back to article Apple to cough up $100m after kids rinse parents' credit cards on apps

Parents whose credit cards took a hammering after their kids went on iTunes spending sprees are in line for some compensation from Apple - in a lawsuit settlement that could cost the fruity biz $100m. Parents were horrified to receive huge bills from their iTunes accounts for items such as virtual vegetables for iPad games. A …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    On the flip side, it's because of whingers like this that I have to enter my iTunes password all the effin time. It get's extremely tiresome and reminds me of when I used to use Windows and it would constantly ask me 'Are you sure?'

    1. JDX Gold badge

      I was just thinking the same - every new app or app update requires a password, even free ones. I never did an in-app purchase but had assumed they were the same.

      Or can you turn off the password check?

      1. I ain't Spartacus Gold badge

        Since the move to iOS 6 app updates no longer require a password. Which makes sense given that you've already given permission for it to be there, and changes in access to your data are handled separately by the OS.

        In general though, I'd much prefer to be asked 'are you sure' than not, when it comes to spending on my credit card.

        1. JDX Gold badge

          Since the move to iOS 6 app updates no longer require a password

          Are you certain because I know I have iOS6 but I haven't recollected it. Unless the absense of the problem wasn't noticeable of course.

          And being asked when you are paying is fine... though "are you sure" might be better than "enter your password AGAIN"... but for free stuff it gets wearing.

          1. I ain't Spartacus Gold badge

            Re: Since the move to iOS 6 app updates no longer require a password


            Yep, I'm certain. I updated 3 apps on my iPad last night, and didn't have to put my password in. I don't remember if there was a setting I had to adjust, but I don't think so. I'm pretty sure it just happens when you update to iOS 6.

            It might be nice to just have an 'are you sure' box for free stuff, but as other people are always borrowing iPads (especially kids - who make a beeline for them), I think that the owner needs some control. Of course, user accounts might be a solution for this, but Apple prefer to keep things simple. Also I'm sure they'd prefer you to buy one device per family member...

            However, there is a new bunch of restrictions settings, so you can lock the phone to your PIN, while not allowing access to various things, such as in-app purchases, mail, contacts, phone function etc.

    2. Anonymous Coward
      Anonymous Coward

      How many times a day do you buy or update apps??

      1. JDX Gold badge

        >>How many times a day do you buy or update apps??

        Some days, several times - I might download a dozen apps looking for the best one. Having to re-enter my password 10 times in a row is a PITA.

        Obviously when MS do it with UAC it's crap. But if Apple do it - with a really ugly popup - it's stupid to suggest otherwise.

    3. Loyal Commenter Silver badge

      On the flip-flip side:

      It's because of whingers like you being too lazy to enter their passwords when they make a purchase that the security model was broken for everyone, allowing this to happen.

      1. Captain Scarlet Silver badge

        Sort of agree

        Then realise my password takes 10 minutes to input on my mobile.

        But for any form of payments I think you should always enter a password/pin, as Android will also happily go "Yeah Charged" without a wiff of a pin or password.

        1. Law
          Big Brother

          Re: Sort of agree

          "But for any form of payments I think you should always enter a password/pin, as Android will also happily go "Yeah Charged" without a wiff of a pin or password."

          The option is there, you just need to enable it - and parents usually will. I have the "require pin to purchase" option turned on for my Nexus 7 and android phone... my son can't buy anything without entering my pin, even for inapp stuff.

          1. thesykes
            Thumb Up

            Re: Sort of agree

            cheers... hadn't noticed that option.

          2. Joel 1

            Re: Sort of agree

            "my son can't buy anything without entering my pin, even for inapp stuff."

            Why on earth would you be giving your son your PIN to enter? Surely that defeats the point? And I would have thought you would want to prevent inappropriate stuff anyway, as it is, like, inappropriate.....

            1. Chris007

              Re: Sort of agree @Joel 1

              Have an upvote - the downvoters obviously hadn't spotted your "get my coat" icon but perhaps the joke icon would have helped them :)

        2. Anonymous Coward
          Anonymous Coward

          Re: Sort of agree

          With Android, you can set it to request your password for purchases but here is the real benefit, unlike Apple, Android lets you CHOOSE.

          1. Anonymous Coward
            Anonymous Coward

            Re: Sort of agree

            @ Jim Booth. you can choose in iOS as well. You can disable in app purchases completely if you wish and you can lengthen the time (to 15 mins) after entering your password before the OS needs it again.

            If Android also lets you completely disable the need to enter a password at all, then whilst i agree choice is good, i would question the sense in such a security model.

          2. Captain Scarlet Silver badge

            Re: Sort of agree

            Android lets me choose? Well where is it, its not in any of the setup options its not in the play store options its not in Google Wallet?

  2. Jay Holmes

    Not one to defend Apple but....

    .....Why should they have to fork out for this? Why isnt it the parents fault for allowing the kids access to their credit cards??

    Is this another case of whinging parents complaining that naughty company didnt do their job for them??

    1. Brewster's Angle Grinder Silver badge

      Re: Not one to defend Apple but....

      Where does it talk about kids having access to their parent's credit cards? The article I read talked about a security vulnerability that was exploited by children. You can be keeping one eye on them - 'yup, still playing the game' - and not notice they're running up a mammoth credit card bill.

      1. Anonymous Coward
        Anonymous Coward

        Re: Not one to defend Apple but....

        Simple, their parent's cards must have been added to the iTunes account for this to have happened.

        1. El Presidente

          Re: Not one to defend Apple but....

          Bait and switch, pure and simple.

          Apple and other companies rely on people not fully thinking through the implications of adding a credit card.

          1. Don Jefe

            Re: Not one to defend Apple but....El Presidente

            You have chosen the wrong colloquialism.

            Bait and Switch is where you advertise [ProductX] for [PriceX] (aka the Bait) then when a buyer appears you suddenly don't have any of [Bait] in stock but [ProductB] IS in stock and it is just a few dollars more.

            The correct statement would be Apple et al. rely on dumbasses not fully thinking through the implications of adding a credit card.

            They are removing barriers to purchase, which doesn't have a catchy colloquialism yet.

      2. Pet Peeve

        Re: Not one to defend Apple but....

        It's not a security vulnerability, and is in fact still in place, though you can turn off authorization completely now as an option.

        The idea is that once you've authenticated, that you don't have to do so again for 15 minutes. "sudo" works exactly the same (in fact, it may even BE sudo under there), so calling it a vulnerability is silly.

        The short of it is that a bunch of dumb adults unlocked itunes purchases for their kids, and were shocked, SHOCKED I tell you, that said kids went on a buying spree during the interval. Apple too the reasonable position that none of this is their problem, so said dumb adults abused the legal system to get cash. Sigh.

        1. Anonymous Coward
          Anonymous Coward

          Re: Not one to defend Apple but....

          Think the issue was that people had enabled the "require password to make purchases" and had expected that to mean that all purchases would require a password when it turned out that it was really "require password in last 15 minutes to make purchases" and that that had not been made clear and most people would have assumed ticking the "require password" option would prevent anyone else spending money on the phone/pad.

          1. Randy Hudson

            Re: Not one to defend Apple but....

            It's worse than that. You entered your password to install a FREE application, NOT to make a purchase. Apple then caches your authentication for 15 minutes and applies it to a completely different action: spending $$$ (while installing nothing).

        2. Rob Carriere

          Re: Not one to defend Apple but....

          Errr, Pet Peeve, that is a vulnerability in sudo. Not a prob in some situations, a serious consideration in others.

          Sudo has two advantages over iTunes, though: it's normally used by people who understand the consequences AND the problem is easily mitigated. (close window/lock screen/logout or some such when you go AFK).

          You call 'em dumb adults, I call 'em non-specialists who expect things to not have dangerous hidden connections. And right they are.

        3. Vic

          Re: Not one to defend Apple but....

          > "sudo" works exactly the same

          sudo has a -k option...


    2. Loyal Commenter Silver badge

      Re: Not one to defend Apple but....

