Google Sued Over Children's In-App Android Purchases

jfruh writes "Android apps sold through the Google Play app store require the user to enter their username and password before making an in-app purchase — but once they've done that, they can continue to do so for half an hour without re-authenticating. Now a lawsuit is claiming this loophole allows children to run up in-app purchases on their parents' credit cards, 'causing Google to pocket millions of dollars.'"

Just call the credit card company and tell them

[Chrisq]

Just call the credit card company and tell them that you didn't authorise these payments, then tell google you've done that. This puts the ball in google's court - the payment goes into dispute and they need to decide whether to claim that you did authorise the purchase or give you a refund. My money would be on the latter.

Wait a minute...

[narcc]

This sounds awfully familiar... Didn't Apple have this exact same problem?

Thanks, TFA:

The case against Google is similar to one brought by the U.S. Federal Trade Commission against Apple over children's in-app purchases. That case was settled in January and Apple agreed to pay at least US$32.5 million to customers.

Now we need to ask why Google didn't take action to prevent this sort of thing.

Re:Please....

[Richard_at_work]

Wallet manufacturers must be quaking in their boots.

Re:Please....

[Travis Mansbridge]

"Hey mom/dad, enter your password"

A: "Sure"
B: "Why?"

Which sounds more responsible?

Re:Please....

[richy freeway]

The point is that after they have entered their password, the child has 30 minutes of unfettered purchasing power and there is NO warning of this at all.

Re:Please....

[KingOfBLASH]

No, Google designed a system that would be a compromise between security and usability since some people would obviously go bat shit if they had to enter their password every time.

That a parent gave this to their child and did not properly supervise them is the parents fault.

Although it would indeed be nice if the parents could indeed have a better monitoring service for kids phones.

Re:Wait a minute...

[LookIntoTheFuture]

Now we need to ask why Google didn't take action to prevent this sort of thing.

Because the 30 minute *cha-ching!* window was making the corporate overlords and their shareholders cream their jeans?

Re:Please....

[Lumpy]

Yes, there is. it is right there in the agreement that YOU SHOULD HAVE READ when you first use the store. you clicked "i agree"

What? you did not read that? not our problem.

Re:Next we should sue the US treasury for issuing

[Barefoot Monkey]

Monetary bills are already child-proof in this regard. If I give a child $1 this doesn't cause any other money I may have to spontaneously teleport into the child's possession every time the child approaches a toy or sweet within the next 30 minutes. If the child wants more of my money then he/she will need to ask me again.

Re:Just call the credit card company and tell them

[Chrisq]

Just call the credit card company and tell them that you didn't authorise these payments, then tell google you've done that. This puts the ball in google's court - the payment goes into dispute and they need to decide whether to claim that you did authorise the purchase or give you a refund. My money would be on the latter.

Doing this you would be committing fraud against the credit card company and get you in trouble. You did authorise these payments because you logged in your child with proper credentials to shop using your card. That you didn't understand the consequences isn't good enough enough defence. Though I would love to be able to reverse the charges when my wife starts shopping with my logged in credit card enabled account.

It would not be fraud - you authorised one payment then google took the rest without authorisation. I have done this previously with unauthorised follow-up payments and it really goes smoothly, it goes into dispute - the company has a chance to appeal - decides not to - terminates service and refund stands

Re:Next we should sue the US treasury for issuing

[Richard_at_work]

A child taking money from your wallet without your knowledge is no different to this situation.

Re:Please....

[Cenan]

Kids are not supposed to know the full range of consequences of their actions, that is why we call them children and treat them in a certain way.

First of all, the in-app purchasing is specifically designed to not warn you when a purchase is made, and to make the purchases as subtle as possible. Even if that were not the case, you'd have to buy the app or whatever and wait 30 minutes before handing the device back to your child to be safe, yet there is currently no indication that the timer is even running or when it expires - not one that is easily accessible. And the mere fact that Google expects you to sit around with your device for 30 minutes, waiting for a timer to expire is unreasonable in the extreme.

This is absolutely a tech issue, as well as an ethics issue. Google likes the easy money, and their responses to parents who have complained about it have been less than stellar. Google is in a position to both build and destroy trust in consumer computing, on behalf of not only themselves, but everyone who develops for their devices and similar devices. The position Google has taken on this issue is the money-grab-and-run short term approach, and they've been pointing at the app developers for the fix. This is unreasonable, and doesn't actually fix the broken eco-system that is Android apps. The good guys will continue to be the good guys and you're giving a free pass to the rotten apples. Couple this with the fact that it is almost impossible to tell good from bad on Android until you get burned, and you have a major issue going forward, and Google is well on its way to forcing legislation on this issue. Legislation that I bet Google is going to piss and moan over when it passes, even though they, and fuckwits like them, were the ones to cause it.

