31
Oct
unnamed (7)

Google Wallet's single-biggest problem to date in the US has inarguably been carriers. US carriers (except Sprint) wouldn't allow Google the necessary control of the "secure element" in order to make NFC payments, and as such, Google Wallet consumer adoption has essentially been trivial. With Android 4.4, that finally changes.

The new version of Android completely eschews the secure element paradigm and has instead opted for a virtual solution, using what Google calls "Host Card Emulation" technology to get the job done. Emulation, in layman's terms, essentially means virtualizing a piece of hardware such that a computer acts as though it's interacting with a physical device. The whole "physical device" issue was what got Google Wallet in trouble with carriers, but the new HCE solution means that there's no hardware to bicker over - everything is software-based.

Specifically, Android will emulate a ISO/IEC 7816-based smart card, which uses the contactless ISO/IEC 14443-3 protocol for transmission. Do not ask me what those numbers mean, but Google claims these standards are widely used in the NFC payment infrastructure as it exists today. If you want to get technical, check out the source link at the bottom of this post.

Google also claims any app will be able to access the HCE feature, including for the purpose of payments. That's extremely cool. Other applications include things like security access cards, transit passes, gift cards, and pretty much anything else that can be used with NFC.

So, what's this mean for Wallet? In theory, every Android 4.4+ device should just work with Google Wallet as long as it has NFC. Being part of the core Android OS also means carriers and OEMs can't strip out the functionality, as it would be a violation of their CTS certification agreement with Google. Stick that in your pipe and smoke it, Verizon.

It's unknown if enabling the functionality for the new SE-less Wallet payments will require and update to the actual Wallet app, but you can safely assume that if it is, it's coming soon.

Android Developers

David Ruddock
David's phone is an HTC One. He is an avid writer, and enjoys playing devil's advocate in editorials, imparting a legal perspective on tech news, and reviewing the latest phones and gadgets. He also doesn't usually write such boring sentences.

  • Bobby Flay

    "Stick that in your pipe and smoke it, Verizon" HAHHAHA

    • Anthony Tran

      Verizon can go choke on it. Among many reasons why they ruined the GNex.

      • Guest

        T-FUCKING-MOBILE!

        • Tony T.

          I'm planning to try out AT&T via Straight Talk. It appears (at least through their coverage maps) that AT&T has slightly better coverege around my area than T-Mobile does. But if AT&T doesn't cut muster, then it'll be cheap to hop onto T-Mobile's version of Straight Talk anyway, haha.

        • Wyatt Neal

          T-Mobile is my first stop ... AIO will be the second. About the only thing that seems slightly sketch with AIO is the max rate limit of 8Mbps on LTE ... which isn't terrible, but I guess it's just not the 25Mbps I'm used to.

    • ari_free

      Bad news is that Verizon users won't see 4.4 updates unless this feature is taken out

    • SuperSam64

      Three words you will never hear in the same sentence (present sentence excluded):
      "Verizon KitKat update"

      They can't keep it off new devices, but would bet my left testicle that not a single device that is on Verizon right now will EVER see KitKat - not without flashing a custom ROM at least.

      • theycallmerayj

        Moto X and 2013 Droids have already been confirmed to be getting KitKat.

  • Wazzifer

    Shots fired.

  • UniBroW

    I was pretty certain something like this was going to happen, though now I'm hoping the note3 gets 4.4 soon =P haha

    • nycplayboy78

      XDA Developers are your friends :)

      • UniBroW

        Yes, I am aware and I've rooted and rom'd every phone I've had starting with the og Evo but I want to try and keep my Note stock and not rooted since t-mobile gives me tethering and such. g

  • Sir_Brizz

    Eat poop and die, ISIS.

    • nycplayboy78

      AMEN!!!!

    • Wyatt Neal

      I just noticed my vending machine at work was telling me it could take ISIS payments ... won't take one from my Gnex ... I went to another machine bitches.

  • pb

    Dors that lean d'aller app coming for Europe country :-)

  • abqnm

    Did you notice the reader ability as well? It says it should allow the device to act as both a transmitter AND receiver for mobile payments. This means we may be able to transfer money from phone to phone just with NFC. I can see Square taking advantage of this right away.

    • Wyatt Neal

      I can't way to tell someone to "SHUT UP AND TAKE MY MONEY!" and then tap their phone and be like "Yea, that just happened."

