Not the case, at least not a couple of years back. At least then, Apple would have had to push out an iOS update — one that would be designed to allow for a run-around of sorts that could do what you suggest— and hope that the device users wouldn’t frustrate the downloading and installation of such pushed-out iOS update on the devices. I know some will say that the encrypted data local to a device would still be encrypted data that the OS can’t decrypt by itself; but I don’t want to get into that as brute-force decryption efforts at a targeted, locally-possessed device would be frequently successful (given the nature of most people’s password/passcode habits).

Could Apple have access to transaction information via contractual agreements with ApplePay-accepting merchants and/or card-issuers/payment networks (ie, an access which doesn’t require electronic access to all the data local to a device enabled for ApplePay)? Given the KYC/AML regimes out there and the issues with financial-related fraud in general and bank card misuse/theft at retailers in particular, I wouldn’t rule it out. But I doubt that Apple’s access to all that transaction data is as readily available to it and anywhere near as systematically comprehensive as it is to the ApplePay-accepting merchants and the card-issuers for the typical ApplePay transaction.

It is rather clear there are no software engineers on this thread!

Casual readers should not accept anything anyone here says about data privacy or encryption. There is a lot of ignorance posted here. If it is important, go outside of Flyertalk and speak to an expert who has built or worked on an operating system similar to Apple's IOS or maybe even a former Apple software engineer. Or Android even. If you do have this experience, you will know for a fact that Apple can have full access to all this data if they choose to.

Sure, Apple could choose to do so, but they would first need to get the device OS revised or use a hole-y app to try to do the dirty work and be willing and able to ignore their own public disclosures/posturing about what it says it can/does do and what it can't/doesn't do. Commercially, that's risky for Apple and opens a Pandora's box of problems for it. Slow-going on acknowledging and/or fixing zero-day vulnerabilities may provide it some cover. But as even governments learn, secrets are not as easily kept entirely secret and without any public revelation even when there is criminal prosecution danger for disclosure. And in the commercial sector, the danger of disclosure (for the disclosing parties) is more commonly not going to go beyond civil liability, and so disclosures contrary to corporate interest in this area are at least as likely if not way more likely than they are from the government and government contractor/partnership side.

I am no software engineer -- about that you are 100% right about, even as I can't speak about others here -- but I have been around enough of the national intelligence and law enforcement communities (and domestic and foreign enablers for such) to not be entirely clueless about what kind of discussions to rely upon and not rely upon and where the points of frustration come from when it comes to such government operations and investigations that have a deep technology angle.

If a government wants ApplePay transaction data -- whether or not it can get a physical or remote hold on the ApplePay user's device -- it's going to get more and more useful ApplePay-related transaction information from the card-issuing banks and ApplePay-accepting merchants than from Apple and get it more easily from those parties than from Apple.

Avoiding ApplePay card transactions due to privacy concerns while using the very same bank cards issued in one's own name for the same transactions that could otherwise be done using ApplePay? It doesn't make much sense to me to avoid ApplePay for privacy reasons. When privacy concerns are paramount, best not to do any in-person electronic payment transaction that is easily investigated from two or more ends.

Bingo!

And back to the code, I hope everyone knows that certain aspects of code behavior are different based on environmental determiners.

“When privacy concerns are paramount, best not to do any in-person electronic payment transaction that is easily investigated from two or more ends.”

Those words apply to use of bank cards at merchants even for transactions without the use of smartphones/personal electronic devices. In other words, don’t do in-person.purchases with bank cards in the purchaser’s name — whether or not using a phone/PED — when privacy is paramount.

I believe it has been indicated that the main card networks pay Apple a small percent amount per transaction ran on Apple Pay. In order to facilitate that payment, Apple must know details of the transaction to reconcile those payments.

However, I am not saying that Apple makes enough to cover the development or infrastructure cost of the Apple Pay network.

Is it?? Based on what, exactly?
I've been writing iOS apps for more than a decade (and other platforms before that), so there is at least one software engineer on this thread, and who has more than enough experience to know that what you say is false.

Apple does not have access to user data on an iOS device, and in fact, they go out of their way so that they don't.



