Earlier this year, Apple reached a settlement with the Federal Trade Commission (FTC) over the company’s In-App Purchase system, which did not have proper safeguards in place to prevent in-app purchases by children.
As a part of the settlement, Apple agreed to refund $32.5 million for all unauthorised charges to parents, and also make changes to its billing policy in a way that requires permission for all attempted IAP charges.
The main issue parents have is the 15-minute window after entering the iTunes password, in which children could purchase virtual currency and goods by simply tapping an “OK” button, without the need for a password. Unethical game developers exploited this, and designed their games to maximise the changes of a kid making a second purchase within the 15-minute window.
To fix these issues, Apple agreed to make the following changes to the IAP system by March 31st, 2014:
- Modify its billing practices to ensure that Apple obtains consumers’ express, informed consent prior to billing them for in-app charges
- Consumers must have the option to withdraw their consent at any time
ZDNet claims that Apple is having a difficult time implementing these changes in time for the deadline, as they require significant changes to the App Store architecture:
While it might sound trivial, changing the App Store to obtain “consumers’ express, informed consent” before billing them is a significant change. It involves fundamental changes to the App Store order flow and there are a lot of dependencies involved.
One source I spoke to says that it’s taking Apple longer than expected to make the required changes. In order to meet the government’s second criteria (the option to withdraw their consent at any time) Apple must require a password for all IAPs by default, and perhaps make a no-password window an option via settings.
Apple wants to incorporate the changes recommended by the FTC in the upcoming iOS 7.1 release, but with the release reportedly dropping “any day now”, it’s unlikely these changes make it in the release.
If your child has mistakenly bought an In-app purchase, you can disable IAPs altogether by following these instructions.