As you might have heard, Apple will be issuing refunds – to the tune of $32.5 million – to customers whose children made in-app purchases without consent. The settlement was made with the FTC who filed a complaint about Apple’s unfair billing practices. The complaint states that a user’s iTunes password is stored by an app for 15 minutes after having entered it, during which time the app would use the password for in-app purchases, often without having informed account holders. (Even when a pop-up requesting a user’s password appeared, it often did not explain that the password would be used to make or authorize purchases.) What that boils down to is tens of thousands of payment transactions initiated by children without the informed consent of their parents. As part of the settlement, Apple must change its billing practices to ensure it has obtained an account holder’s “express, informed consent” before charging them.
It may not seem like that big of a problem until you take a closer look. Many of the problems were payments sent to apps listed in the “Kids” and “Family” categories and are designed and marketed towards children (like Dragon Story, Tiny Zoo Friends, Tap Pet Hotel, Racing Penguin, Flying Free, and many others) and these games do not paint a clear picture of the difference between real money and in-game currencies, which is innately confusing to younger minds. One customer reported that her daughter spent $2,600 in one app alone. Most of the complaints state that the children were completely unaware that they were spending real money at all.
This sends a clear signal to app developers and distributors: design your app with clear language explaining when and where charges will be incurred, and always assume lack of consent until it’s been given on a per-purchase basis. Make sure you understand your audience and stay away from design and verbiage that may confuse your users as to which costs are real and which are fake. Google Play, for example, asks for a user’s password on every purchase unless you specifically opt out of that security feature, but depending on a game’s messaging, you may not know that something has a real money cost until that screen even pops up.
The settlement proves that app makers and distributors have a responsibility to their user base to provide a safe, secure product that limits the chance of unauthorized use and does not assume consent.
This post originally appeared on uTest’s Software Testing Blog.