Samsung Pay with backdoor: a storm in a teacup

Samsung Pay mit Hintertür: Ein Sturm im Wasserglas

Although mobile payment in Germany, not least because of the covid 19 pandemicSince the Internet has picked up speed and every consumer can now pay with their smartphone, the obligatory scandal should not be missing, if it were one.

These days, negative reports are piling up around Korean tech company Samsung’s relatively new payment method “Samsung Pay”. Already at the launch of the new service there was irritation about Schufa entries when registering the new service. Samsung Pay so it was said, could worsen the credit score. Which was not correct in the form, because through the cooperation with Solarisbank, a Schufa entry is made. QueryHowever, an entry is only made if the “Splitpay credit line” is used with Samsung Pay. However, queries have no influence on the score.

However, the latest news surrounding Samsung Pay has a different quality. Thus, the product testing foundation found out that the Samsung Pay app grants itself rights to access contacts and read out device data. Stiftung Warentest is extremely critical of this data handling, because the Samsung Pay app can simply download apps and data on its own. This all sounds dramatic at first, but it is less spectacular when you take a closer look.

What the Samsung Pay app does

The Samsung Pay app is a generic app available worldwide. The download is the same for everyone, regardless of whether the app is downloaded in France, the USA, Korea or Germany. For Samsung, this has the advantage of only having to maintain one app in the store, but not a separate one for each country. The Samsung app then checks where it is (country) and on which smartphone (model) it is installed and whether the smartphone has NFC at all.

Since payment works differently in every country and especially in Germany Samsung Pay is handled via Solaris, the processes in the app differ accordingly. This explains on the one hand the access to various device functions and on the other hand the possibility to reload apps. The latter can be seen as feature clipping, which loads functions depending on the country and device.

Samsung Pay with backdoor: a storm in a teacup

The app gets the access to the contacts because of the support feature, as Samsung Support is a default contact in the address book. Since Samsung Pay provides direct access to support, it fetches the contact from the address book.

Conclusion

You can argue about how clever Samsung Pay was in solving the whole issue and whether it could have been solved more charmingly. The answer is obvious: Yes, it could have. But to talk about a data collection frenzy seems a bit much hoopla and the explanation is less spectacular than the apparent scandal.

Samsung Pay with backdoor: a storm in a teacup

Unlike other tech giants, Samsung’s business model is not the collection of data, but the sale of hardware. Stiftung Warentest may be critical of the Samsung Pay app, but it lacks a differentiated assessment in the context of payment.

Because the DSGVO also applies to Samsung in Germany and Solaris is regulated as a partner bank and for this reason alone the data of the users should be secure, the Stiftung Warentest also knows this.

Author

  • Maik Klotz ist Berater, Sprecher und Autor zu den Themen Banking, Payment, Digital Identity, E-Commerce und Retail mit starkem Fokus auf “mobile”. Seit vielen Jahren berät Maik Unternehmen zu kundenzentrierten Innovationsmethoden und der Fokussierung auf den Nutzer. Er wurde von der Süddeutschen Zeitung in der Serie „Impulsgeber“ der Branche portraitiert und moderiert und spricht auf vielen Branchen-Events. Maik ist Imker.Maik ist Co-Founder von Payment & Banking und ist im Team mitverantwortlich für Marketing, Strategie und Events, insbesondere der Transactions.io

, , ,