When/if a Jailbreak becomes available for iOS 10.2, I am interested in installing it.
Since I use Apple Pay (on my watch only), I would like to know that my payment details are safe. Since you can see your credit card information in the Apple Watch app on iOS, this means that the data is synced across both devices.
Due to the data being on the watch and phone, would this make it possible for an hacker to get my card details? If so, would it just be the last four digits and my bank provider or all details?
Best Answer
[EDIT] - This edit revises my answer to:
1. Answer to OP's exact question/scenario
Yes, your payment details are 100% safe, as you've already set up Apple Pay on your devices prior to doing a jailbreak in future. This is because your card information is not saved to the device. In other words, since the data isn't on the device to begin with, there's no risk of it being accessed from your iPhone, even after doing a jailbreak. The information simply isn't there to steal!
2. Apple's own words re encryption and data protection on jailbroken devices
According to Apple
Source: Apple's iOS Security White Paper, 2014, p8. NOTE: Bold emphasis mine, not Apple's.
As you can see, according to Apple, even jailbreaking a device will not result in non-trusted code or apps being able to access certain areas, such as the Secure Enclave.
More specifically, Apple states:
Source: Apple's iOS Security White Paper, 2014, p5. NOTE: Bold emphasis mine, not Apple's.
The Secure Enclave is part of Apple's A7 and later processors. This enclave is documented in Apple Patent Application 20130308838 and also has its own OS called SEP OS.
So, according to Apple, your data is safe.
3. General info about Apple Pay and security
The best way to enter your card information when setting up Apple Pay is to use your iPhone's camera. This is because doing so means your card information is never saved to the device or stored to the photo library. In other words, since the data isn't on the device to begin with, there's no risk of it being accessed from your iPhone.
Once you've set up your device for Apple Pay, your bank (or financial institution) creates a Device Account Number (DAN) which is unique to your device and is encrypted and sent to Apple so they can add it to what's called the Secure Element on your device. This element is totally isolated from iOS and watchOS, is never stored on Apple's servers, nor backed up to iCloud.
It's important to also note that the DAN is never actually decrypted by Apple, they merely perform the action of placing it on your device in its encrypted form.
If you have to manually enter your card information (i.e instead of using your iPhone's camera), this information is also encrypted and sent to Apple servers. Since the information is stored on your iPhone prior to encryption it is theoretically possible that a 3rd party could log this, but the risk of this happening on a non-jailbroken device is 0% because the data (i.e. your card info):
In summary, I don't think it is possible to absolutely 100% guarantee that a hacker could never retrieve your card details, but in reality the risk of this happening is actually from a hacker breaching your bank's systems instead, not from your iPhone.
4. Further reading: