I'm a huge fan of being able to use my phone for everything whenever possible -- no wallet, no keys, no cards.
So this is awesome on the part of Apple, but what about Android? Are student ID's on Android already a thing? Are they being developed?
Or are there unique aspects of Apple controlling the hardware that inherently make cards like these more secure on Apple, that Android can't match (but maybe Pixel can)?
Yeah, this is an Apple article, so it's silent on Android support. No college with any form of public remit would roll out a student ID system that required an apple device; it would run into all sorts of equity issues.
> You can add your campus ID card to your Android phone to securely access your residence hall. You can also use your campus ID with Google Pay to pay for things on campus such as dining, laundry, vending, books, and more.
I really wish we would have stayed with the Google Wallet moniker. Seeing that you can add student IDs, Walgreens Card[0], Vaccine status/card[1], various metro cards (like Japan's Suica[2]), it is more like a wallet than a pay app at this point.
"The only way to justify my job is to convince people things need to be changed" is a cancer in Google. It's why they renamed the Android Market the "Play Store" as if that name wasn't fucking ridiculous.
I assume the Play Store rename was motivated by wanting to have it under proprietary branding, instead of being a generic store name that's also available to de-Googled competitors who don't ship Google Play services.
Yeah as a non-Android user I was confused by this page. You have to add your card to Google Pay to be able to use it for dorm entry? That's very Google of them, like needing to enable "Web & App Activity" tracking to be able to get home/work directions in Maps.
But then I wasn't sure if they just branded "any NFC pass you can put in your phone" as "Google Pay" which would be stupid but believable. Thanks for confirming.
Now that it's (clearly) catching on, I can see Google and/or Samsung re-branding their Pay apps to something else (maybe Google goes back to Wallet?) and including ID capabilities.
Personally while I like the idea of digital ID, never losing your cards, almost-impossible to get stolen, I don't like the idea that if someone (i.e. a LEO) needs to see my information, I might need to hand them my device, and in a some jurisdictions could be considered granting consent to a search. I also don't like the idea of what happens if your phone is damaged or the battery dies and it contains your only identification.
In my province (Alberta) I'm allowed to carry digital proof of insurance for my car instead of the standard pink sheet. The app has a mode that displays the insurance info on the lockscreen while locking the rest of the phone to the police (or whoever else needs to see it). So there are technical solutions to the first issue.
The second issue, I completely agree, I would rather the system be an addition to existing IDs rather than a replacement to them.
So much complexity, so many third parties you have to rely upon to not make any mistakes (or be abusive), for the convenience of not carrying a slip of paper in the glove box of your car....
I still keep the slip of paper in my glove box, but that only helps me if I'm in my own car. The digital version is an excellent tradeoff on the off chance that I end up unexpectedly driving a friend's car or a rental.
When I was still a kid, I was completely looking forward to where a mobile phone could be an all-in-one solution for carrying stuff. I didn't know how it was going to look, but I wanted it. Now looking at how maliciously neglectful big tech companies have been with data over the past decade, I don't want these companies handling anything regarding official documents.
My take would be, if my employer requires some kind of credential on a mobile device in order for me to be able to work, they can provide me with the mobile device (which I will use only and exclusively for work purposes).
Yes. This.
A different device. Only for this. Only turn it on when needed. Keep, turned off, in lead box otherwise. How else?
But then what?
One device for the bank.
One device for your passport.
One device for school.
Etc.
Apple PR is being really careful with their language: "This fall, the University of Alabama will be the first school to exclusively issue mobile student IDs to their 38,000 students with eligible devices." The UofA action card office will continue to produce physical cards for students, no mobile device required: https://actcard.ua.edu/faq/
Unfortunately not all Android apps can be supported due to GoogleApps dependencies and due to verification of "no root" by some apps. Also, virtualization is slow.
Yes, I forgot that Anbox is fully rooted, that means weakened sandboxing, that means only some very trusted or not sensible applications should be there.
Also, Anbox is not perfect - even some basic UI elements are broken (in the version I use for development). But it is good to have it.
Also, with 3GB of RAM we are not very far from a point of struggle with the resources.
