Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,294
30,378



appstore.jpg
Apple and the U.S. Federal Trade Commission have entered into a consent decree over in-app purchases on the App Store. In a memo to Apple employees, CEO Tim Cook wrote that the company felt it had no other choice.

According to the agreement, Apple will be required to provide full refunds to parents whose children purchased unauthorized in-app items, setting a floor of $32 million on refunds.

A large part of the FTC's concern was related to a fifteen-minute window after a password is entered on the App Store, during which other purchases can be made without a password being entered. Apple will now be required to notify users that the fifteen-minute window exists to obtain "expressed and informed consent" from its customers.

In early 2013, Apple settled a class action lawsuit originally filed by parents after their children ran up hundreds of dollars on in-app purchases in freemium games.

In the memo, which was obtained by Re/code, Cook wrote that it didn't "feel right for the FTC to sue over a case that had already been settled" and it "smacked of double jeopardy".
From: Tim Cook
Date: January 15, 2014
Subject: FTC announcement

Team,

I want to let you know that Apple has entered into a consent decree with the U.S. Federal Trade Commission. We have been negotiating with the FTC for several months over disclosures about the in-app purchase feature of the App Store, because younger customers have sometimes been able to make purchases without their parents' consent. I know this announcement will come as a surprise to many of you since Apple has led the industry by making the App Store a safe place for customers of all ages.

From the very beginning, protecting children has been a top priority for the App Store team and everyone at Apple. The store is thoughtfully curated, and we hold app developers to Apple's own high standards of security, privacy, usefulness and decency, among others. The parental controls in iOS are strong, intuitive and customizable, and we've continued to add ways for parents to protect their children. These controls go far beyond the features of other mobile device and OS makers, most of whom don't even review the apps they sell to children.

When we introduced in-app purchases in 2009, we proactively offered parents a way to disable the function with a single switch. When in-app purchases were enabled and a password was entered to download an app, the App Store allowed purchases for 15 minutes without requiring a password. The 15-minute window had been there since the launch of the App Store in 2008 and was aimed at making the App Store easy to use, but some younger customers discovered that it also allowed them to make in-app purchases without a parent's approval.

We heard from some customers with children that it was too easy to make in-app purchases, so we moved quickly to make improvements. We even created additional steps in the purchasing process, because these steps are so helpful to parents.

Last year, we set out to refund any in-app purchase which may have been made without a parent's permission. We wanted to reach every customer who might have been affected, so we sent emails to 28 million App Store customers - anyone who had made an in-app purchase in a game designed for kids. When some emails bounced, we mailed the parents postcards. In all, we received 37,000 claims and we will be reimbursing each one as promised.

A federal judge agreed with our actions as a full settlement and we felt we had made things right for everyone. Then, the FTC got involved and we faced the prospect of a second lawsuit over the very same issue.

It doesn't feel right for the FTC to sue over a case that had already been settled. To us, it smacked of double jeopardy. However, the consent decree the FTC proposed does not require us to do anything we weren't already going to do, so we decided to accept it rather than take on a long and distracting legal fight.

The App Store is one of Apple's most important innovations, and it's wildly popular with our customers around the world because they know they can trust Apple. You and your coworkers have helped Apple earn that trust, which we value and respect above all else.

Apple is a company full of disruptive ideas and innovative people, who are also committed to upholding the highest moral, legal and ethical standards in everything we do. As I've said before, we believe technology can serve humankind's deepest values and highest aspirations. As Apple continues to grow, there will inevitably be scrutiny and criticism along our journey. We don't shy away from these kinds of questions, because we are confident in the integrity of our company and our coworkers.

Thank you for the hard work you do to delight our customers, and for showing them at every turn that Apple is worthy of their trust.

Tim
In response, the FTC said that its proposed order is more robust than the settlement in the class action lawsuit, and that the resolution in that lawsuit didn't require Apple to change its behavior. Additionally, the FTC's settlement does not put a cap on the amount that could be refunded to parents, while the lawsuit's did.

Article Link: Apple Agrees to FTC Terms Over In-App Purchases With $32 Million Settlement
 

osx11

macrumors 6502a
Jan 16, 2011
825
0
Can Apple do more to make sure kids don't make in-app purchases? Maybe!

Can parents do more to see what their kids are doing at such a young age? Definitely!
 

Rogifan

macrumors Penryn
Nov 14, 2011
24,084
31,015
Can Apple do more to make sure kids don't make in-app purchases? Maybe!

Can parents do more to see what their kids are doing at such a young age? Definitely!

