Slashdot Mirror
Google Sued Over Children's In-App Android Purchases
jfruh writes "Android apps sold through the Google Play app store require the user to enter their username and password before making an in-app purchase — but once they've done that, they can continue to do so for half an hour without re-authenticating. Now a lawsuit is claiming this loophole allows children to run up in-app purchases on their parents' credit cards, 'causing Google to pocket millions of dollars.'"
For once, won't someone think of the PARENTS?
She: Hey, are you a traitor? Me: No, I'm atheist.
Why Google didn't reacted following the Apple case? It was just a question of time before the same kind of lawsuit would begin against them...
I do think
Just call the credit card company and tell them that you didn't authorise these payments, then tell google you've done that. This puts the ball in google's court - the payment goes into dispute and they need to decide whether to claim that you did authorise the purchase or give you a refund. My money would be on the latter.
its someone elses fault
This sounds awfully familiar... Didn't Apple have this exact same problem?
Thanks, TFA:
The case against Google is similar to one brought by the U.S. Federal Trade Commission against Apple over children's in-app purchases. That case was settled in January and Apple agreed to pay at least US$32.5 million to customers.
Now we need to ask why Google didn't take action to prevent this sort of thing.
Required reading for internet skeptics
There Google goes again, copying Apple. This time getting themselves sued for the same reason.
"These games are highly addictive, designed deliberately so, and tend to compel children playing them to purchase large quantities of game currency, amounting to as much as $100 per purchase or more," according to the complaint.
Add to Schedule 1
non-child-proof monetary bills.
It's completely unreasonable that a child could simply use his parent's money and buy candies and toys without their consent.
I like the little key icon my distro has which lets me drop privileges.
IF the system asked "do you want us to save your cc# for later purchases?" and they affirmed, it's the parents' problem.
If, OTOH the cc# was saved without advising the user that it WOULD be saved, that's just economic opportunism, and SHOULD be illegal - saving cc# data in a format that it can be executed for a transaction without affirmative confirmation by the sole cardholder is pretty much the same as making a copy of their cc, no?
-Styopa
That says "Remember this payment method for the next half hour?" Then they can choose to make it a one shot only payment.
Of course, parents can be held in no way responsible for handing their phone to their kids and having their credit card emptied. Same as when I hand my credit card to my kid, it's not my fault when my kid uses it to buy stuff online.
What are these people thinking?
no, I don't have a sig
Ho hum. Try exercising some parental responsibility for a change.
I did a stint with a major carrier doing customer service and billing related stuff. Calls like this came in all the time. Standard procedure was to refund the money and educate the customer so it doesn't happen again. Of course you log in their account that you gave them a one time courtesy refund and educated them on the matter so if they call back with the same complaint you can find a polite way of saying "Too bad so sad". I also spent a lot of time flat out blocking the ability to purchase from the play store, blocking in app-purchases, and blocking short codes.
Brought to you by Carl's Junior.
No!
Oh but why?
No!
But. But.. That's not fair.
Don't care. Grow up unhappy.
Kids need to learn how to say No! to their kids or you end up with shitty grandchildren.
That's my motivation and future investment in people done.
Too many games are sold for free and/or $0.99 yet to be playable require in app purchases to be at all playable.
I closely control what games my 9 year old can play and review them before we buy them and its impossible to tell which ones will be worth a damn without blowing another $10 in in-app purchases to make them playable. I reject games with what look like too-many in-app purchases, and he doesn't have the ability to make those purchases.
Too often I wind up with a very frustrated 9 year old who's upset that he can't win/progress because the game basically requires in-app purchases to be playable for any length of time.
I don't know if there's a very workable solution, but I think devs should be required to clear notification that "advancement or continued play in this game requires in app purchases; the total cost of this game exceeds its initial purchase price."
Unfortunately the app-store economics were built around the "99 cent" app and apparently its either not viable to make a decent title at that price point nor is it possible to get the sales volume for $5.99 games that actually offer playability when you're competing against a sea of nominal 99 cent games.
Uhh... How I would manage to make the application differentiate the father of the child, if the child in question has the credentials and passwords of his father? Is not possible yet to perform miracles.