Virtualization: I would like to see some benchmark results of the "NXP i.MX 8M" to roughly compare to the x86 Anbox experience, but I am not finding much data.
The "problem," such as it is, is that an increasing number of people don't want to carry wallets any longer--carrying at most a few cards in a sleeve on their smartphone. So to the degree just a photo on their phone isn't good enough, they want a digital ID on their phone.
Exactly. A single card may not seem like a big deal, but all it takes is one card for you now to need a case with a sleeve and all that extra bulk and now your phone doesn't fit easily in your pocket.
"No longer needing a wallet" isn't a marginal gain -- it's a huge step forwards for convenience, security, and even safety.
I definitely still use a sleeve (Apple magnetic wallet thingie) to carry a few cards. But--assuming I'm willing to bet I won't need cash when walking around (which in the US is a decent bet in general)--not carrying a wallet, even a sleek one, is still a positive.
Does a sleeve really do much? I just carry my cards loose in my pocket (a credit card, my driver's license, and my health insurance card). If I think I might need cash I'll toss a $20 in too.
If I carry more than one thing in a pocket, especially if one or more of the things is small, I usually end up dropping things a lot, sometimes without realizing it, while getting something else out. That's the main reason I use a card holder and don't do what you do. Other benefit is that the cards are very unlikely to end up in different places in your house when you need to find them. Even if you are very careful to always stack them in the same place when you get home and never take anything from the pile without taking it back, it's much easier to bump a card off a table and have it sail under furniture across the room, without noticing, than it is a wallet or card holder.
[EDIT] and of course a sleeve on a smartphone is even harder to lose than a separate card holder. Plus, it comes with find-my without needing to buy some kind of extra bluetooth tag or something.
Yeah, even with the Apple Magsafe wallet I found I had to be fairly disciplined when I took it off the phone at home or to magnetically mount on the car so I didn't have to frantically search for it. Though I like it overall vs. having a conventional sleeve because the car mounting and wireless charging in bedroom works well.
But individual cards are really easy to lose. Probably a mini front pocket wallet would be a reasonable option but fewer items is still better in general.
iOS plus Android certainly covers 99%+ of phones used by a student population in the US.
And physical cards exist as a fallback.
It's not about "supporting a duopoly" in the sense of entrenching it -- it's simply about cost-effectively supporting the devices students already have and use.
As I understand it, the Apple devices have a secure element with initialization keys written at time of manufacture, which are then personalized to the user with a new/unique set as part of a registration, but verifiable as having being provisioned, so there is a cryptgraphic chain of trust going back to the manufacture of the secure element.
Android is an operating system for a bunch of OEMs who don't have secure elements in their devices, and even ones who do still exist in a fragmented ecosystem where their verification doesn't include ones outside their models. Modern chips have a similar feature, but the key management between manufacturers is an unsolved business problem. There are technical ways to solve it, but higher level interoperability beyond enforced standards has never a high priority for OEMs. The economics haven't been there.
You could make an inferior one for Android devices, but it likely wouldn't be sufficiently secure to handle payments, credit, taxation, fines, social compliance scores, and other use cases for identity. Identity security needs to be strong enough to be used as a stick, and the only carrots it offers are those whose scarcity is artificially managed.
Realistically, if you are attending a university, the cost of an Apple device can just be priced into your loan, and strategically, making university student products consolidate Apple's dominance of the middle class market and up, and as a status symbol of societal membership, sort of how Facebook started in the college system.
I'm skeptical of digital identity companies (as distinct from authentication services) because to me their entire business model reduces to Hollerith machines as a service, so YMMV on this view.
It's been a few years since I looked at it, but I'd be interested to see the workaround the EMV partners finally used to do tokenization. Last I saw it some years ago, they were persisting what should have been single use keys (SUKs) for multiple transactions (calling them limited LUKs) so that they could handle an offline payment mode. Apple didn't have that problem because of their SE.
I'm sure there are lots of Android pay solutions, but the risk profile is very different, the solutions for it are limited, and keys in software has a catastrophic failure mode. What's very likely is Android payment solutions are taking a fraud management approach with some kind of government backstop, as from a technical security perspective, software has hard limits.
