Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Sued Over Children's In-App Android Purchases

Posted by samzenpus on from the won't-somebody-please-think-of-the-children? dept.

jfruh writes "Android apps sold through the Google Play app store require the user to enter their username and password before making an in-app purchase — but once they've done that, they can continue to do so for half an hour without re-authenticating. Now a lawsuit is claiming this loophole allows children to run up in-app purchases on their parents' credit cards, 'causing Google to pocket millions of dollars.'"

23 of 321 comments (clear)

  1. Please.... by Apotekaren · · Score: 5, Funny

    For once, won't someone think of the PARENTS?

    --
    She: Hey, are you a traitor? Me: No, I'm atheist.
    1. Re:Please.... by Richard_at_work · · Score: 3, Insightful

      Wallet manufacturers must be quaking in their boots.

    2. Re:Please.... by Travis+Mansbridge · · Score: 5, Insightful

      "Hey mom/dad, enter your password"

      A: "Sure"
      B: "Why?"

      Which sounds more responsible?

    3. Re:Please.... by richy+freeway · · Score: 4, Insightful

      The point is that after they have entered their password, the child has 30 minutes of unfettered purchasing power and there is NO warning of this at all.

    4. Re:Please.... by KingOfBLASH · · Score: 4, Insightful

      No, Google designed a system that would be a compromise between security and usability since some people would obviously go bat shit if they had to enter their password every time.

      That a parent gave this to their child and did not properly supervise them is the parents fault.

      Although it would indeed be nice if the parents could indeed have a better monitoring service for kids phones.

    5. Re:Please.... by Cenan · · Score: 5, Insightful

      Kids are not supposed to know the full range of consequences of their actions, that is why we call them children and treat them in a certain way.

      First of all, the in-app purchasing is specifically designed to not warn you when a purchase is made, and to make the purchases as subtle as possible. Even if that were not the case, you'd have to buy the app or whatever and wait 30 minutes before handing the device back to your child to be safe, yet there is currently no indication that the timer is even running or when it expires - not one that is easily accessible. And the mere fact that Google expects you to sit around with your device for 30 minutes, waiting for a timer to expire is unreasonable in the extreme.

      This is absolutely a tech issue, as well as an ethics issue. Google likes the easy money, and their responses to parents who have complained about it have been less than stellar. Google is in a position to both build and destroy trust in consumer computing, on behalf of not only themselves, but everyone who develops for their devices and similar devices. The position Google has taken on this issue is the money-grab-and-run short term approach, and they've been pointing at the app developers for the fix. This is unreasonable, and doesn't actually fix the broken eco-system that is Android apps. The good guys will continue to be the good guys and you're giving a free pass to the rotten apples. Couple this with the fact that it is almost impossible to tell good from bad on Android until you get burned, and you have a major issue going forward, and Google is well on its way to forcing legislation on this issue. Legislation that I bet Google is going to piss and moan over when it passes, even though they, and fuckwits like them, were the ones to cause it.

      Short story even shorter: fix the fucking issue and get on with it already. The fix is so simple it would be hilarious if it wasn't such a fucking money-grab from a supposedly not evil corporation. Make purchasing passwords one time only, or allow for restrictions on where and when the purchasing can be made.

      --
      ... whatever ...
    6. Re:Please.... by bfandreas · · Score: 5, Interesting

      This is not a mom/dat CC issue but goes quite a bit further.

      I will try to demonstrate this on a particular piece of shite brought to us from the people we love to loathe.
      Enter Heroes of Dragon Age. This thing is a deck-building game. Think Hearthstone but the game plays your matches for you. In that respect I would consider it nothing more than an elaborate animated screensaver rather than a game. In HoDA the rarest cards pretty much guarantee your wins. You could grind for months and get lucky and get a couple of them. Or you could cough up monies to buy gems. 99 bucks buy you roughly 20 card draws, 18 of which will not be useful in any way shape or form(+/- statistical variance, but bear with me). You could play matches to earn gold to buy the packs which cost gold but your chance to get anything useful from those is so low that people who get lucky immediately start a forum post about that which in turn will become quite lively. Grinding for gold is a possibility but for one snag. You are limited to 6 PvE and 6PvP matches every two hours. Unless of course you pay gems to play more. So far so bad. The PvE campaign is designed in such a way that you will need the best cards after about an hour of play time. You will encounter multiple major brick walls.

      This is one of the freemium offenders I know. I've been grinding as a free player since Christmas since it is a nice diversion which doesn't require a lot of thought or interaction. But I do have to say one thing about this: It smacks of gambling. In fact it is an elaborate variation of a slot machine. And I can see how a gambling addict could sink hundreds if not thousands of dollars into such a thing. And it seems to be completely unregulated.

