Apple Secure Element Opening Up: A Samsung-like Partnership Model Creates a New Ecosystem

By Georgia Cooke | 4Q 2024 | IN-7581

Registered users can unlock up to five pieces of premium content each month.

Log in or register to unlock this Insight.

Apple's Secure Element (SE) will be opening up for developer use from iOS 18.1, starting with developer access in the United States, the United Kingdom, New Zealand, Japan, Canada, Brazil, and Australia, and promising broader geographic access to follow. This allows developers to offer secure in-app Near Field Communication (NFC) transactions-including with their own digital wallet models-without relying on Apple Pay and Apple Wallet, also enabling full-service app capability for use cases like payments, loyalty cards, transit, ticketing, IDs, and home and hotel keys. Using Apple's proprietary Secure Enclave, users will be able to make secure, biometrically authenticated transactions from the app, with quick access possible by changing the default app for contactless transactions. This means users could opt to use third-party wallets by default, improving user choice by enabling a switch and sowing the seeds for a more diverse market, including the mixed use of major manufacturers' hardware and software products.

This doesn't make the market a free-for-all-developers will need to specifically request and pay for NFC and SE entitlement, and Apple requires developers to meet "certain industry and regulatory requirements." Early adopters will be large corporations with the resources to build a compliant solution, in a similar fashion to Samsung's partnership model where developers looking to access the Samsung Embedded Secure Element (eSE) Software Development Kit (SDK) must partner with Samsung to access the SDK under a Non-Disclosure Agreement (NDA).

However, the move remains a step toward the democratization of hardware security access. Reflective, in part, of an anti-monopoly push, particularly in the European Union (EU), this presents opportunities for both commercial and government use, bolstering the Enhanced Identity (eID) market, and streamlining customer experiences in the retail, transport, and event verticals in particular. While payments have historically been the primary use case, this is expanding, with a variety of functions converging into one digital wallet to provide a streamlined user experience.

The cost of entry is not yet clear, and this is likely to be a high-investment prospect for developers. Consumer responses to the change are mixed, with varying levels of trust in third-party security. Although handset manufacturers like Samsung and Apple apply security standards to their chosen partners, "open" ecosystems pose an inherent perceived risk to customers, and some are apprehensive about what this means for the integrity of manufacturer security. That said, requirements remain rigorous and it is unlikely that Apple will cede control of the developer ecosystem.

Many are also wary about the growth of this ecosystem, anticipating a proliferation of third-party apps reducing the quality of the user experience by insisting on proprietary options when a loyalty card integrated into the default wallet would have served user needs perfectly well. While this will be limited initially by the onerous requirements for access, it's unclear how much further the ecosystem will open up over the mid to long term, and this will have to be carefully considered for customer trust just as much as technical security. There are already numerous supported "tap-to-pay" Payment Service Provider (PSP) partners globally in the Apple ecosystem, but the latest change presents a much more consumer-facing ecosystem, which will have to manage public perception more carefully.

Selective partnering and strong security messaging is critical to maintain trust, and vendors that want to coax users over from default wallet options will have to make a strong case for their value-add if they expect users to engage voluntarily and regularly. Done correctly, this presents the opportunity to create extremely smooth customer experiences, and provides a source of valuable consumer data, but solutions must present a clear "why" to customers to justify a third-party solution, as well as justifying the cost of development to investors.

For manufacturers like Apple and Samsung, the proposition is clear: offering a lucrative opportunity if the partnership ecosystem can be encouraged to thrive. Opening up opportunities for new apps and addressing new use cases could increase the variety of needs met for the user, and improve user reliance and stickiness with limited need for in-house development. However, ensuring control over the right aspects of security through rigorous standards and developer education and guidance is critical to avoid undermining the massive investment in developing this world-leading security hardware.