It's not a monopoly if it's only for university educated people who get access to exclusive services. You can start your own managerialist economy.
You should not even have to show proof of insurance. There should be a database the cop’s license plate scanner can look into and show the cop everything they need to know.
I assume there already is, and the paper requirements are just something for people to trip over and trigger other suspicions.
The cop actually does not even need to know about insurance at all. The state charges everyone a yearly tax anyway (“vehicle registration”), they could easily just not let people renew this registration if they don’t have insurance.
IMHO, Apple would be wise to be more like Microsoft, Facebook, and Google and release some Android apps.
Apple Wallet should be one of the first. Nobody is buying Apple devices for Apple Pay alone. They already realize the benefit having Apple Music be cross platform.
These are added to your phone through a regular application, but ID cards are added to Wallet.app just like concert tickets, plane tickets, payment cards, transit cards, etc. Apple has to be involved as they are the relationship manager for all of the physical security companies (TransactCampus, Allegion, etc.) to get them to read and understand the ID on the phone.
A few years ago, before Apple got involved themselves, I worked somewhere that brought a top-of-the-line smartphone based access control system.
The problem was it didn't reliably open doors, which is really the only thing you want from an access control system.
Apparently at the time NFC was for Apple Pay only, so the vendor had to use bluetooth; and apparently there was no way for them to keep their app running and the bluetooth radio running all the time. The Android version was no better.
Within a year they had switched back to plastic ID cards.
This is half true there are NFC API’s to use the NFC chip. What they cannot do use their own implementation. This results in a way better experience in the user since there’s no pointless fragmentation.
> This is half true there are NFC API’s to use the NFC chip
There is no API to send raw APDUs to a card or simulate a card (receiving APDUs from the reader). This makes it a non-starter for implementing any kind of smart card (such as receiving a challenge from a reader, signing it with a private key stored in the app - potentially delegated to the secure element - and returning it).
The APIs they provide only allow reading static values off "NFC Forum" tags which is useless for any kind of security or access control.
I'm curious how different digital IDs will work in the near future. Will one app hold all your official IDs or will there be an app for each purpose?
After fall 2022, the EU plans to do a pilot of the EU digital ID. It would "let users store electronic forms of identification and other official documents, such as driver’s licenses, prescriptions and school diplomas." [1]
If I had to hazard a guess, there would be an app for each ID, with Wallet (or your platform's equivalent), aggregating them all. US citizen? US Gov app. Have temporary or permanent residency somewhere? Another app developed or sponsored by that government.
(i am a beta tester in a state digital ID system rollout)
In Poland something like this is widely deployed. Unfortunately it doesn't integrate with wallet.
There's a single "Mobile Citizen" app and there you download various kinds of IDs into it, by logging in to the relevant website for that ID.
Though you can't use it in place of your ID card, it's enough to get you through I.e. police identification. You can also download your driver license, student id, European covid passport, etc. onto it, and those do count as the real thing.
In India, there is an app which holds all your ids. We just enter the id number and required information and it will fetch the details. This includes school certificates, college certificates, driving license, birth certificate, Car/motorcycle papers and whole lot of other things.
I’m embarrassed the US doesn’t have this. You should see the absolute disaster that is digital records at the Dept. of Veteran Affairs. It’s better than it used to be and it’s still terrible.
Correct me if I'm wrong, but the data retrieval only works for a tiny fraction of government documents, like the Aadhaar. For everything else like college certificates, it's only storing the image you submit. At least this was my experience some years ago.
The more value you make a target the more money is invested to break it. Physical documents require significant physical abilities to steal, you actually have to be in physical possession of a document.
In the digital world the databases are accessible from anywhere in the world. Significantly larger attack surface, and we know for a fact no software, especially Apples, is going to be secure enough.
Governments have shown they cannot be responsible with even social security ID's. I hope they do not draw Inspirstion.
You’re not wrong, but there’s other aspects worth considering.
1. Most physical identification documents are trivial to fake.
2. Possession of a paper/plastic document means for a nonzero period of time you control the only valid one of its kind. A digital ID can be immediately revoked thus reducing the possession time of a hacker.
