Modern smartphones have successfully combined the functionality of a phone, camera, music player, public transit pass, and even a wallet for many years now. Naturally, this makes you wonder about the security of the data they store. Let\u2019s figure out how well smartphones protect users\u2019 most valuable information and how their main security mechanism\u00a0\u2014 a tiny chip called Secure Element\u00a0\u2014 works.<\/p>\n
A special chip for storing secure payment information has migrated to smartphones from contactless credit cards. You may have heard of the EMV (Europay, MasterCard, Visa) standard, the most reliable standard today. With it, your payment information is stored on a protected microchip that is virtually impossible to hack. That\u2019s why cards that use the EMV standard are called, simply, \u201cchip cards.\u201d<\/p>\n
The Secure Element in your phone is essentially the same chip as the one used in credit cards. It has a separate operating system (yes, credit cards also have their own OS to run their programs). All of your information is stored on this chip, impossible to read or copy even by the phone\u2019s or tablet\u2019s OS, much less any apps installed on these devices. Secure Element will work only with special, trusted apps, such as select virtual wallets.<\/p>\n
The chip communicates directly with payment terminals, so even if a smartphone is infected by malware, hackers can\u2019t intercept this information, because the data is not transferred to the main OS but rather always remains in Secure Element\u2019s specialized system.<\/p>\n
The idea of combining a phone with a credit card goes back further than you might think. The first models with a Secure Element installed were feature phones<\/a>, though they never became very popular. One company even invented a method of mimicking a magnetic stripe<\/a> with a gadget; however, phones became real competition for plastic cards only recently, in 2014, with the launch of Apple Pay.<\/p>\n Apple Pay\u2019s success piqued the interest of its competitors, and in 2015, Samsung began offering a similar service. Both systems require Secure Element (that\u2019s why old iPhones and inexpensive Samsung models do not support contactless payments).<\/p>\n In an attempt to improve the functionality of its devices, the Korean company even purchased<\/a> LoopPay, the same company that developed the magnetic stripe imitation technology. Several months later, Google introduced Android Pay (renamed Google Pay in early 2018).<\/p>\n In fact, Secure Element does not have to be built into a smartphone. It can be removable\u00a0\u2014 for example, in memory card format. Some mobile operators even produce SIM cards that can store your credit card or public transportation pass information. But these options never became popular.<\/p>\n Google, as opposed to Apple or Samsung, primarily produces software for mobile devices and not the devices themselves. This is why their payment system encountered so many difficulties at the outset. Initially, most Android phones did not have Secure Element chips. The company could not force independent manufacturers to install the secure chip, or make users buy some new card. And it also couldn\u2019t implement contactless payments without Secure Element.<\/p>\nSecure Element\u00a0\u2014 built-in, external, or cloud-based<\/h3>\n