There's a clock ticking in Cupertino and time is running out.
A source tells me that Apple is scrambling to make changes to the App Store to satisfy a settlement (PDF) with the U.S. Federal Trade Commission (FTC). The settlement requires Apple to change how it charges customers for In-App Purchases (IAPs).
The FTC began investigating IAPs after parents complained about $100 charges for a "wagon of Smurfberries" in early 2011. The FTC's 2013 complaint alleged that Apple failed to tell parents that entering a password for an in-app purchase also allowed 15 minutes of unlimited purchases by anyone on the account (including children) without requiring a password.
As someone who's been victimized by unethical app developers that prey on children (see the screenshot above), the changes can't come soon enough.
Apple's 15-minute no-password window is particularly troublesome for families that share a single iTunes account. When a parent makes a legitimate purchase on their iPhone, for example, while their child is playing a game on an iPad, the child is able to buy more credits, levels, or unlocks during the next 15 minutes by simply touching "yes" – without entering a password. The charges are automatically approved and charged to the parent's credit card on file.
Unscrupulous iOS game developers take advantage of this loophole by inundating kids with offers to buy more features and time, knowing that a portion of them will be within Apple's 15-minute no-password window. They also bet on the fact that parents will either a) not notice the charges, or b) find it too difficult to request a refund for the unintended purchases (which isn't trivial).
Other "freemium" game developers block gameplay with full-page interstitial ads for their other apps hoping that kids will unwittingly click and download their other wares (but that's a topic for another blog post).
I recommend some changes to the App Store that would help mitigate this growing problem (like requiring a password for all downloads, including free apps) in an article on January 15, 2014.
In its settlement with the U.S. Government Apple agreed to make the following changes no later than March 31, 2014:
- Modify its billing practices to ensure that Apple obtains consumers’ express, informed consent prior to billing them for in-app charges
- Consumers must have the option to withdraw their consent at any time
This probably means the end of the 15-minute no-password window as we know it.
While it might sound trivial, changing the App Store to obtain "consumers’ express, informed consent" before billing them is a significant change. It involves fundamental changes to the App Store order flow and there are a lot of dependencies involved.
One source I spoke to says that it's taking Apple longer than expected to make the required changes. In order to meet the government's second criteria (the option to withdraw their consent at any time) Apple must require a password for all IAPs by default, and perhaps make a no-password window an option via settings.
It's not only iOS that's affected, Apple also needs to make changes to the aging iTunes codebase as well. Since the App Store is also available in the desktop version of iTunes (currently at v11.1.5) Apple would be wise to make changes in it to avoid further FTC scrutiny. Although only apps can be purchased (not IAPs), a no-password window is also present in iTunes on the desktop.
Apple's getting close to releasing iOS 7.1 and I've been told that it would like to include the FTC's IAP changes in the upcoming release. While I can't confirm that the IAP changes are holding up the release of iOS 7.1, it's been over a month since Apple released iOS 7.1 beta 5 to developers on February 4 and the last two 7.1 betas were released with 13 and 15 days of each other.
The other iOS 7.1 deadline Apple is facing is SXSW. It's been rumored that the new iTunes Festival app, required to stream the live musical performances, will require iOS 7.1. The iTunes Festival starts on March 11. If true, Apple could launch 7.1 in time for SXSW with the IAP changes in place, or it could defer the IAP changes in 7.1 and deliver a 7.1.1 update in time to meet the March 31 deadline.
Either way, the clock is ticking.