3. Digital ID’s can be protected by on-device biometric authentication. Yes “physical access is total access” but it takes more sophistication to exploit a properly protected digital ID
4. People today are more apt to lose a physical document over their phone, which is also easier to locate when lost.
5. Your state likely sells their drivers license database. Yes that’s right. Ever wonder how some business require valid ID to open an account? They check the info on your card against their copy of the db. Hackers don’t have to hack the government to get the info on your ID (and exploit it) there are myriad targets that can be exploited.
"especially Apples" - what are you basing that on?
I personally trust Apple more to actually want to protects users' information rather than try find legal loopholes in protection mechanisms to aid their business model.
Social Security numbers used to be used for all sorts of things such as driver's licenses. It's less common now but SSN is, at best, part of confirming identity. And I haven't had a physical card for many decades.
There is no accessible “database” for Wallet, these are just digital versions of cards that are stored on your local device in the Secure Enclave. Some items in Wallet, such as a credit card, may be included in an (encrypted) iCloud backup, but with some of their critical bits omitted (such as the CVV). It’s really not a different security profile than an analog card. While there could feasibly be a vulnerability giving remote access to the contents of the Secure Enclave (anything is possible, right?) that would be highly targeted and would almost certainly be harder to pull off than some simple social engineering if you just want someone’s SSN or student ID number.
Yes, a database, on your phone, connected to the internet, with applications everyone else has also connected to the internet. You don't have to singularly exploit every individual phone with brand new attacks. You design one attack and use it again and again.
Targeted attacks are no longer a "rarity", it's the natural result of having singular software platforms. Iphones are very popular, and very wealthy and powerful people use them, therefore they become a very lucrative target. Snowden was talking about the Pegasus project before we even knew the name of it. The ability to just exploit someones phone via a text message, no user interaction. There are plenty more where that came from, don't worry.
I hope Apple and institutions that rely on it make it easy to recover from a lost device.
I totally get the convenience angle, being an Apple ecosystem dweller myself. However, with more and more of identities, payments moving to a single device the recovery workflow should be hassle free.
With physical documents, my IDs are spread out so if I lose my drivers' license I can pull out my passport to get a new one. How will it look like in Apple world? I haven't read the recovery workflow documented anywhere.
Imagine being on a business trip say ~5 years down the line and losing your phone. Your hotel key is gone, passport is gone, no money, no one to call, no app, no internet. Now what?
How would this differ from keeping your hotel keycard, ID card, cash, and credit cards in your wallet/purse? If you lose your wallet/purse in that case, you'd also have no key, no ID, no money, etc.
Excellent point! I was mostly referring to the issue of loss or theft of a single device containing all forms of payment/ID/access not being that different from loss of theft of a single wallet/purse containing all forms of payment/ID/access.
On the note of charge, Apple has recently included a feature that lets certain cards work even when the phone doesn't have enough charge to be normally used. It seems they shutdown the phone before the battery is entirely depleted, reserving a small amount of charge to be used for these cards.
With physical IDs there's an option to spread them out. I typically keep passport in hotel room, hotel key card in my back pack etc.,
Perhaps Apple Wallet will act as a secondary but a fast path access and I'll continue to carry physical IDs but don't have to pull them out for most of the cases. That is how I used Apple Pay. I carried bank card with me but used Apple Pay 99% of the times.
I generally don't walk around with my wallet any longer. Just a few cards and my phone. (Though I have it with me--along with other cards and cash if I'm traveling.)
That said, I don't really like a single electronic device being such a single point of failure. (And, to be honest I find taking out a card easier than Apple Pay most of the time.)
Wouldn't you be able to spread your digital IDs out between multiple devices?
Yes, that would be more expensive if you don't already have multiple devices. I'd wager than many people here on HN (who are in the Apple ecosystem) have at least 2 devices on which they could add payment/IDs/access (Apple Watch, iPhone, iPad, MacBook).
I was just thinking this earlier today. So many of the same people who are careful to diversify their financial investments, mind their cyber security by having different passwords and MFA, also put all their valuables in one bundle, whether that's a phone case-wallet or digital cards. I'll pass unless we reach a point where we have no alternative.