    • Freak4Dell

      I hope that means somebody can finally make the NFC on these devices a transmitter for anything. There are a lot of things like door access cards and stuff that use NFC, and I'd love to be able to use my phone for those instead. Then again, I suppose allowing something to read and copy the info from those is probably a security concern.

  • Colin Kealty

    so does this mean i could for example i could copy my credit card and use my phone instead of it? or my "presto" (nfc) bus pass? or is this purely a google wallet solution? If it is i really hope google wallet will work in canada !

    • Daniel Pogue

      Fellow Ottawan here (presto) I think that is exactly what they are saying. I can't be certain of course.

      • David Fulde

        it SOUNDS like it's along the lines of being able to 'record' the NFC signal and then echo it back so, if I'm thinking about this correctly, you should be able to have your NFC cards (that follow this standard) and just put them all in your wallet.

        I may be totally wrong though

        • ROm

          You are wrong. NFC transactions doesn't use the same identifiers that normal cards. There is CVC code transmited, that is different than the one on the card and different than the one on the magstripe, and this CVC changes with every transaction for NFC, so recording doesn't give you a nothing (if only readers are configured correctly)

          • David Fulde

            TIL. thank you :)

    • Tony

      I reckon so.. might require some reverse engineering for the bus pass, but the framework is there to do it.

    • http://beaugil.es BeauGiles

      You can't 'simply' clone or record a existing card, as the majority of cards used for transit, loyalty etc are encrypted.
      You can either wait for the card issuer to officially jump onboard and offer their own app with support for your pass, or wait for someone to decrypt the keys and create an app using those.

    • Jordan Pt

      Currently Google Wallet on my Nexus 7 works with any Credit Card(MasterCard, Visa, etc) just by entering it's details in like buying something online. Google used some cloud-fu to use their online systems to basically create virtual CCs that redirect transactions to your actual credit card. Works without an internet connection too, as otherwise it would've been completely useless on my WiFi N7. Another side benefit is that you can remotely deactivate the Google Wallet app's authorization, so if your phone is stolen there is no way they could use your credit cards.

  • Cory_S

    Will this still work offline though?

    • SuperSam64

      I wonder about that too. But if not, I'd say it's a small price to pay, because while people with an unstable connection may have issues, that's a smaller number of people than everyone with an unrooted device on one of the big three. And more importantly, ISIS is now officially dead. Without that, the carriers won't really have any motivation to try to muscle Google Wallet out of the way, and perhaps down the road the secure element thing won't be an issue any more.

      Unless the carriers just wan't to be dicks......
      Okay, so I guess it will always require a connection. :(

      • Cory_S

        Eh, I wouldnt say it's a small price to pay. Data connections can be really flakey, and with it working offline it had a high failure rate for me which made you look foolish waving your phone over the scanner.

        • SuperSam64

          I guess that's a good point... most people are probably only willing to stand there screwing with their phones for a few seconds before they give up and pull out the old card, so even a small stutter or lack of consistency could be a discouragement from using it. I just hope the carriers see they've lost and throw in the flag. Without ISIS trying to jack the secure element they really have no logical reason to keep Google from using it, and mark my words, as of today, ISIS is dead.

        • Benjamen Meiers

          My main issue with this is that a lot of shops are in shopping centres which usually have poor data connections (multi-level, thick ceilings)

    • David VanHouse

      Why wouldn't it work offline?

  • lensgrabber

    oh man. THIS is the news I have been wanting for so long. Suck it ISIS!

  • Sven Joy

    Still not outside the US...

    • enoch861

      I don't see how this won't work outside the US other than the fact that Google Wallet might not be available outside the US. Another company can come along and create another solution that would work for everyone else outside the US.

      • Sven Joy

        Yeah, but they don't seem to do that.

    • http://beaugil.es BeauGiles

      But now financial institutions/banks outside of the US can 'finally' pursue their own apps with NFC support; all your bank needs to do is create an app with the bits to emulate your own card.

    • ari_free

      You don't have to deal with crazy US carriers :)

  • Christopher Robert

    Combine this is the SMS and MMS in hangouts and you are on the verge of all out war on the carriers. Why would anyone on android pay for text messages? The messages are going to be received in the same app as hangout messages and hangouts is free?

    • Christopher Robert

      Oh yeah once they add voice calling its all out nuclear

      • Vito Lee

        Funny enough you still need data from the carriers to actually do any of those. But yes, totally sticking it to the carriers. Perhaps next year Google will have their own data only network so you can just do everything through them. And why doesn't Android have Voice Calling on Hangouts yet ararararaa.

    • Tony

      I might be wrong, but I believe the SMS and MMS that go through the Hangouts app are still normal SMS/MMS (i.e. they are still delivered through your normal carrier's network). They just happen to be readable from the Hangouts app now, instead of having to switch between two apps. Therefore you still need to have some kind of texting plan with your carrier.

      This is similar to how Apple's iMessages work. Those iOS users can view both their SMS and iMessages from the same app. But it doesn't mean the SMS are free, they still need a SMS service with their carrier.

      • http://www.androidpolice.com/ David Ruddock

        Correct. There is no indication at this time that Hangouts will do anything but act as a handler for your standard SMS / MMS messaging that goes through your carrier.

        • Christopher Robert

          why text the number when you can text the same contacts users name/gmail from hangouts for free? You'd be an idiot to continue paying for a service that is so easily replaceable now.

      • Benjamen Meiers

        This is true. However, If both users have hangouts installed, It would most probably default to sending via data. At the very least, you can select to send the mms/sms to the other persons mobile number or to their G+ (i.e. through data).

        It needs to be this way to get messages to people who don't use G+ or hangouts.

      • Wyatt Neal

        I certainly hope it allows me to choose to always deliver via google voice or something similar. I've become extremely spoiled by Voice+ from the CM team because ... it's just how it should fucking work.

      • Christopher Robert

        but why would you still pay for SMS and MMS when they go through hangouts. Why not just use Hangouts and stop getting texts to your number and give out your email address instead? That's the point i am making. If everyone who uses and android phone has hangouts and has to use it because its the default messaging app why pay more for texts.

        • Tony

          Right. That's what I would hope people do as well, but it would only work with people who use hangouts. Most iOS users I know don't use that on their mobile devices unfortunately.

          • Christopher Robert

            Most iOS users enjoy paying too much money for things they could get for free.

        • Freak4Dell

          SMS being universal would be one reason to pay for it. SMS being included in your plan in almost every plan a carrier offers (at least in the US) would also be a reason to pay for it...or not just not care, rather. Maybe it's a bigger deal in other countries, but my understanding is that people in those countries have already stopped using SMS in favor of apps like Whatsapp, Viber, etc. I doubt they'll switch to Hangouts now.

          • Christopher Robert

            SMS is not included in any plans. Do you even look at your bill? You are getting charged at least $5-$10 extra for your text ever month. Just an FYI.

          • Freak4Dell

            $5-10 extra compared to plans from ages ago that had SMS billed separately, sure. Actually, it's probably more. But more expensive plans are always expected due to inflation, and I get a lot more features with my current plan than I did with my old plans. The fact of the matter is that among US carriers, the option to pay for SMS or not is pretty much gone. You pay for it either way, and at the rate that most US consumers use it, it's something that was going to be paid for either way.

          • http://www.LOVEanon.org/ Michael Oghia (Ogie)

            SMS is huge here still. But I installed the APK of Hangouts 2.0, and luckily it asks if you want to integrate SMS and Hangouts--it's not automatic. Also, the SMS/MMS messaging app is still there and is default.

          • ramdroid

            On the Nexus 5 the SMS/MMS messaging app is no longer there. There's only hangouts.

        • http://www.LOVEanon.org/ Michael Oghia (Ogie)

          I live in India and used to live in Lebanon. In both places, you are charged per SMS you send. Obviously, I prefer to send WhatsApp messages, Fb messages, etc., but control over the SMS' I send is absolutely critical. I think this change effects non-US residents more.

          • Christopher Robert

            I completed turned off my SMS on my phone. I called up my carrier and told them that i do not want to receive or send SMS or MMS from my phone. They turned it off so i don't get any texts sent to me. I just give anyone who wants to text me my gmail account and they contact me through hangouts. Once gVoice gets hangouts support I will use that number as well.

  • Eric Callahan

    Are they going to update the Wallet app in the Play Store? I have a Moto X on Verizon, but if this is only going to work on 4.4, I wouldn't be surprised if VZW just "kindly forgets" to push 4.4 for this phone...

    • SuperSam64

      Oh, I'm sure they will. Sadly, existing Verizon customers may still have to root to get the functionality if the only way to do it is flashing a 4.4 ROM. But manufacturers aren't going to allow Verizon to restrict new phones to an outdated Android version. So it's only a matter of time.