Apple has repeatedly stated that they do not know specifics of individual transactions.

They only need to know the total amount transacted via Apple Pay per bank per cycle, and calculate their cut based on that amount.

The less user data access Apple wants or needs to get for its commercial interest, the more it makes Apple’s life easier than it would otherwise be. One day that may change, but for now ApplePay is no more a threat to ApplePay-enabled persons’ privacy than if they are using their own legitimate credit card directly with the merchants via the merchants’ other card processing/acceptance systems.

This assumes that Apple is storing the necessary encryption keys, etc. somewhere that it can access. I'm fairly sure they use hardware that physically won't let them (akin to the TPM chip on modern PCs or the chip in a credit or debit card), at least not without completely destroying the device in question.

It doesn’t assume that Apple need to store or even procure the encryption keys for this to be possible.

With a sneaky iOS change and/or app update installed on a device, the information that is encrypted could be accessible (even remotely) upon a device being unlocked (by device owner’s) — with the data being decrypted upon the device being unlocked — and the device being available to transfer that decrypted data.

Very good! GUWonder admits he is not a software engineer, but he still gets the obvious. When you own the OS, you can do anything. Furthermore, who cares if you have a bullet proof key management scheme when you can simply bypass it?

Conspiracy theories. Just because a company 'can' do that doesn't mean they will. There's way too much to lose to even consider it. Apple has also said they'd never backdoor anything.

As I wrote several times in this thread, you can choose to believe what they do, or will do in the future. There is a rather small pool of people who know exactly what they do, release to release.

Everyone should also be aware that Apple has to comply with the laws of every nation that they sell products and services in. Those laws can change and they can change in secret. There is an abundance of history of governments requiring compliance in secret reporting from financial infrastructure providers.

Apple's previous history seems to indicate they aren't so willing to do so (for instance, them refusing to create a backdoor for the FBI back in 2015-16).

Also, Apple does create hardware that makes certain things impossible for them in software (e.g. the T2 security chip in the MacBook Pro physically disconnecting the microphone when the lid's closed). Any change of heart would require them to stop doing that first, which would only affect future models and not the ones already in customers' hands. Oh, and would probably cause a huge PR mess at best.

So far, I haven't seen anything that remotely indicates they're backing down from their current privacy/security stance, so I'm taking them at their word for the time being. Of course, I'm sure people will reevaluate using Apple products if that ever changes.

(BTW, taken to its logical conclusion, you probably don't want to trust any device that doesn't have fully open software and hardware. This might be more up your alley in that case.)

Willing and able is not the same thing as unwilling and able; nor is it the same thing as willing and potentially able with a software alteration; nor is it the same thing as perpetually unwilling and able/unable.

I will note that when it came to some people’s encrypted WhatsApp messages (from very recent times) on iOS devices (with device lock codes on them), a bunch of the WhatsApp messages got picked up and/or reviewed even by some intelligence/security agencies from the “third world” countries. And that was even without the willful cooperation of Apple and Facebook-owned WhatsApp to assist in such (non-US) government-serving efforts. Tapping into ApplePay info local to iOS devices would be possible too, but that’s really not a great reason to avoid ApplePay while still using your own name-linked bank cards directly in person at merchants and using electronic devices to check your accounts online.

Your frequently flyer and frequent guest programs are also enablers of being hacked and tracked, and so skipping use of ApplePay while running around heavily-vested in the airline and hotel points and status game is sort of like worrying about locking the front door while leaving the back door unlocked and open.

When privacy is paramount, there are a lot of things you should avoid doing to heighten privacy maximizing outcomes. But avoiding ApplePay while using your credit cards in your own name for in-person transactions at merchants directly for the same goods/service purchase as for which you could use ApplePay? That isn’t going to do much of any good for maximizing your privacy. But I will say that segregation of habits may provide some privacy benefit, and that would mean not consolidating all your banking/buying info/capability into any single device or under any single account; however that’s not going to maximize privacy either. To maximize privacy, old school is the best — even as that may mean minimizing bank card-using transactions and not getting any/as many miles/points as possible. ;)