Much easier to sue a company with deep pockets.
 

slapppy

macrumors 65816
Mar 20, 2008
1,227
42
Why Apple?

Why? This is the parents responsibility. How many more flags will Apple be forced to place before the experience of using the Apps becomes frustrating. What about the competitors in-app store? Where is the FTC for those companies? Hello???
 

firedept

macrumors 603
Jul 8, 2011
6,277
1,130
Somewhere!
For me it was simple. Do not link a card to your ID. If I want to purchase something from iTunes or the App Store, then I purchase gift cards in the closest amount I require to make that purchase. Then there is no chance of funds being spent without my knowledge.

Over seeing what your children are doing on their devices does not harm either. I am fortunate to have children who have always asked for gift cards so they can do their purchases as well. Again, no cards linked to their ID's. It has always worked for us thankfully.

There is also the flip side, where a few parents just do not pay enough attention to their children. Hence these problems. Saying a few, not all.

How much more can Apple do? Except completely remove the feature from apps. Which will not fly.
 
Last edited:

wildmac

macrumors 65816
Jun 13, 2003
1,167
1
Why? This is the parents responsibility. How many more flags will Apple be forced to place before the experience of using the Apps becomes frustrating. What about the competitors in-app store? Where is the FTC for those companies? Hello???

Silly.. the FTC goes after the bright lights, someone will probably get a promotion for getting Apple to agree to this, just like the Justice Dept.
 

Popeye206

macrumors 68040
Sep 6, 2007
3,148
836
NE PA USA
So are they going after Google now too??? They should shouldn't they? I would think Android apps are guilty of the same thing.

Something seems so wrong with this whole thing. Apple really seemed to do the right thing and is still being punished (again).
 

samcraig

macrumors P6
Jun 22, 2009
16,779
41,982
USA
Another simple solution would be to add a second password for IAP. So it doesn't matter if they already are signed in - IAP would require a 2nd password or pin code.
 

globalist

macrumors 6502a
Aug 19, 2009
748
264
Cook said:
We heard from some customers with children that it was too easy to make in-app purchases, so we moved quickly to make improvements. We even created additional steps in the purchasing process, because these steps are so helpful to parents.

Umm, what improvements and additional steps were implemented? AFAIK the 15-minute thing still exists and is ON by default (yes there is a setting for this that was added to iOS at one point, but the default is still WRONG) ....
 

Snowy_River

macrumors 68030
Jul 17, 2002
2,520
0
Corvallis, OR
IAP are evil get rid of them

Freemium games that charge you $100 for something that will benefit you for a few minutes or hours are evil. Those are the things to get rid of. Personally, I despise the freemium model. It's designed to get customers to spend more on a game than they would have been willing to spend on an outright purchase. I'm not a big fan of the subscription model either (yes, I know, that's a whole other discussion), but I think that the freemium model is FAR worse.

IAP, IMO, are not a bad thing. As an example of a good implementation of them, there is an app that I work with that has several modules that offer expanded functionality. By breaking up the functionality, they allow me the flexibility to only buy what I need. It works quite well. Also, IAP can be used in games to enable free trial and pay to enable the full game (as a 1 time purchase). I've seen a number of games follow this approach, rather than having separate free versions that are limited, and I think it works better and makes it more likely that a customer buys the full game.

As for the whole parental question, my son succeeded in using an IAP in a game on my iPad. I was right there. He found a game that he wanted, so I downloaded it. We launched it, and there was something that he wanted (it was the option to fly a particular plane), so he clicked on it, a little dialog popped up, and he touched the OK button, all in a moment when I was answering a question my wife had asked me. BAM! A $10 purchase. Wrote to Apple and they refunded the purchase, but it drove home how quick and easy it was for my son, who occasionally plays on my iPad or my wife's iPad, to make a purchase if we've recently had a reason to enter the password.

The steps we took to deal with this were straightforward. At first, I tried setting the option to always ask for a password. This became an issue primarily because this meant that the password was required for every update, in addition to new downloads and IAPs. So, that was switched back. The final solution was to turn off IAP, in the premise that, if my wife or I want to make an IAP, we know how to turn it back on so we can do it. This has worked quite well. There have been a couple of instances where my son has accidentally (or intentionally) hit a button that would have lead to an IAP, but it was quite promptly blocked.

I appreciated the fact that Apple refunded that one mistaken purchase. But, having seen the potential issue, any future failures are on me. Knowing that my son is capable of doing this, it's up to me to make sure that there are reasonable safeguards against it. Eventually, those safeguards will include him having his own iPad with the setting to always ask for the password enabled.

