Apple's Anti-Tampering Patent: Could It Make Mobile Payments Safe?

One of the biggest risks of mobile payments is the possibility that a smartphone has been tampered with, either physically or with malware, in ways that put payment accounts at risk by thieves. But a patent issued to Apple on February 1 suggests that the Cupertino crowd may have plans for detecting iPhone and iPad tampering in near real time—and even shutting down phones that have been tampered with.

Apple's patent application makes clear it's mainly aimed at iPhone abuse that would void the phone's warranty. But it's just as clear that the abuse-detection system could go much further than that. If Apple decides to use it to bolster the security of the iPhone and iPad for mobile payments, that could make the iPad much more secure for retailers as an in-store payments device used by employees—and make the iPhone a much safer way for customers to make mobile payments.

The patent, #7,880,591, is for a system for "detecting whether consumer abuse has occurred in an electronic device." Put simply, Apple's design works like this: A set of sensors identifies potential abuse from liquid immersion, extreme heat, physical shock or tampering. Any "abuse event" is logged in special tamper-proof memory, and the device is shut down—but it periodically wakes up to check whether the abuse is still going on.

If the device is still wet or hot or otherwise being abused, the device goes back to sleep. If the abuse has ended, the device runs a self-test and either flashes the iPhone equivalent of a "check engine" light or returns to normal operation. But the log of the abuse event remains, encrypted and password-protected. So if the device is returned to the manufacturer for service, a technician can identify any "abuse events" and whether that abuse could have caused the problem that needs repair.

In itself, this is a clever diagnostic system. And it should help Apple keep the warranty replacement costs down on future iPhones and iPads. (The patent specifically mentions its usefulness as a "countermeasure against crafty consumers," who want to file a false warranty claim when they've abused their devices.)

For retailers' IT departments, that's a potential pain. Employees rarely admit they do anything to IT equipment other than use it properly. A company-issued iPhone or iPad has never been dropped in a toilet, roasted on a hot car dashboard or bounced down a flight of steps. If Apple installs an abuse-detection system in future i-devices, a lot more warranty claims from IT departments could be rejected—and service contracts might start looking like a necessary expense.

But there's a much stronger reason this patent is interesting for retailers. Apple wants to be a player in mobile payments, and retailers want to use Apple devices for in-store payments. If Apple pushes the patent's ideas just a little further—periodically checking for both physical abuse and malware—that could help maintain the integrity of an iPhone or iPad as a payment device in two obvious ways.

The first is hardening the iPhone and iPad for use as in-store payment devices.

The first is hardening the iPhone and iPad for use as in-store payment devices. Apple uses iPhones in its own stores, where salespeople can check customers out on the spot, and it's a logical way for many retailers to use a tablet like the iPad. The problem: Handing a highly portable point-of-sale device to associates is a risky proposition. You don't want the devices accidentally damaged; it could cause glitches that make the customer experience less pleasant or that ring up the wrong sale.

You also don't want associates intentionally tampering with the devices with the intent of stealing payment-card information. It's no real surprise that the PCI Council is skittish about certifying mobile devices and software. Securing payment-card hardware and software is hard enough when it's installed in a store. But for associates, sneaking a mobile device home at night is relatively easy. And if an associate hacks the device by installing software to capture payment-card numbers, that blows away your PCI security.

But what if Apple extends its anti-tampering surveillance to include checking for software that shouldn't be on the device? Then a hacked tablet or phone would become a brick as soon as the system spots the tampering. It wouldn't just be a non-threat; it would also be a dead giveaway that the associate has done something very wrong with what's supposed to be a secure payment device.

If retailer-owned mobile devices are a security challenge, customer-owned devices are much bigger targets. Smartphone users are walking around with powerful computers in their pockets—computers that face increasingly clever techniques for stealing payment-card information. Unfortunately, most smartphone users also don't care much about security. They won't worry about malware until it causes them real problems.

That's the second place that, with a little stretching, Apple's anti-tampering patent could make a difference in mobile payments. Imagine an iPhone that checked itself for malware and shut itself down if any was found. That would absolutely block any software designed to steal payment-card information or interfere with mobile-payment processes.

And if an infected smartphone suddenly became a brick, customers would have very good reason to deal promptly with a malware problem. After all, they won't be making any phone calls—much less any mobile payments—until the problem is cleaned up.

That would make mobile payments a lot safer. It would also be a huge risk for Apple, which has already tried mightily (and with limited success) to keep its i-devices locked down. Adding a "feature" that threatens to shut down a phone at any moment would really raise the bar for Apple's quality control, especially when it comes to software sold through iTunes.

Then again, it would set a new standard for mobile-payment security, too.