  • KRS_Won

    After realizing Wallet was never coming to Verizon, I signed up for Isis. Only to discover that none of my credit cards were compatible with the service. And I want going to sign up for a new credit card, no matter how bad I wanted to use the tap to pay feature.

  • SuperSam64

    SUCK

    IT

    VERIZON

    ....................../´¯/)
    ....................,/¯../
    .................../..../
    ............./´¯/'...'/´¯¯`·¸
    ........../'/.../..../......./¨¯
    ........('(...´...´.... ¯~/'...')
    ..........................'...../
    ..........''............. _.·´
    ..........................(
    ..............................

  • ajerman

    Thank you, Google, for taking this into your own hands. Cell phones as they exist today probably wouldn't even be around by the time this morons get done with ISIS, plus I don't trust them with a billing system either.

  • Chris

    omfg that is AWESOME!! That must be why they left the secure element out of the 2013 N7 - they knew they weren't going to need it!! YAY!!!

  • http://www.twitter.com/dsilinski slinky317

    Except Verizon could just block the app from being installed (like it does now) and come up with another bogus reason for doing so.

    • Benjamen Meiers

      I think the main difference is most of the business end is a framework in the OS. The Google Wallet app will just utilise this framework. Meaning, you could sideload the app, or install a different app that uses the framework.

      Plus Verizon have publically explained the only reason they banned Google Wallet was because of the secure element. They even suggested that if Google could remove it, they would allow it. (this was mainly just them pretending not to be abusing their power)

  • n0th1ng_r3al

    Now when will the Google Play HTC One get the 4.4 update so we can finally use NFC

    • Ben Baranovsky

      Rumored between 1-2 weeks.

  • Ted

    You all are very welcome! If you want to start building your own wallets or payment apps check out the developer ( wiki.simplytapp.com ) I promise you will like it!

  • Ray

    So can one assume that paying for stuff at PayWave terminals in Australia will now work?

    Is that the correct way of interpreting this or am I missing something?

    • http://beaugil.es BeauGiles

      Assuming your bank creates an app that emulates your payWave or PayPass card, yes. (I believe CBA are actively chasing this).

      • William

        Another alternative is if you can enter in your bank account details to Google Wallet. If you can, then it definitely will work.

        • Benjamen Meiers

          So if I have my credit card setup with Google Wallet, i.e. How I paid for the Nexus 5.

          That should work?

          • http://beaugil.es BeauGiles

            That won't work; Google Wallet uses AVS to ensure you've got a US credit card attached to a US address.
            If it doesn't have a US address attached - then your payments will fail when using Google Wallet at a retail store.

          • Benjamen Meiers

            I thought with this change it would no longer be a US only thing :(

    • Benjamen Meiers

      Nearly every store I go to has NFC functionality. Which means on a technical level, it should work. I've got the previous version of Google Wallet to work.

      It's going to be based on the implementation and whether the banks are going to be dicks about it.

  • http://www.toysdiva.com Toys Samurai

    Too bad it doesn't address the problem that most of the NFC equipped phone sold in the last 2 years or so will never be able to use it because many of them won't ever see the day of KitKat, which is a big waste of time by sticking to the secure element position for the last 2 years. Why? Since OS update comes so slow, the whole Wallet movement basically just launches today. Imagine if Google did this right after they found out the carriers won't let them use the Wallet app? Hundreds of millions of Android phones today will be able to pay using NFC payment, effectively killing ISIS, which is available only to just a handful of devices and accepted in very few places.

  • Matt

    On the Android page, they say that this will enable NFC payments at millions of stores. Any ideas what stores support this in the US? As I've been on Verizon and not had this capability, I've just not paid attention to it. I'm not sure how practical this will be for me.

    • http://www.facebook.com/lucyparanormal Daniel Tiberius

      I see it at a lot of gas stations and 711 type stores for sure.

    • draiko

      I've used Google Wallet at Gas stations, a few fast food places, a local vet, Petco, and CVS. Walgreens has the hardware but the locations I've been at don't have it enabled. The Mastercard paypass app is a good way to get a list of NFC capable stores.

    • Todd Zullinger

      In addition to what draiko and Daniel said, the Wegman's grocery
      store near me supports it. This is really great when I run out for
      stuff late at night and manage to forget my cash. I have my shopping
      list on my phone and use it as my music player in my car, so it's a safe
      bet that I never leave it at home.

