Apple scrambling to tweak App Store to meet FTC's March 31 deadline

Apple scrambling to tweak App Store to meet FTC's March 31 deadline

Summary: Apple must change how it sells In-App Purchases to settle a Federal Trade Commission complaint that it billed consumers for millions of dollars of charges incurred by kids without their parents’ consent.

TOPICS: Apple, Apps, iOS, iPhone, iPad
A sampling of unintended In-App Purchases in Toe-Nail Salon, one of the worst offenders - Jason O'Grady

There's a clock ticking in Cupertino and time is running out.

A source tells me that Apple is scrambling to make changes to the App Store to satisfy a settlement (PDF) with the U.S. Federal Trade Commission (FTC). The settlement requires Apple to change how it charges customers for In-App Purchases (IAPs). 

The FTC began investigating IAPs after parents complained about $100 charges for a "wagon of Smurfberries" in early 2011. The FTC's 2013 complaint alleged that Apple failed to tell parents that entering a password for an in-app purchase also allowed 15 minutes of unlimited purchases by anyone on the account (including children) without requiring a password. 

As someone who's been victimized by unethical app developers that prey on children (see the screenshot above), the changes can't come soon enough. 

Apple's 15-minute no-password window is particularly troublesome for families that share a single iTunes account. When a parent makes a legitimate purchase on their iPhone, for example, while their child is playing a game on an iPad, the child is able to buy more credits, levels, or unlocks during the next 15 minutes by simply touching "yes" – without entering a password. The charges are automatically approved and charged to the parent's credit card on file.

Unscrupulous iOS game developers take advantage of this loophole by inundating kids with offers to buy more features and time, knowing that a portion of them will be within Apple's 15-minute no-password window. They also bet on the fact that parents will either a) not notice the charges, or b) find it too difficult to request a refund for the unintended purchases (which isn't trivial). 

Other "freemium" game developers block gameplay with full-page interstitial ads for their other apps hoping that kids will unwittingly click and download their other wares (but that's a topic for another blog post). 

I recommend some changes to the App Store that would help mitigate this growing problem (like requiring a password for all downloads, including free apps) in an article on January 15, 2014.

In its settlement with the U.S. Government Apple agreed to make the following changes no later than March 31, 2014:

  1. Modify its billing practices to ensure that Apple obtains consumers’ express, informed consent prior to billing them for in-app charges
  2. Consumers must have the option to withdraw their consent at any time

This probably means the end of the 15-minute no-password window as we know it. 

While it might sound trivial, changing the App Store to obtain "consumers’ express, informed consent" before billing them is a significant change. It involves fundamental changes to the App Store order flow and there are a lot of dependencies involved.

One source I spoke to says that it's taking Apple longer than expected to make the required changes. In order to meet the government's second criteria (the option to withdraw their consent at any time) Apple must require a password for all IAPs by default, and perhaps make a no-password window an option via settings. 

It's not only iOS that's affected, Apple also needs to make changes to the aging iTunes codebase as well. Since the App Store is also available in the desktop version of iTunes (currently at v11.1.5) Apple would be wise to make changes in it to avoid further FTC scrutiny. Although only apps can be purchased (not IAPs), a no-password window is also present in iTunes on the desktop.

Apple's getting close to releasing iOS 7.1 and I've been told that it would like to include the FTC's IAP changes in the upcoming release. While I can't confirm that the IAP changes are holding up the release of iOS 7.1, it's been over a month since Apple released iOS 7.1 beta 5 to developers on February 4 and the last two 7.1 betas were released with 13 and 15 days of each other. 

The other iOS 7.1 deadline Apple is facing is SXSW. It's been rumored that the new iTunes Festival app, required to stream the live musical performances, will require iOS 7.1. The iTunes Festival starts on March 11. If true, Apple could launch 7.1 in time for SXSW with the IAP changes in place, or it could defer the IAP changes in 7.1 and deliver a 7.1.1 update in time to meet the March 31 deadline. 

Either way, the clock is ticking.

Topics: Apple, Apps, iOS, iPhone, iPad

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Good change

    This change is a good idea since apparently the app purchasing power was unintentionally abused way too often. Unfortunately Apple had to be taken to court just to make a change to help its users.
    Sean Foley
    • I'm not sure it's clear enough to achieve it's goal..

      Don't get me wrong, they all do it - the play store on my nexus stays logged in for 30 minutes!!

      At least they have an option to turn off in app purchased i guess... Though that does mean I can't make in app purchases as well.

      As for what to do it seems simple enough - every single payed purchase requires your password with an expressed comment that this will cost real world dollar.

      It can be turned off... But this has to be opt out with a plain english explaination of what it means.

      As for parents giving their kids their password, i suppose this should be explained in the set up of devices, but lets face it they probably fit the demographic of wouldn't read it anyway.

      Hopefully with the roll out of fingerprint scanners across devices this can soon become a thing of the past (the number one reason parents give out the password is that they get fed up with being asked for it. If they can't step round it - they won't)
  • The other effect:

    A fifteen year old girl wanted to download a FREE app from the App store. You'd think this would involve something complicated like clicking on Download but no. She was asked for her credit card number. Somebody needs a dose of daylight.
  • I'm surprised at Apple

    I'd have thought it was obvious that sooner or later something like this would be taken advantage of by today's canny kids. Then they'd tell their mates.
    Laraine Anne Barker