Verizon is soon to launch the Galaxy Nexus, the flagship phone for Android 4.0 (a.k.a. Ice Cream Sandwich) but Google Wallet will be missing on the phone. This has created somewhat of a controversy. I’m kind of surprised how much coverage this story is getting. I haven’t read one article that really cuts to the heart of the matter, so I thought I’d try to share what I know about it.
Why Google Wallet is not included is actually technical and has to do with how digital wallets work with NFC.
Managing the Secure Element
Part of the NFC system is something called “the secure element.” This is where the digital wallet software stores data (e.g. your account numbers) and code to manipulate the data store. This is part of the NFC hardware and is tamper proof. Access to the secure element is restricted, as you would hope, preventing any arbitrary app from reading or writing to it. The mechanism to interact with the secure element is a piece of software called the “trusted service manager” (or TSM). Only one TSM can be used on any device to prevent multiple instances from stepping on each other.
This is the key. It is the carriers who decide which TSM can be used on the phone. The phone makers and OS authors do not. The TSM is pre-installed and cannot be removed or replaced by the user.
There are several third parties that create TSM software, two of which are Gemalto and First Data. The TSMs do essentially the same thing, but have different implementations and APIs. Digital wallets use the TSM to access secure information.
Google Wallet works with First Data’s TSM. Another digital wallet has been created by the Isis venture, which is backed by Verizon, AT&T, and T-Mobile. The Isis wallet uses Gemalto’s TSM. Verizon must be pre-installing the Gemalto TSM on the Galaxy Nexus. Google Wallet is not compatible with this TSM and that is why Google Wallet cannot run on that phone.
This is consistent with what is seen in Google Wallet’s current implementation. Google Wallet was introduced on Sprint, the only major carrier not committed to Isis. Also, notice that Google Wallet runs on the Nexus S for Sprint, but it does not work on the Nexus S for T-Mobile or AT&T.
So that’s the way it works. The reason Google Wallet won’t run on the Verizon’s Galaxy Nexus is that Verizon is supplying a TSM not compatible with Google. Even knowing how this all works, I think it is unfortunate for the consumer for several reasons.
First, the user can’t choose a wallet technology without choosing a carrier. Changing carriers is hard and a consumer shouldn’t have to make that choice. To a customer, the wallet is just an app. Could you imagine if you couldn’t use Gmail unless you used T-Mobile?
Second, this makes it more difficult to change carriers. Once you’re committed to the tech, switching becomes difficult. How can you move your information to a different wallet?
To solve this problem, there would need to be a way to install a TSM along with the wallet. This is a technical challenge as there may not be a practical and secure way to do this. The carriers have no incentive to change this since it locks customers to their network. The phone makers and OS makers likely cannot do much either as the carrier has the final say over which devices can work on their network. So I think this is something we will just have to live with friends.