      I'm so glad this is
      coming, as I hated how Verizon made this more of a pain than it needed
      to be with my Galaxy Nexus. The irony is that they won't be updating
      the Galaxy Nexus so all the Verizon customers with the phone can make
      use of it easily. But then, I imagine there aren't many of them left
      that don't either run a custom ROM or have otherwise worked around the
      blocking. And a lot of us will be leaving for other networks and the
      Nexus 5 too.

      Verizon can suck me. I don't care what anyone says about their network, I hated supporting them with my money.

      • Matt

        Yep, I'm a current GNex user on Verizon. Got two of these (one for me, one for my wife) and we're switching to TMobile. We're just going to eat our early termination fees from Verizon (it helps that we're both over a year into our current contracts) and save about $70/month. We'll see an ROI within about 14 months, and be clear from then on.

    • Christopher Robert

      You can use it anywhere PAYPASS is accepted.

      http://www.mastercard.us/cardholder-services/paypass-locator.html

  • mrjayviper

    Bring it to other countries. The world is so much bigger than your home market

  • http://robert.aitchison.org raitchison

    I'm not getting my hopes up until this actually works.

    The whole secure element argument was nothing but an excuse the carriers came up with to block Google Wallet (while claiming they weren't "blocking" Google Wallet) but it never had any merit.

    My prediction is that the carriers will come up with some other equally lame excuse as to why this new method is bad and use that to continue to block Wallet (by insisting that Google not make fully functional Wallet available)

  • Casen Brashear

    And with this news, Verizon has announced that no devices will be upgraded to Android 4.4 citing security concerns.

  • SuperSam64

    Back for day two of Verizon trolling. I'm loving this.

    Dear Verizon,

  • Cephas

    I am not entirely comfortable with this. The reason you had a secure element was to have a place that securely stored your Visa/MC applet and all the perso data with it. Y'know for security reasons.

  • Piotr Gołasz

    How does this function work in android 4.4? The new tap & pay?

  • polishfreak

    Did I miss something... Wallet installed on my Verizon gs4 with no issues from the play store as of last night. I'm on 4.2.2!

  • d-rock

    Anyone have the N5 and can test this? My N7 is on 4.4 and it still doesn't work. Would have thought wallet would work with Tap to pay b/c the 7 has NFC? Maybe the N5 has an updated app?

    • Anthony B

      N5 here - just bought some Cheetos at a CVS with my phone.

      Why? Why not

  • Taylor Abrahamson

    Soo it's now Mid November, I've installed KitKat on my Verizon S4 and google wallet still doesn't allow NFC payments. What is missing? Did google yet to push this functionality to the Wallet app? Or did the 4.4 Source code not actually include the new Secure Element Emulation?

  • Frank

    Oh, wow. "Host Card Emulation", meaning "virtualizing a piece of hardware", what a novel idea, just why didn't they think of that any sooner? D'oh! This is the stupidest idea I have come across in a very long time. Haven't you wondered why phones put up with a secure element at all, with that lousy CPU power inside the SE and the severe memory limitiations (say a couple of 100kByte max, and yes, that's a k not an M), just so it will fit into that tiny NFC chip or into the UICC, while knowing that the phone main CPU could do the same task much more efficiently?

    Well, to give a hint, that is because a "secure element" is secure, and it is secure because (theoretically) nobody can manipulate the information stored on it except by defined access channels, most of which need cryptographic authentification. In other words, you cannot read or write the data on the card unless you are supposed to (or just maybe if you have physical access to the card as well as millions worth of tools with which to strip away layers of solid state substrate).

    "Virtualized" hardware, however, runs in the memory of the phone, where it is much easier to manipulate, and you can be certain that lots people will try just that as soon as money is involved. Encryption will not help here, because any key used would have to be known to the phone, meaning also stored in the memory of the phone. The only thing to obtain a minimum of protection would be to delegate the secure operations to some other entity outside the phone, such as the cloud, which in turn opens up new security risks; not to mention it would work only while connected.

    So, basically, virtualizing a secure element means stripping away the only purpose a secure element has (being a protective shell around sensitive data), while maintaining a rather awkward programming interface that serves no actual purpose any more. Granted that most issuers of UICCs have very restrictive policies about granting access to their secure elements and make life exceedingly hard for developers (while incidentally Google and the other smartphone manufacturers do the same thing with the embedded SE) and thus for their customers, but this concept is not a solution for anything (should I have used the word harebrained here?).

    So if you are indeed waiting for that bank to make their own app for payment, maybe you should not hold your breath. Banks are usually quite attached to their money and are not usually well-known to take any risks if they see potential for abuse.