alt Hacker NewsThis is a regulatory thing, devices used for instant payments should be somehow attested and be authenticated (or be a physical device the bank issued e.g your card).
It’s a difficult thing, we don’t want to have to force smartphone choices but the number of users without one these devices is so vanishingly small it’s very difficult to change the legislation in order to support them too.
I think the happy middle ground is making this system also work with bank issued cards.
Replies
This is not true. Many European bank apps allow instant payments and work without Google's remote attestation. They typically require a locked bootloader. I am in The Netherlands, use GrapheneOS and do instant payments all the time.
(GrapheneOS does support remote attestation, but the app needs to add their verified boot key fingerprints.)
Then I'll unfortunately have to continue paying the PayPal tax - apparently they have no issues running in any browser of my choice.
> I think the happy middle ground is making this system also work with bank issued cards.
That wouldn't let me pay online.
> we don’t want to have to force smartphone choices but the number of users without one these devices is so vanishingly small
You are missing the point. The issue is that once the "vanishingly small" number of alternatives disappears, users will be completely trapped, and Google and Apple will then free to abuse that position of power (they already do). Worse, since power is centralized, it is very easy for government interference to take place, and we already see that with things such as identity and age verification requirements. It is the possibility of competition that matters more than actual competition.
I don't see, why a smartphone plus NFC enabled token device wouldn't work within the regulation, we should go that way, (or any way decoupling Google & Co. from it) because we should be prepared for US companies to be forced to act unreasonably by an unreasonable leader.