To pu it another way, fool me once, shame on you, fool me twice, shame on me.
 

slapppy

macrumors 65816
Mar 20, 2008
1,227
42
So are they going after Google now too??? They should shouldn't they? I would think Android apps are guilty of the same thing.

Something seems so wrong with this whole thing. Apple really seemed to do the right thing and is still being punished (again).

No. Just as the Gov has not gone after Amazon for Monopolizing the market and selling products at a loss to disrupt a market.
 

firedept

macrumors 603
Jul 8, 2011
6,277
1,130
Somewhere!
Another simple solution would be to add a second password for IAP. So it doesn't matter if they already are signed in - IAP would require a 2nd password or pin code.

Good idea, but I could hear it now, "Why do I have to put in a second password or code to do in app purchases? I already put in my password once. What a pain!".
 

Crzyrio

macrumors 68000
Jul 6, 2010
1,586
1,110
Good idea, but I could hear it now, "Why do I have to put in a second password or code to do in app purchases? I already put in my password once. What a pain!".

+1 they can never win.

This entire thing is going to create an inconvenience for the rest of the population. I don't want another popup coming up when I purchase something or enter my password
 

macsmurf

macrumors 65816
Aug 3, 2007
1,200
948
It seems much more sensible to always require password for IAP per default. The fact that a 15 minute window exists where anything goes is not something a reasonable consumer can be expected to know.
 

giantfan1224

macrumors 6502a
Mar 9, 2012
870
1,115
Good idea, but I could hear it now, "Why do I have to put in a second password or code to do in app purchases? I already put in my password once. What a pain!".

Then have the ability to turn second verification off. And make the second verification on as a default until turned off by the user.
 

Renzatic

Suspended
+1 they can never win.

This entire thing is going to create an inconvenience for the rest of the population. I don't want another popup coming up when I purchase something or enter my password

It's one smaller inconvenience to answer a greater one. I'm pretty sure a parent with a spend-crazy kid would rather endure the occasional in-app password prompt than deal with an extra $600 worth of charges on their credit card.
 

FriednTested

macrumors 6502
Jan 13, 2014
402
79
Freemium games that charge you $100 for something that will benefit you for a few minutes or hours are evil. Those are the things to get rid of. Personally, I despise the freemium model. It's designed to get customers to spend more on a game than they would have been willing to spend on an outright purchase. I'm not a big fan of the subscription model either (yes, I know, that's a whole other discussion), but I think that the freemium model is FAR worse.

IAP, IMO, are not a bad thing. As an example of a good implementation of them, there is an app that I work with that has several modules that offer expanded functionality. By breaking up the functionality, they allow me the flexibility to only buy what I need. It works quite well. Also, IAP can be used in games to enable free trial and pay to enable the full game (as a 1 time purchase). I've seen a number of games follow this approach, rather than having separate free versions that are limited, and I think it works better and makes it more likely that a customer buys the full game.

As for the whole parental question, my son succeeded in using an IAP in a game on my iPad. I was right there. He found a game that he wanted, so I downloaded it. We launched it, and there was something that he wanted (it was the option to fly a particular plane), so he clicked on it, a little dialog popped up, and he touched the OK button, all in a moment when I was answering a question my wife had asked me. BAM! A $10 purchase. Wrote to Apple and they refunded the purchase, but it drove home how quick and easy it was for my son, who occasionally plays on my iPad or my wife's iPad, to make a purchase if we've recently had a reason to enter the password.

The steps we took to deal with this were straightforward. At first, I tried setting the option to always ask for a password. This became an issue primarily because this meant that the password was required for every update, in addition to new downloads and IAPs. So, that was switched back. The final solution was to turn off IAP, in the premise that, if my wife or I want to make an IAP, we know how to turn it back on so we can do it. This has worked quite well. There have been a couple of instances where my son has accidentally (or intentionally) hit a button that would have lead to an IAP, but it was quite promptly blocked.

I appreciated the fact that Apple refunded that one mistaken purchase. But, having seen the potential issue, any future failures are on me. Knowing that my son is capable of doing this, it's up to me to make sure that there are reasonable safeguards against it. Eventually, those safeguards will include him having his own iPad with the setting to always ask for the password enabled.

To pu it another way, fool me once, shame on you, fool me twice, shame on me.


Somewhere I blame android for this IAP ****... The piracy on android gave birth to this model...
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.