. Whoever makes an NFC payment system needs to prove to payment processors that the chain of software and hardware from the payment terminal to whatever proves you’re the account holder (a card or a phone) can be identified. And, separately, the implementation needs to be audited.

      This may sound like they’re trying to make this horrible walled garden on the surface, but bank users expect their money to not get stolen. And if it is, they expect the bank to make that problem disappear. The bank can only provide these assurances if they control everything.

      This is why they use hardware attestation and a chain of trust all the way through to the OS to identify the specific implementation of an NFC payment system. They want to know they can go after whoever created the buggy NFC payment implementation to recover the money or to least stop partnering with them.

      Not a lot of FOSS developers would go through the trouble.