Short story even shorter: fix the fucking issue and get on with it already. The fix is so simple it would be hilarious if it wasn't such a fucking money-grab from a supposedly not evil corporation. Make purchasing passwords one time only, or allow for restrictions on where and when the purchasing can be made.

Re:Please....

[Cenan]

If Google didn't want children to use their devices, why are they approving apps specifically targeted at children? This is a money-grab from Google, pure and simple.

Simple Checkbox

[Drethon]

That says "Remember this payment method for the next half hour?" Then they can choose to make it a one shot only payment.

Protecting us from the stupid

[Akratist]

Ho hum. Try exercising some parental responsibility for a change.

Re:Please....

[MickyTheIdiot]

There is a lot of missing the point on this thread. This problem goes down to the core of the social and psychological problems and tradeoffs that happen in GUI and application design, web design, and any other system that is accessed by members of the general public.

Somewhere there is a manager yelling at a designer because "it's hard to use" because there were complaints from users that they "just put in there password" and "why should I do that again?" when they were making a series of purchases. So the designer incorporated a 30 minute time out or grace period to get around the whining. Sometimes there is no absolute sweet spot... there is going to be whining about the design either way. They probably should incorporate a variable (as someone else on this thread mentioned) so the user has control and Google can say that the user has the power to make a choice.

People are thinking this is deliberate by Google? Bah. Google isn't 100% non-evil, but I don't buy that. They still aren't doing their design in like Microsoft does, in their Marketing department.

Re:Please....

[CastrTroy]

If the parent can't trust the kid not to make charges on their account, they shouldn't be giving the device to the child. I have a 6 and a 7 year old. Both of them are smart enough to know how to avoid in-app transactions, and know that they aren't allowed to make them. If you can't trust your kids, get them a Nintendo DS, or some other gaming system.

Also, isn't it possible to have a Google Play account without a credit card? Don't they have gift cards you can load on for those without credit cards? If you are required a credit card, You could just get a Visa/Mastercard Gift Card, and use that, which limits your liability to the amount pre-loaded on the card.

Re:Please....

[exploder]

I think the real problem is that parents want to use a phone or tablet as a pacifier, so they don't have to parent the tykes.

Ah yes, the rallying call of the childless. I'm sure that if you ever have kids, you'll have the means and inclination to devote N hours of your own time every day simply to keeping them entertained.

Re:Please....

[hawkinspeter]

If I'm prompted for a password when I try to buy software, then I'd expect any attempt to buy further software would require the password again.

If I put in a password and it flashed up "Authorised for 30 minutes" and had an easy way to cancel the 30 minutes, then the fault would be clearly with the parent.

It's unreasonable to have a hidden timeout to allow kids to buy games on someone else's account.

Re:Please....

[hink]

The problem is that there is NO WAY to disable or change the 30 minute window. Using the "require password for all purchases" option does not override the 30 minute window. Google page about how this works [google.com]. So, I guess the only way to prevent this is to confiscate the phone for 30 minutes.

"But your child should be trained to not buy things! You're a bad parent!"

Children are not animals, whipped into learning behaviors. They do not learn as fast as some of you obviously non-parents seem to think. Not to mention that even angelic children can sometimes be "mischievous".
Oh, and make sure you don't hand your device to your adult friends after you purchase something either. Adults can be even more greedy and stupid than kids.

Re:Please....

[omnichad]

The fact is, the parent can't revoke authorization for future in-app purchases after authorizing one. This is something that should be addressed. It has led to sleazy app developers taking advantage of them. It's a trojan horse.

Parents are responsible, yes. And they want a viable option to use that responsibility.

Re:Please....

[Anonymous Coward]

It's almost like Apple and Google were both in the wrong, and Apple corrected it.

Oh wait, it's exactly like that.

Re:Please....

[MBGMorden]

Indeed. I don't think they understand that "parenting" isn't so well defined.

My kids I do a lot of activities with. Next weekend we're going to the zoo. A few weeks ago we went to the aquarium. I read to them and tell them stories quite frequently.

However, often times they WANT to go do something by themselves. Whether that is playing in the back yard or on the iPad (or more recently the laptop - the 5 year old has gotten pretty proficient with both. She can't even read but she understands how to open the browser and type in "pbskids.org"). You simply can't be there like a hawk for every second without delving into helicopter parenting, which is just a bad idea. At a minimum I should be able to set the tablet so that it asks me for the password EVERY SINGLE TIME you make a purchase.

Its not something that I have to worry about as I generally hate microtransaction games to the point that I don't let them buy anything in them (so I never enter the password the 1st time), but I certainly can see why someone would want this.