Here's how Apple can protect kids against predatory IAPs

Apple and the U.S. Federal Trade Commission (FTC) have entered into a consent decree over In-App Purchases (IAPs) on the App Store (see our earlier coverage). According to the agreement, Apple will be required to provide full refunds to parents whose children purchased unauthorized in-app items, setting a floor of $32 million on refunds. 

As a parent of young kids this issue is near and dear to my heart. I've been personally victimized by unauthorized/unintentional In-App Purchases (IAPs) made by my kids several times. It usually happens shortly after I enter my iTunes Store password (which is saved for 15 minutes by default), then one of my kids will unintentionally click "ok" while using an app that prompts them to purchase some sort of upgrade.

Boom, payment authorized.

Luckily Apple sends an email to the account holder listing all purchases on the account. I audit these emails closely and this is the only way I would have noticed the unauthorized charges. The problem is that Apple's iTunes Store emails are batched and often arrive many days after the unauthorized purchase occurred. Several times when this has happened my kids had no idea about that the purchases had been made, even when I showed them the name and title of the offending app.

Here are some simple steps Apple could take to fix this scourge on the iTunes Store:

1. Add an option to require a password for every transaction (on by default).
2. Add the option to require a password for free downloads (on by default).
3. Actively track the amount of refund requests in apps and set a low threshold for penalizing developers that get more than a certain amount of IAP chargebacks. (i.e. if an app generates more than 10 refund requests in a day it comes off the App Store for a day, and so on...)
4. iTunes Store emails should be sent in real time as purchases occur.
5. Add the option to send an SMS or push notification to the account owner's iPhone or iPad immediately after a purchase (on by default).
6. Make refunds easier to request. Currently you can only request a refund within the desktop version of iTunes, and it's extremely difficult to find.
7. Add more detail to IAPs in the Recent Purchases UI by naming the host app in which the IAP occurred.

The good news is that Apple's agreement with the FTC requires it to make substantive changes to the iTunes purchase flow and hopefully they'll adopt my suggestions above. 

The settlement requires Apple to modify its billing practices to ensure that Apple obtains consumers’ express, informed consent prior to billing them for in-app charges, and that if the company gets consumers’ consent for future charges, consumers must have the option to withdraw their consent at any time. Apple must make these changes no later than March 31, 2014.

Apple CEO Tim Cook wrote a defensive email to employees (read it at Re/code) claiming that he felt that it had no other choice but to settle with the government. I'm glad that Apple decided to settle but it's only the first step to a real solution. The App Store generated over $10 billion in sales for Apple in 2013 and the company is loathe to kill its golden goose. 

Have you been victimized by an unauthorized iTunes purchase?