Religion: The greatest weapon of mass destruction of all time
Why do parents link their credit card to their kid account in the first place? If you want to give them apps/credits you can gift apps and buy gift card that they redeem in their account. They are on sale everywhere including supermarket.
Hmmmmmm decisions decisions decisions. I look at it this way, both are wrong and at fault.
If a corporation forces you to have a CC on file at all times and then allows a 30 minute window of massive funds spending, then they own some responsibility in all of this. Companies want income this is an easy way of doing it, and by placing the info in the EULA as a default action is just a "F U" consumer, we'll do what we want because we've got you addicted to our product. A CYA would be a user setting that is either device wide or insist on the App developers to add a Selectable Option: Must Use Password for every purchase? If yes, then the password must be entered for every freaking purchase, otherwise default to system settings of 30 minute window.
WTF parents. How the hell can you blame a kid for their continuous purchases. Every parent knows that if a kid wants something they will get it. If you give a child a cookie, they always want more, and if you don't hide the cookies and the child knows how to get to them, the child will get them and consume them until they puke and will still continue eating them. How the heck is a cool application that allows you to make a purchase which enhances the game any different. Why is it the big corporations fault for you handing over your phone with either the password already entered for a purchase or telling your kid what the password is? You refuse to engage with your kids, but rather prefer to entertain them with devices that are TIED TO YOUR CREDIT CARD. Quit your bitching, take responsibility for your children's actions, and Parent Your F'ing Kids,
Life takes interesting turns, but the most interest is when you're off the beaten path.
On iTunes I set up an account for my son that has no CC tied to it and is funded with gift cards to prevent exactly this. If he blows $50 because he has no idea what he's doing, then who cares?
Parents who maybe should not be parents in the first place want to abandon the responsibility of being at hand with their children. To top it off they apparently share passwords and maybe credit cards with their kids. Just how is that Google's fault? Really it boild down to stupid parents who probably do not have sufficient money to have kids in the first place. If both mom and dad work full time and are too beat up at the end of the day to raise their kids whose fault is that? It is as if we must tolerate people having babies who are too thoughtless to realise that one full time parent watching over the kids night and day is the minimum for having kids.
No. Strictly speaking, the only person authorized to transact purchases on your credit card is you. This is why you need to sign for purchases with a credit card in real life; it's a contract, and at the end of the day the card holder did not consent (contractually) to the purchases and can lawfully dispute the charges. In this instance the child was the one who defrauded the bank. However, because they're not likely to even comprehend the crime they perpetrated the child wound not be prosecuted criminally. Technically there is nothing stopping the bank from coming after the parent of the child for civil damages, the bank would have start a civil suit at law to hold the parents responsible for the child's actions. The bank doesn't have the resources to do that in every case so they simply accept it as a cost of doing business.
Parents could setup an account and fund it with a gift card from Google. That limits the amount of damage that can be done.
If Google requires a credit card to create an account (I do not have a Google Play account so I do not know if that is the case); set the default to require a password before charging the card each time. You could allow users to change that to add a grace period but then they knowingly opened themselves up to multiple charges.
Alternatively, fund the account from one of these prepaid credit cards that you can load with money and it will only allow charges up to the amount left on the card. My bank offers one of those aimed at children; it allows them to buy things and not carry cash, while still controlling their spending. Additionally, in an emergency I can fund the card directly from an app.
This lawsuit sounds more like parents unwilling to assume responsibility for their own actions and properly supervise their children than anything nefarious on Google's part. If I were on the jury (as suing it actually would go to trail) I'd find for Google in about two seconds.
I'm a consultant - I convert gibberish into cash-flow.
Are you saying this wouldn't have occurred if only app purchases could be done by magically sending cash over the intertubes?
I agree with BarefootMonkey:
- with actual money (and all its electronic imitations, like gift cards, bitcoin, etc.), the control can't be delegated to someone else. Either you have the token, and you decide to spend it. Or you give the token to someone else, and that someone has 100% control on whatever happens to that token (spend it, keep it for later, etc.), but can't do anything about the other tokens still in you pockets.