My school (UC San Diego) already has a mobile app with our student IDs on it. You can add it to your mobile wallet on both iOS/Android I believe (on iOS it took some fiddling with PassBook before it showed up for me). It's pretty convenient but I'm never really in a situation with my phone/watch and not my wallet.
Frankly I worry about the unintended consequences of decisions like this.
My university uses Google for many of their online services. Due to Google policies/recommendations, it de facto will not work on an Android Phone without Play Service, as IMAP is considered less safe and by policy is forced off, and since Google de facto makes it impossible for any app to use OATH outisde of Google Play[1]. As a result, I have no access to my University email on my Android phone, since I refuse to put Google Play Services on it (As an aside, it ironically works perfectly on my Pinephone).
My university also forces a 2FA App called DUO Mobile. In the default configuration, you are forced to use an Android with Googple Play Services or iOS app, and we were forced to turn it on. Thankfully someone was able to figure out it's protocol to allow it to be used on other apps [2]. For a while, DUO did not even support Firefox, so one was even then forced to use Chrome to sign in online with a U2F Device.
While the digital ID is introduced now as an option, it wouldn't surprise me that this will be forced on students in 5-10 years, and now by default, they need to buy an Android/iOS phone to attend a University, then are forced to the Privacy Policy of companies that they have no choice for.
Consequences of forcing Google or Apple on students aside, another unintended consequence I worry about is students who come from poor income backgrounds. One of my dear friends from college came from an extremely low income family who could barely afford to help her through college. She did not have a laptop because of the price, and used the computer labs on campus to do all of her computer work. She didn't have a cell phone either, also due to price. I get that a cell phone/cell phone plan is increasingly becoming a necessity, but I seriously worry about people for whom that is yet one more barrier to entry to college.
79 comments
[ 2.8 ms ] story [ 93.8 ms ] threadSo this is awesome on the part of Apple, but what about Android? Are student ID's on Android already a thing? Are they being developed?
Or are there unique aspects of Apple controlling the hardware that inherently make cards like these more secure on Apple, that Android can't match (but maybe Pixel can)?
> You can add your campus ID card to your Android phone to securely access your residence hall. You can also use your campus ID with Google Pay to pay for things on campus such as dining, laundry, vending, books, and more.
I really wish we would have stayed with the Google Wallet moniker. Seeing that you can add student IDs, Walgreens Card[0], Vaccine status/card[1], various metro cards (like Japan's Suica[2]), it is more like a wallet than a pay app at this point.
[0] https://www.walgreens.com/topic/promotion/google-pay.jsp
[1] https://support.google.com/googlepay/answer/10890261?visit_i...
[2] https://blog.google/products/google-pay/add-suica-and-waon-g...
But then I wasn't sure if they just branded "any NFC pass you can put in your phone" as "Google Pay" which would be stupid but believable. Thanks for confirming.
Personally while I like the idea of digital ID, never losing your cards, almost-impossible to get stolen, I don't like the idea that if someone (i.e. a LEO) needs to see my information, I might need to hand them my device, and in a some jurisdictions could be considered granting consent to a search. I also don't like the idea of what happens if your phone is damaged or the battery dies and it contains your only identification.
The second issue, I completely agree, I would rather the system be an addition to existing IDs rather than a replacement to them.
I don’t want cash, a wallet, plastic cards, metal keys, or tons of slips of paper from receipts and all other kinds of bullshit.
Putting it on the phone as a native app is hardly complex. Use QR codes, an officer won’t need to look at your phone
But what if I have neither iOS, nor Android? Why must the government/universities support the duopoly?
Librem5 runs (can run) Anbox, to explicitly support Android software applications.
Also, Anbox is not perfect - even some basic UI elements are broken (in the version I use for development). But it is good to have it.
Also, with 3GB of RAM we are not very far from a point of struggle with the resources.
Virtualization: I would like to see some benchmark results of the "NXP i.MX 8M" to roughly compare to the x86 Anbox experience, but I am not finding much data.
See also: https://source.puri.sm/Librem5/community-wiki/-/wikis/Freque...
"No longer needing a wallet" isn't a marginal gain -- it's a huge step forwards for convenience, security, and even safety.
