Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

They do that when they're concerned about bad actors or want to prove out the API first with a controlled set of people who are willing to experience breakage



They do that when they're concerned about bad actors or want to prove out the API first with a controlled set of people who are willing to experience breakage

Not only must you be reviewed by the App Store, but your app will require security entitlements to act as a payment processor. And you'll have to be a registered Apple developer in good standing.

If a malicious actor went through all this trouble to grab some transactions, they'd be shutdown within hours of the scam and Apple would refund the money.

Also, who's going to trust or want to use "Bob's rando payment processor"? No merchant is going to do that.


Isn't that what the AppStore review process is for?

Or why not provide an extra approval process for the NFC API?

On the other hand they were not so concerned with bad actors when releasing AirTags.

Feels more that it's about control than safety and like that kind of decision that got them into all the antitrust probes in the first place.


App store review can only catch so much, and isn't able to analyze the actual code. It's one way for them to gate malicious code.

And providing extra approval process for the NFC API is exactly what they're doing here.

AirTags actually have a lot of design in them to thwart bad actors so your comment there is incorrect or ignoring all the anti stalker measures in there.


NFC API itself don't enable user to steal from contactless credit card. See Android.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: