
Analysing Apple Pay Transactions - GordonS
https://blog.elcomsoft.com/2018/08/analysing-apple-pay-transactions/
======
GordonS
So, apparently Apple doesn’t collect or back up transaction data to iCloud,
and it can only be obtained by imaging the actual device that made the
payment.

In this day and age where every shred of PI is routinely stored forever and
sold to anyone who wants it, I find this quite amazing!

~~~
amaccuish
I recently wiped my Android phone and put lineage on with microg, to tide me
over until I can replace with an iPhone. I'm simply done with the data
collection on Android. Maybe I was naive, but I thought a user could switch
most of it off, but you can't.

I really admire how Apple are pushing their secure enclave. AFAIK Google Pay
uses temporary tokens pulled from their servers, whilst Apple replies soley on
the ondevice SE for Apple Pay.

------
amaccuish
> Tap-to-pay is easy enough, but today’s users expect evolving, personalized
> experiences that sync as they shop. They willingly share personal
> information to foster enhanced experiences with services like Netflix,
> Amazon,

I'm not sure it's entirely willing. More that they have no idea how much data
is being collected, and convenience outways finding out about the other
implications.

------
londons_explore
Apple may not retain the data, but the underlying card issuer does.

I trust Apple more than Visa or HSBC to keep my data from prying eyes.

If someone could make apple pay be backed by a local bitcoin wallet, then I
could feel far more secure nobody is going through my payment history.

~~~
cjoelrun
Wouldn't this mean everybody could then go through your public payment
history?

~~~
londons_explore
Presumably such an implementation would use different wallet addresses for
every payment so they couldn't be linked together.

