Over the last few days, CVS and Rite Aid have disabled NFC technology at their retail outlets to prevent customers from using Apple Pay. It's been reported that this is due to an existing deal in place with a system called CurrentC, which involves the use of an app, QR codes, your bank account, and their servers. Walmart recently explained MCX's — the consortium behind CurrentC — position to Business Insider as follows:
It's also been suggested that CurrentC will help retailers avoid credit card transaction fees while also letting them mine personal data. With that in mind, here are some questions about MCX and the CurrentC app:
- Why do they want to retrieve your device's MAC address? (Don't worry, as of iOS 7, the OS returns a fake MAC address of 02:00:00:00:00:00 which is what CurrentC seems to be sending to their servers)
- Why do they want to log your device name, WiFi network name, and number of running processes?
- Why do they use a unique device ID that persists across multiple installs?
- Why do they send pings every 2 seconds?
Oh and they send these pings like every 2 seconds because apparently they're super needy. pic.twitter.com/Br7QlqcObGOh and they send these pings like every 2 seconds because apparently they're super needy. pic.twitter.com/Br7QlqcObG— Nick Arnott (@noir) October 28, 2014October 28, 2014
To their credit, CurrentC does employ SSL pinning to protect the application's traffic, but at this point it's hard to know if that's to protect their users, or their questionable data transmissions.
I haven't been able to test with a registered account yet, but at first glance what CurrentC is actually doing seems far more aligned with the vested self-interest of retailers than anything remotely connected to providing a great shopping experience for customers.
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!