Freedom in Mobile Computing

The linked article leads to EC recommendations on mobile payment systems. This bit is interesting:

8.1 KC MPSPs should distribute the payment-related software and authentication tools, including personalised security credentials, installed in the mobile device via a secure “distribution channel” (e.g. software preloading managed by qualified vendors following auditable procedures; off-line Recommendations for the security of mobile payments / software loading at authorised agents or local branches; or on-line downloading from trusted entities using security procedures¹⁸).

footnotes:

18: Examples of on-line software downloading:

• the user interface “app” (UI_App) is downloadable from a trusted “market store” with clear security policies and sound security measures (e.g. Apps Public Store requiring security evaluation and digital signature of “apps”);
• the payment software application that is resident in the SE (SE_Applet) is downloadable inside the SE, using a secure channel between the central server and the SE itself (e.g. encrypted SMS messages, secure OTA services, internet banking services).

“Trusted entities” is where everything goes to shit. The banks blindly trust Google despite being scientifically proven to be relatively insecure. Even if Google had their own shit together, a surveillance advertiser cannot have the trust of anyone with a bit of street wisdom.