Here's how Apple can protect kids against predatory IAPs

Here's how Apple can protect kids against predatory IAPs

Summary: Apple reluctantly settled with the U.S. Federal Trade Commission over the practice of developers targeting kids with In-App Purchases but it's not enough. There's a couple of simple things Apple could do to protect families from predatory developers.


Apple and the U.S. Federal Trade Commission (FTC) have entered into a consent decree over In-App Purchases (IAPs) on the App Store (see our earlier coverage). According to the agreement, Apple will be required to provide full refunds to parents whose children purchased unauthorized in-app items, setting a floor of $32 million on refunds. 

Here's how Apple can protect kids against predatory IAPs - Jason O'Grady

As a parent of young kids this issue is near and dear to my heart. I've been personally victimized by unauthorized/unintentional In-App Purchases (IAPs) made by my kids several times. It usually happens shortly after I enter my iTunes Store password (which is saved for 15 minutes by default), then one of my kids will unintentionally click "ok" while using an app that prompts them to purchase some sort of upgrade.

Boom, payment authorized.

Luckily Apple sends an email to the account holder listing all purchases on the account. I audit these emails closely and this is the only way I would have noticed the unauthorized charges. The problem is that Apple's iTunes Store emails are batched and often arrive many days after the unauthorized purchase occurred. Several times when this has happened my kids had no idea about that the purchases had been made, even when I showed them the name and title of the offending app.

Here are some simple steps Apple could take to fix this scourge on the iTunes Store:

  1. Add an option to require a password for every transaction (on by default).
  2. Add the option to require a password for free downloads (on by default).
  3. Actively track the amount of refund requests in apps and set a low threshold for penalizing developers that get more than a certain amount of IAP chargebacks. (i.e. if an app generates more than 10 refund requests in a day it comes off the App Store for a day, and so on...)
  4. iTunes Store emails should be sent in real time as purchases occur.
  5. Add the option to send an SMS or push notification to the account owner's iPhone or iPad immediately after a purchase (on by default).
  6. Make refunds easier to request. Currently you can only request a refund within the desktop version of iTunes, and it's extremely difficult to find.
  7. Add more detail to IAPs in the Recent Purchases UI by naming the host app in which the IAP occurred.

The good news is that Apple's agreement with the FTC requires it to make substantive changes to the iTunes purchase flow and hopefully they'll adopt my suggestions above. 

The settlement requires Apple to modify its billing practices to ensure that Apple obtains consumers’ express, informed consent prior to billing them for in-app charges, and that if the company gets consumers’ consent for future charges, consumers must have the option to withdraw their consent at any time. Apple must make these changes no later than March 31, 2014.

Apple CEO Tim Cook wrote a defensive email to employees (read it at Re/code) claiming that he felt that it had no other choice but to settle with the government. I'm glad that Apple decided to settle but it's only the first step to a real solution. The App Store generated over $10 billion in sales for Apple in 2013 and the company is loathe to kill its golden goose. 

Have you been victimized by an unauthorized iTunes purchase?

Topic: Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Good ideas

    but given the fact Tim Cook wrote "defensive emails" Apple is likely to just hire more lawyers and through more money into settling lawsuits in the future.
    Sean Foley
  • Kid's Corner

    Or they could do something similar to Kid's Corner on WP.
  • It's not just apple either

    My nephew just socked my sisters card for over 150 bucks on their amazon tablet. The industry needs to fig this out.
    • Why does the industry have to play nanny?

      I think your sister needs to learn to be a parent and deal with your nephew as a child. Apple, Amazon, and everyone else does not need to play nanny to everyone's children because mommy and daddy cannot do basic parenting.

      How do I handle this? Rule #1: You get an allowance to spend. Rule #2: you go over the allowance you have to pay me back, with interest. We go over the interest rates and how they are going to pay me. Rule #3: If you don't have money the interest accrues and you have to find a way to pay me. Don't have a job? Do what I did... cut grass or shovel snow, baby sit, do odd jobs, get a job, do something.

      Oh... I forgot... in this day and age of being politically correct we cannot have our precious little ones go out and learn about real life. We have to protect them from their big bad selves without letting them fall on their behinds and learn to pick up and move on.

      As soon as I instituted this policy, my kids learned not go over their budget. They are learning the responsibility of managing their money. Even the 7 year old has learned when his allowance was reduced while he paid his debt. They are learning responsibility because their parents are acting like parents and not trying to be their friend.

      The money they owe to the Bank of Dad gets deposited into their accounts for future use. In fact, they are being deposited into a real savings account that they will get for a larger purchase, like a car when they get their licenses. Why? Because it teaches the responsibility of dealing with their money. Remember, I am their parent, not their friend!
      • LOL

        You wanna "teach" a 4 year old to live withing her allowances. Unfortunately a 4 year old neither gets allowance nor has any idea about what a transaction (purchase) actually is.
      • Interesting

        Why is it about money? Have you ever considered simply telling them not to do it and then punish them for non-compliance with your rule? If they actively want a paid app, sure let them come to you to work out a deal. At issue here are the bona fide mistakes, not kids taking advantage of the 15 minute window of opportunity on the sly.

        Your policy also doesn't cover children too young to understand or kids who are not able to read.

        So yeah, reforms in the App Store are needed. Require password on all transactions and disable in app purchases should be the default setting with an option to loosen it up.
      • Bad parenting?

        This is not always about parenting.
        The games my daughters are playing are continuously stopping them from progressing in the game until they've paid.
        IAPs are turned off on all our devices so I'm constantly saying 'No' to them.
        For anyone who doesn't see a problem with this I suggest that everything in iTunes also becomes free to down load.
        For example. If you download 'Captain Phillips' its free. Then every 10 minutes you'll be asked if you want to watch the next 10 minutes and it will cost you £2.99 each time.
        Good idea right?
  • Take this advice people...