- with credit cards (and all electronic equivalent, like TFA's google wallet), you give credential to someone else (kid, google, app, whatever), and that someone has suddenly full power to take AS MUCH money as possible until the blocking limit of the credit card. You give a kid the card so the kid can buy a 1.99$ app, but then with the same card, the kid can also buy 200$ worth of in-game bonus.
So indeed, with a cash-equivalent (like a gift card), this situation wouldn't have happened.
Possible way would be:
* Purchase limit. Currently only a timer keeps user logged in (30 seconds). Google could easily implement a "spend" limit (after 20$, CC owner needs to log-in again, no matter if we're only 2sec. into the 30 sec. timer).
* Gift card. Parents buy electronic coupons for 20$ to their kid and let the kid have fun. Once the kid has used up the coupon, well sorry kiddo, you used all your money. ( - This actually helps the kid realise better how things work with cash flow. The kid can notice that there is a limited amount, and that it runs up)
* Cryptocurrencies. I'm not kidding. Bitcoin and co were actually developed exactly for that, exactly to introduce cash-like behaviour. Except for security compromises, bitcoins can't vanish out of your wallet software without your intervention (just like cash can't jump out of your pocket unless a thief is involved).
If you transmit bitcoins to someone else, that someone has full power over them (as noticed by some suckers who left all their coins in exchanges or other on-line wallets that vanished afterward), but can't do anything about those still inside your software wallet.
The only difference with gift cards are:
- gift cards are generally controlled by a single entity which decide over them and handles them. and usually (but not always) they map to actual currency (in some shops, you get a gift card for 20$. But in other shops you get a card for 2000 points, that you paid for 20$, but perhaps later you'll end-up acquiring 25$ worth of goods).
- bitcoins (BTC, the coins) are used on the bitcoin protocol that is distributed. Nobody centrally controls it, anyone is free to jump in and join the party, as long as they follow the protocol (saddly, the lack of regulation means that any crook could do it too. hence all the bitcoin powered scams). And the vlue of BTC are on a roller coaster (meaning that, although it works very well as a mean to "magically send cash over the intertubes", it does a poor job at storing value over time)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
They're a plague anyway.
Was not disappointed.
Yo dawg, I heard you like the Ackermann function, so OH GOD OH GOD OH GOD
have a money limit on how much you can buy without entering your password and have a config item for "allow purchases for X minutes after entering password"
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Just call Google and they'll take care of it. I called them the other day when an AUTHORISED purchase was charged to the wrong card. I wanted to switch the charge to a different CC. I had intended to pay with one card (mine), but Wallet had defaulted to another (my employer's). Google refunded it and suggested I pay them again after changing the account settings.
Of they'll refund an AUTHORISED charge I'm sure they'll handle an unauthorised charge.
A Nintendo DS with a library of used games would have prevented all these problems.
Kids are not supposed to touch cell phones, according to the phone insurance people I used to work for. Handing your kid a cell phone completely absolves your insurance company of any liability if the kid breaks it. (Now, it's another story if your child steals it from your purse or whatever.)
Occasionally living proof of the Ballmer peak.
There is a really simple solution to all these problems on Android: don't enter any payment details. No, you won't be able to buy anything on your phone. What have you lost? Nothing of value. What do you gain? Peace of mind. Freedom. No more bill shock, at least not from that side of the equation.
Take it one step further for even more freedom: remove - or disable - the play store and install F-Droid. It only holds a tiny fraction of the number of apps you'll find on the play store, but everything there is free software. This is both reassuring for those who care about what they run on their devices as well as handy for those who want to get into Android software development - just look at how other did it to get a head start.
--frank[at]unternet.org
The real issue is children. Just ban children and the issue is solved!
But following the logic chain that ultimately results in the parents being responsible either way, it's still fraudulent to expect the money refunded. If this loophole were formalized, then a parent will just route major purchases through their child and then dispute them.
I'll admit that I've never paid for an android app, and that I've merely sold my privacy for the "Free" apps. However after sign-in, and purchase, wouldn't a logout button resolve this? The user could still purchase multiple apps if desired, but essentially lock the paid portion of the store prior to returning the device to the child. Google could easily say.. Your Child ran up your bill? Why didn't you logout? Seems a simple solution.