      OTOH if I gave you 99 bucks to spend on games and you headed over to the nearest Steam sale you would get so many games that you wouldn't emerge until next year if you completed them all. No value for a lot of money driven by addiction. Children are the easiest prey for this but certainly not the most lucrative.

      So if you compare prices for gems with Steam sales you would think that these are not hardcore gamers. Wrong. Surprisingly so:
      http://kotaku.com/who-are-the-...
      http://www.theguardian.com/tec...

      We are way, WAY beyond "you morons, stop buying gems!". At this point we are in need of regulation Nevada-style. In the meantime suing Google and Apple is the easiest way to apply some pressure but it sure as hell is not enough.

      I would imagine you weren't totally shocked that EA is one of the worst offenders in that particular arena...

      --
      20 minutes into the future
    7. Re:Please.... by gnasher719 · · Score: 3, Interesting

      First of all, the in-app purchasing is specifically designed to not warn you when a purchase is made, and to make the purchases as subtle as possible.

      Just yesterday there was news elsewhere that with iOS 7.1 (which allows a 15 minute period without password entry), when you enter your password now, a dialog will appear telling you about it, with an OK button and a button that takes you to "Settings" where you can turn that feature off.

    8. Re:Please.... by MickyTheIdiot · · Score: 3, Insightful

      There is a lot of missing the point on this thread. This problem goes down to the core of the social and psychological problems and tradeoffs that happen in GUI and application design, web design, and any other system that is accessed by members of the general public.

      Somewhere there is a manager yelling at a designer because "it's hard to use" because there were complaints from users that they "just put in there password" and "why should I do that again?" when they were making a series of purchases. So the designer incorporated a 30 minute time out or grace period to get around the whining. Sometimes there is no absolute sweet spot... there is going to be whining about the design either way. They probably should incorporate a variable (as someone else on this thread mentioned) so the user has control and Google can say that the user has the power to make a choice.

      People are thinking this is deliberate by Google? Bah. Google isn't 100% non-evil, but I don't buy that. They still aren't doing their design in like Microsoft does, in their Marketing department.

    9. Re:Please.... by exploder · · Score: 5, Insightful

      I think the real problem is that parents want to use a phone or tablet as a pacifier, so they don't have to parent the tykes.

      Ah yes, the rallying call of the childless. I'm sure that if you ever have kids, you'll have the means and inclination to devote N hours of your own time every day simply to keeping them entertained.

      --
      Yo dawg, I heard you like the Ackermann function, so OH GOD OH GOD OH GOD
    10. Re:Please.... by hink · · Score: 3, Insightful

      The problem is that there is NO WAY to disable or change the 30 minute window. Using the "require password for all purchases" option does not override the 30 minute window. Google page about how this works. So, I guess the only way to prevent this is to confiscate the phone for 30 minutes.

      "But your child should be trained to not buy things! You're a bad parent!"

      Children are not animals, whipped into learning behaviors. They do not learn as fast as some of you obviously non-parents seem to think. Not to mention that even angelic children can sometimes be "mischievous".
      Oh, and make sure you don't hand your device to your adult friends after you purchase something either. Adults can be even more greedy and stupid than kids.

      --
      - speaking only for myself, as always
    11. Re:Please.... by omnichad · · Score: 3, Insightful

      The fact is, the parent can't revoke authorization for future in-app purchases after authorizing one. This is something that should be addressed. It has led to sleazy app developers taking advantage of them. It's a trojan horse.

      Parents are responsible, yes. And they want a viable option to use that responsibility.

    12. Re:Please.... by Anonymous Coward · · Score: 4, Insightful

      It's almost like Apple and Google were both in the wrong, and Apple corrected it.

      Oh wait, it's exactly like that.

    13. Re:Please.... by butalearner · · Score: 4, Informative

      Children can be more clever than non-parents expect.

      Surely, you jest! This is Slashdot, where everybody except actual parents knows the proper way to raise children, and supervision means hovering over your child at all times, never bathing or using the restroom or cooking meals or sleeping.

      I'm glad some commenters don't have children, although if they did, they wouldn't sound so high and mighty at times like this. Seriously, my six year old plays outside with neighborhood kids all the time and builds way cooler stuff with Legos than I did at his age, but having other recreational activities didn't stop him from getting his hands on my wife's phone for a few minutes earlier this week and spending $16 on in-app purchases before she stopped him. And that's all because we had the audacity to have an infant that needs more attention when we aren't rich enough to both stay home and hover over the children all day.