[EDIT] and of course a sleeve on a smartphone is even harder to lose than a separate card holder. Plus, it comes with find-my without needing to buy some kind of extra bluetooth tag or something.
But individual cards are really easy to lose. Probably a mini front pocket wallet would be a reasonable option but fewer items is still better in general.
And physical cards exist as a fallback.
It's not about "supporting a duopoly" in the sense of entrenching it -- it's simply about cost-effectively supporting the devices students already have and use.
Android is an operating system for a bunch of OEMs who don't have secure elements in their devices, and even ones who do still exist in a fragmented ecosystem where their verification doesn't include ones outside their models. Modern chips have a similar feature, but the key management between manufacturers is an unsolved business problem. There are technical ways to solve it, but higher level interoperability beyond enforced standards has never a high priority for OEMs. The economics haven't been there.
You could make an inferior one for Android devices, but it likely wouldn't be sufficiently secure to handle payments, credit, taxation, fines, social compliance scores, and other use cases for identity. Identity security needs to be strong enough to be used as a stick, and the only carrots it offers are those whose scarcity is artificially managed.
Realistically, if you are attending a university, the cost of an Apple device can just be priced into your loan, and strategically, making university student products consolidate Apple's dominance of the middle class market and up, and as a status symbol of societal membership, sort of how Facebook started in the college system.
I'm skeptical of digital identity companies (as distinct from authentication services) because to me their entire business model reduces to Hollerith machines as a service, so YMMV on this view.
I'm also laughing that you say Android isn't secure enough to handle payments. Millions of people use it to do so every day.
I'm sure there are lots of Android pay solutions, but the risk profile is very different, the solutions for it are limited, and keys in software has a catastrophic failure mode. What's very likely is Android payment solutions are taking a fraud management approach with some kind of government backstop, as from a technical security perspective, software has hard limits.
It's not a monopoly if it's only for university educated people who get access to exclusive services. You can start your own managerialist economy.
What if the cop drops your phone walking back to their car to take down your information?
What if the cop creeps through your messages while he has your phone?
Personally, I'd rather just have a piece of paper ready.
I assume there already is, and the paper requirements are just something for people to trip over and trigger other suspicions.
The cop actually does not even need to know about insurance at all. The state charges everyone a yearly tax anyway (“vehicle registration”), they could easily just not let people renew this registration if they don’t have insurance.
Apple Wallet should be one of the first. Nobody is buying Apple devices for Apple Pay alone. They already realize the benefit having Apple Music be cross platform.
Or is this yet another case of Apple's APIs being too limited, so they made themselves yet another loophole rather than fix it?
It's also PR.
The problem was it didn't reliably open doors, which is really the only thing you want from an access control system.
Apparently at the time NFC was for Apple Pay only, so the vendor had to use bluetooth; and apparently there was no way for them to keep their app running and the bluetooth radio running all the time. The Android version was no better.
Within a year they had switched back to plastic ID cards.
There is no API to send raw APDUs to a card or simulate a card (receiving APDUs from the reader). This makes it a non-starter for implementing any kind of smart card (such as receiving a challenge from a reader, signing it with a private key stored in the app - potentially delegated to the secure element - and returning it).
The APIs they provide only allow reading static values off "NFC Forum" tags which is useless for any kind of security or access control.
Still can't create payment apps though. No idea if this would be sufficient for an access control system.
After fall 2022, the EU plans to do a pilot of the EU digital ID. It would "let users store electronic forms of identification and other official documents, such as driver’s licenses, prescriptions and school diplomas." [1]
https://apnews.com/article/europe-health-coronavirus-pandemi...
(i am a beta tester in a state digital ID system rollout)
There's a single "Mobile Citizen" app and there you download various kinds of IDs into it, by logging in to the relevant website for that ID.
Though you can't use it in place of your ID card, it's enough to get you through I.e. police identification. You can also download your driver license, student id, European covid passport, etc. onto it, and those do count as the real thing.
https://www.digilocker.gov.in/
In the digital world the databases are accessible from anywhere in the world. Significantly larger attack surface, and we know for a fact no software, especially Apples, is going to be secure enough.
