Apple Pay gets a lot of attention for how it interacts with the physical world, and rightly so. Apple’s inclusion of NFC on the iPhone 6 means we’ll get the ability to pay for goods with a tap of our phone. Sadly, that tech needs various point-of-sale terminals to include it, but there’s another way Apple Pay will be useful: in apps.
Apple recently updated their Security Guide to include Apple Pay, and while typical fodder, we do get to see how Apple Pay will handle purchases in the app.
It’s important to note this “Apple Pay within apps” isn’t for your game upgrades or camera app features. Those still go through iTunes. This is for goods and services you might buy in a proprietary app from a store.
Apple Pay use in an app is almost exactly like you’ll find in the real world. The app you use queries Apple Pay to see if you’ve got cards available to make the buy, and all financial info is passed through a secure element, and encrypted.
It’s only when you are actually verified to have a method of payment that Apple Pay gives up any info about you. Once the app and Apple Pay can agree to terms on your purchase, your address can then be provided to figure out shipping costs.
Information will end up encrypted, re-encrypted, and sent securely — all to make sure there isn’t a weak link in the chain. From the Security Guide:
When an app initiates an Apple Pay payment transaction, the Apple Pay Servers receive the encrypted transaction from the device prior to the merchant receiving it. The Apple Pay Servers then re-encrypt it with a merchant-specific key before relaying the transaction to the merchant.
These instances of information transference are given one-time tokens, and can’t be tied back to the end-user, according to Apple.
The good news — your information is as secure in an app as it is int he real world. The bad news — apps still need to adopt Apple Pay, and that may come slowly.