      We're not going to be joining the class action lawsuit or anything, but it's tiresome to see armchair parents pretend like they could stop it happening. Like most of you we have a lot of devices around, and no matter how well you think you have everything locked down, all it takes is one mistake. This is the only time my son has "accidentally" spent money, and no matter where you want to lay the blame, consider this: if my wife had an iPhone, this wouldn't have happened. Is that really the response you think Google should give?

    14. Re:Please.... by MBGMorden · · Score: 3, Insightful

      Indeed. I don't think they understand that "parenting" isn't so well defined.

      My kids I do a lot of activities with. Next weekend we're going to the zoo. A few weeks ago we went to the aquarium. I read to them and tell them stories quite frequently.

      However, often times they WANT to go do something by themselves. Whether that is playing in the back yard or on the iPad (or more recently the laptop - the 5 year old has gotten pretty proficient with both. She can't even read but she understands how to open the browser and type in "pbskids.org"). You simply can't be there like a hawk for every second without delving into helicopter parenting, which is just a bad idea. At a minimum I should be able to set the tablet so that it asks me for the password EVERY SINGLE TIME you make a purchase.

      Its not something that I have to worry about as I generally hate microtransaction games to the point that I don't let them buy anything in them (so I never enter the password the 1st time), but I certainly can see why someone would want this.

      --
      "People who think they know everything are very annoying to those of us who do."-Mark Twain
    15. Re:Please.... by exploder · · Score: 4, Informative

      This is exactly the problem.

      Current situation: Thank you for entering your password to authorize the purchase on screen. I will not bother to mention that you've also authorized unlimited additional purchases over the next half hour.

      Bare minimum acceptable solution: Thank you for entering your password to authorize this purchase, as well as unlimited additional purchases for half an hour.

      Slightly better: Please enter your password to authorize this purchase, as well as unlimited additional purchases for half an hour.

      Good, and easy solution: Thank you for your purchase. Authorize additional purchases for the next (30 minutes | 24 hours | Forever | No thanks, ask for my password next time ).

      --
      Yo dawg, I heard you like the Ackermann function, so OH GOD OH GOD OH GOD
  2. Why? by Chatterton · · Score: 5, Interesting

    Why Google didn't reacted following the Apple case? It was just a question of time before the same kind of lawsuit would begin against them...

  3. Just call the credit card company and tell them by Chrisq · · Score: 4, Insightful

    Just call the credit card company and tell them that you didn't authorise these payments, then tell google you've done that. This puts the ball in google's court - the payment goes into dispute and they need to decide whether to claim that you did authorise the purchase or give you a refund. My money would be on the latter.

    1. Re:Just call the credit card company and tell them by Chrisq · · Score: 4, Insightful

      Just call the credit card company and tell them that you didn't authorise these payments, then tell google you've done that. This puts the ball in google's court - the payment goes into dispute and they need to decide whether to claim that you did authorise the purchase or give you a refund. My money would be on the latter.

      Doing this you would be committing fraud against the credit card company and get you in trouble. You did authorise these payments because you logged in your child with proper credentials to shop using your card. That you didn't understand the consequences isn't good enough enough defence. Though I would love to be able to reverse the charges when my wife starts shopping with my logged in credit card enabled account.

      It would not be fraud - you authorised one payment then google took the rest without authorisation. I have done this previously with unauthorised follow-up payments and it really goes smoothly, it goes into dispute - the company has a chance to appeal - decides not to - terminates service and refund stands

  4. Wait a minute... by narcc · · Score: 4, Insightful

    This sounds awfully familiar... Didn't Apple have this exact same problem?

    Thanks, TFA:

    The case against Google is similar to one brought by the U.S. Federal Trade Commission against Apple over children's in-app purchases. That case was settled in January and Apple agreed to pay at least US$32.5 million to customers.

    Now we need to ask why Google didn't take action to prevent this sort of thing.

    --
    Required reading for internet skeptics
    1. Re:Wait a minute... by LookIntoTheFuture · · Score: 3, Insightful

      Now we need to ask why Google didn't take action to prevent this sort of thing.

      Because the 30 minute *cha-ching!* window was making the corporate overlords and their shareholders cream their jeans?

      --
      Brave Sir Robin ran away. ("No!") Bravely ran away away. ("I didn't!")
  5. Re:Next we should sue the US treasury for issuing by Barefoot+Monkey · · Score: 4, Insightful

    Monetary bills are already child-proof in this regard. If I give a child $1 this doesn't cause any other money I may have to spontaneously teleport into the child's possession every time the child approaches a toy or sweet within the next 30 minutes. If the child wants more of my money then he/she will need to ask me again.

  6. Simple Checkbox by Drethon · · Score: 3, Insightful

    That says "Remember this payment method for the next half hour?" Then they can choose to make it a one shot only payment.