Governments have shown they cannot be responsible with even social security ID's. I hope they do not draw Inspirstion.
1. Most physical identification documents are trivial to fake.
2. Possession of a paper/plastic document means for a nonzero period of time you control the only valid one of its kind. A digital ID can be immediately revoked thus reducing the possession time of a hacker.
3. Digital ID’s can be protected by on-device biometric authentication. Yes “physical access is total access” but it takes more sophistication to exploit a properly protected digital ID
4. People today are more apt to lose a physical document over their phone, which is also easier to locate when lost.
5. Your state likely sells their drivers license database. Yes that’s right. Ever wonder how some business require valid ID to open an account? They check the info on your card against their copy of the db. Hackers don’t have to hack the government to get the info on your ID (and exploit it) there are myriad targets that can be exploited.
I personally trust Apple more to actually want to protects users' information rather than try find legal loopholes in protection mechanisms to aid their business model.
Targeted attacks are no longer a "rarity", it's the natural result of having singular software platforms. Iphones are very popular, and very wealthy and powerful people use them, therefore they become a very lucrative target. Snowden was talking about the Pegasus project before we even knew the name of it. The ability to just exploit someones phone via a text message, no user interaction. There are plenty more where that came from, don't worry.
I totally get the convenience angle, being an Apple ecosystem dweller myself. However, with more and more of identities, payments moving to a single device the recovery workflow should be hassle free.
With physical documents, my IDs are spread out so if I lose my drivers' license I can pull out my passport to get a new one. How will it look like in Apple world? I haven't read the recovery workflow documented anywhere.
Imagine being on a business trip say ~5 years down the line and losing your phone. Your hotel key is gone, passport is gone, no money, no one to call, no app, no internet. Now what?
On the note of charge, Apple has recently included a feature that lets certain cards work even when the phone doesn't have enough charge to be normally used. It seems they shutdown the phone before the battery is entirely depleted, reserving a small amount of charge to be used for these cards.
https://support.apple.com/guide/security/express-cards-with-...
Perhaps Apple Wallet will act as a secondary but a fast path access and I'll continue to carry physical IDs but don't have to pull them out for most of the cases. That is how I used Apple Pay. I carried bank card with me but used Apple Pay 99% of the times.
That said, I don't really like a single electronic device being such a single point of failure. (And, to be honest I find taking out a card easier than Apple Pay most of the time.)
Yes, that would be more expensive if you don't already have multiple devices. I'd wager than many people here on HN (who are in the Apple ecosystem) have at least 2 devices on which they could add payment/IDs/access (Apple Watch, iPhone, iPad, MacBook).
My university uses Google for many of their online services. Due to Google policies/recommendations, it de facto will not work on an Android Phone without Play Service, as IMAP is considered less safe and by policy is forced off, and since Google de facto makes it impossible for any app to use OATH outisde of Google Play[1]. As a result, I have no access to my University email on my Android phone, since I refuse to put Google Play Services on it (As an aside, it ironically works perfectly on my Pinephone).
My university also forces a 2FA App called DUO Mobile. In the default configuration, you are forced to use an Android with Googple Play Services or iOS app, and we were forced to turn it on. Thankfully someone was able to figure out it's protocol to allow it to be used on other apps [2]. For a while, DUO did not even support Firefox, so one was even then forced to use Chrome to sign in online with a U2F Device.
While the digital ID is introduced now as an option, it wouldn't surprise me that this will be forced on students in 5-10 years, and now by default, they need to buy an Android/iOS phone to attend a University, then are forced to the Privacy Policy of companies that they have no choice for.
Consequences of forcing Google or Apple on students aside, another unintended consequence I worry about is students who come from poor income backgrounds. One of my dear friends from college came from an extremely low income family who could barely afford to help her through college. She did not have a laptop because of the price, and used the computer labs on campus to do all of her computer work. She didn't have a cell phone either, also due to price. I get that a cell phone/cell phone plan is increasingly becoming a necessity, but I seriously worry about people for whom that is yet one more barrier to entry to college.
[1] https://github.com/M66B/FairEmail/blob/master/FAQ.md#user-co... [2] https://github.com/rcslab/duo-cli