I found a way to circumvent this issue on an Android device:
Don't link your friggin' credit card to it - go buy one of those Google Play $X Credit cards at the green grocer, and load that to your account.
I don't have kids, but do this anyway. Google doesn't need access to my bank account.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
I think the real problem is that parents want to use a phone or tablet as a pacifier, so they don't have to parent the tykes.
Ah yes, the rallying call of the childless. I'm sure that if you ever have kids, you'll have the means and inclination to devote N hours of your own time every day simply to keeping them entertained.
I have kids of my own, and we also have several tablets, two iPhones (my wife and I each have one), and many gadgets in the house. However, we don't mix tablets/phones in the sense that if I ever have to enter a password into a tablet, that particular tablet does not ever get used by the kids. But you don't need to even have separate tablets (i.e. one for you and one for them). If they ever ask me to enter a password, the answer is no. When my toddler plays with my phone, I make sure that it won't ever get messed up when I get it back from him by taking precautionary steps (e.g. turn off emails, make sure everything requires passwords, etc.) I don't just hand them the device and cry to Apple when they break it.
Then there's also the question of "keeping your kids entertained." You don't need to devote hours of your own time. There are myriad types of toys to entertain your kids -- and even educate them while they're playing. If your tablet is causing problems, then perhaps they could use something else as edutainment. Get them puzzles, coloring books, reading books, etc.
... and it's not my kids stealing. They were playing Penguin Wings 2 and bought about $20 of stuff for their little characters. It was my fault for wanting to distract them, and I changed my settings so that my password is needed each time now. I don't thinl it's google responsibility to protect people from themselves, and a dev who made a fun game got $20 for their work. People just need to use common sense/chillax.
I have an iPhone and not an android, but I'm pretty sure what I do would work with android as well. I simply don't keep a credit card linked to my iTunes account. If I want to buy something, I associate a card, purchase, and then set it back to none. This is something you should do whether you have kids or not.
Not claiming it's available on all (or older devices), but at the very least my Asus MemoPad lets you set up separate accounts with controllable access to apps. And of course separate passwords so Junior never even has a chance to use your account or your credit card.
If you don't want it broken, get another one for you kids -- applies to just about everything.
https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
So because some parents can't be bothered to know how their devices work and not give their kids the opportunity to do this the rest of us have to enter our passwords more often.
I have a kid and (and an Android phone) yet I still think this is BS!
This should fall on the parents not google. If you're not responsible enough to regulate your phone and child then you deserve the loss of $0.99
Yup. this happened to us. My son bought a game and shortly after, my e-mail went nuts. The Google Play store kept thanking me for my "in-game purchase of tony Stark's headquarters." Of course, I was not staring at my e-mail and didn't see the purchases until we had an account devoid of money ($495 gone). My wife asked me what I bought on-line and when, I had no idea. I went to log into the bank, and saw message-waiting on e-mail. After reading it, I asked my son how many times he bought Tony Stark's headquarters. He said, "I got it for free 5 times dad." I explained to him what happened and that the "purchase" he made just cost the equivalent of a nice kayak for him. He asked me how they could do that. I explained ti him about criminals and bad people wanting our money that we work hard for. He said, "Dad, I don't want to play their games any more. Can you pull them off y tablet and accounts?" Which we did. We also contacted our bank about the theft as I called it. The bank responded quickly, by freezing the account and issuing a new account number and disputing the purchases. They got the money back for us (Yay bank!). from this point forward, We only use pre-paid cards for this crap. I explained it to my kids, who didn't get it, with a simple request; put in my hands what you got for the money. They tried to put the tablets in my hand; "No. we paid for those with money and got them." "But daddy, we can't it in the tablet." And then the light came over them.
Good lesson. Pain in the ass, but a good lesson.
... is exactly what we do. When either of our children want a game downloaded or IAP done, we usually wait until their daily time limit is up, check it out, download it, subtract whatever it cost from their allowance, and then the machine goes away until tomorrow. That's partially because we're good parents but mostly because I'm a paranoid nutcase :-)
It's not googles fault parents can't control their little snots. We simply say no download apps and our kids understand not too. Give the kids consequences for not doing as they are told.