    Arm A. Geddon
  • One more thing...

    KUDOS Tim Cook!! Excellent letter.
    Arm A. Geddon
  • Simple . . .

    Settings -> General -> Restrictions -> Require Password -> Immediately

    Can also look around and adjust other settings there as well.

    Or better yet - the kids don't *really* need to borrow your cell phone, do they? Buy them a Nintendo DS.
    • Make it the default setting

      Because hiding it deep inside menu after menus would be like automatic op-in for service that you don't want.
  • Just stop

    Perhaps a better option would be to not let your children play games where you can rack up bills of thousands of dollars. If you want to give your children games to play, given them child appropriate games. Nintendo make heaps of them, without needing in-app purchases.

    Could Apple do this better? Yes, they should certainly be tightening down in-app purchases, specifically around the areas of actually needing them in the first place. I would go so far as to say, "free" games shouldn't be allowed to charge any money at all. If your game has in-app purchases you should be required to charge up front, so people are aware of what they're getting into (it's quite a lot like the analogy of the crack dealer giving away the first hit to get you hooked, and just as scummy).

    That said, parents need to take a lot more responsibility here. Don't give your children devices that can automatically charge things to your credit card. A tiny little bit of common sense would be good.
  • Here are a few questions ...

    - Who gave the kid the device?
    - Who signed up the device with his/her credit card?
    - Who gave the kid the account and password (or signed up then walked away) to allow purchases?
    - Who allowed the kid to use the device without supervision?
    - Who failed to monitor his/her email for notifications of purchases? (which are sent within seconds after a purchase)
    - Who failed to teach their kids about asking before clicking?

    After answering those questions, can you tell me why is ANYBODY ELSE responsible for any purchase done by kid?
    • Not really

      Email notifications of app purchases are not sent within seconds, nor minutes and sometimes not even within hours. The author points that out. Don't take my word for it, test it yourself.

      By default an in app purchase can be done without requiring a password if it occurs within 15 minutes of an authorized purchase. Yes, savvy readers here know to go change that setting. Should the average user know this or should Apple require it by default? I say it should be the default and Apple is on the hook for this.

      Remember this problem exists for iPods and iPads also, not just iPhones. Yeah, you can argue that I should be looking over my kid's shoulder the entire time he/she is using a piece of tech but that is simply not realistic IMO.
  • Apple's deceptively "required" payment option

    In the Apple ID sign-up.
    They purposely removed the no payment option to deceive new users into linking credit cards with new IDs. Even if they just want to use free apps.
    There is a way to get an Apple-ID with no payment option, but they don't make it easy.
    Apple greed compromised the user.
    Best solution is what Android offers: truly free accounts with no payment option required on sign-up. AND multi-user, so your kids can log in with their own ID and use their own free accounts and not mess with your account. You can give them prepaid cards for purchases and they can learn to moderate this amount on their own accounts.
  • And again everyone misses the boat

    I vaguely remember the last time this blog featured a commentary on IAP's and similar iPad nightmares in regards to child users… I was one of only a two or three people that responded… and it appeared quite clear that O'Grady's faithful were far more concerned about tech than ethics. This post and responses suggest the same, though there are markedly more responses here.

    I had called Apple previously demanding justice when I discovered that while playing Sparkle Paint (a nice benign pre-school colouring app) my 4-year old was repeatedly presented with full-screen pop-ups asking every two bloody minutes to buy into something, accompanied by quarter-screen pop ups asking my little girl firstly, if she'd like to choose a rifle, machine gun or pistol for her next gaming adventure, and then if she'd like to get laid by some Asian whore today!

    The solution to crap like this is not to build in better, quicker means to refunds, nor to password protect every single purchase, nor to accuse parents of being bad parents for turning their backs for one minute, nor to ask Apple to be better parents on our behalf, but to simply shut down the god forsaken system as it exists, and demand a more ethical approach to the entire industry. The fact that Apple and app developers both wash their hands of the nightmares popping up inside their apps is a sad indicator of what is truly motivating most app developers, and the industry at large. At this rate Apple should just start giving away a free pack of cigarettes to every new youth purchaser of iPads and apps to fill it!

    There is essentially no sensible ethical policing of this industry and it's very much out of control when I can't leave my child in front of a pre-school app for five minutes. Like most other social networking tools of our age, the Apple mobile computing revolution has really just been a road to sleazy corporate manipulation of a public largely unprepared to deal with it.

    I do a lot of promotions for a private school in my area and guide them through many tech-related choices including the very nature of their own website. Because there are children's minds at stake we link nothing to any of our corporate data-collecting facades called social networks (Facebook, Twitter et al), and nor do we employ a single iPad in the classroom. Not, mind you, because we don't want to, but simple because neither Apple, the app developers or the media providers funnelled through them, are prepared to, or can be trusted to do the right thing.

    Better refunds is not the solution but rather just a symptom of something much bigger and uglier that unfortunately this blog's readers, or many at large, care anymore to address. You've made your bed with all your don't give a !@#$ carefree attitude, and now you're sleeping in it. Have a good night.
  • Here's how an adult can protect kids against predatory IAPs

    Just hold on to the device for 15 minutes after you actually see what they download if you don't think you can trust your kids or you give them a chance and they still do it by mistake, hold on to it for 15 minutes because they are not old enough or responsible enough. Also there is an option to require a password for free downloads.
  • Multiple accounts ... oops

    That's a feature even iOS 7 is still lacking.

    Welcome in 2014 where Apple still offer an OS that delivers about the same main features as pure DOS back in the 80s.

    What a feat.