      To me this is quite clear; the parent makes a purchase for their child, the card is authorised. There is no good reason I can think of to then not require authentication for subsequent purchases.

      There is also an element of bad parenting to this of course - the children should not have considered stealing from their parents and the blame for that lies with the parents - if their kids aren't old enough to understand that this is theft, then why the hell have they got iPads to play with?

      The fault lies with Apple, however, for bypassing the credit card authentication mechanism in favour of some 'ooh-shiny-shiny-it-just-works' bullshit.

    3. DrXym Silver badge

      Re: Not one to defend Apple but....

      ".....Why should they have to fork out for this? Why isnt it the parents fault for allowing the kids access to their credit cards??"

      Because Apple have liability. They "curate" the content and facilitate in-game purchases through their infrastructure and take a 30% cut.

      It should be pretty obvious that real money items in a kids game need some form of protection and enforceable guidelines.

      e.g. All childrens games with less than a 15+ rating should be subject to parental controls and / or account protection by default for in-game purchases. If the account holder doesn't like this, they can throw the switch in their account management settings but the default should be to prompt.

      Not that I think Google is any better in this regard. Both Apple and Google are far too lax presumably because these sorts of games are extremely profitable.

    4. MrXavia
      Thumb Down

      Re: Not one to defend Apple but....

      No, the problem is they might have made a purchase on the phone, then let their kids play a game on the phone, they don't realise the kids can make purchases without needing to enter any details..

      I have been careful to ensure that I have pin protection turned on for my android phone, although I would like to be able to set it at an account level not a phone level...

      1. Anonymous Coward
        Anonymous Coward

        Re: Not one to defend Apple but....

        What about all those premium rate phone calls to Australian phone chat hookers I, err I mean my kids ran up? They didn't require a password to access. I hope Apple will reimburse me.

    5. Ian Michael Gumby Silver badge

      Re: Not one to defend Apple but....

      You do realize that Apple is the clear winner here.

      How many people are going to file a claim?

      And if they do, the bulk of them will receive apple credits, not cash.

      The lawyers receive the cash. So parents will spend even more money through Apple's iTunes.

      Apple will end up generating more revenue and continue to lock in their install base.

      The only good will come when Apple forces their army of app developers to lock down the permissions and allow parents to turn off the ability to buy in app products unless a different password is used.

      Then its the parent's fault for not supervising what packages their kids buy or that they know the parent's passwords.

      1. Arctic fox

        It is all so very simple.

        1. Do not under any circumstances allow your darling angelic little anklebiters anywhere near a device which you authorise any kind of expenditure on.

        2. If you do make it clear to your little darlings that if they spend one penny of your money without asking you first they will be banned from using any electronic equipment at home and their pocket money will be stopped until it has made up the difference.

        3. Explain that if they still persist in this anti-social (ie thieving) behaviour then all their toys will end up in the dustbin. (one couple of two kids (8 and 10) we know did this and the improvement in the little darlings' behaviour bordered on the miraculous).

        1. JDX Gold badge

          Re: It is all so very simple.

          Easy to say that but if you have a family PC 1) is not possible. Some of us object to buying multiple PCs.

          You perhaps forget kids have been doing this for decades... it used to be ordering over the phone with daddy's card and putting on a deep voice.

          1. Jan Hargreaves

            Re: It is all so very simple.

            Can't you each have your own user account?

    6. Dan 55 Silver badge

      Re: Not one to defend Apple but....

      You're strongly encouraged to give credit card details when you first get asked to create a new Apple ID and you have to jump through hoops to get it removed. I imagine that setting the address to e.g. Cupertino to remove the credit card isn't the first thing that crosses everybody's mind, but it's what did it for me. I'm sure there are other non-obvious ways too.

      There should be an option which says 'always ask for password when purchasing' and it should be the default and there should be another option which says 'remove my credit card info now'. Six iterations of iOS later and we've finally got the first option you say? Maybe they were getting the wording and the button shadow worked out. I'm sure the second option is due to be rolled out any day now.

  3. Select * From Handle

    Oh how very nice of you apple...

    "Sums under $30 will be refunded in iTunes credits rather than cash."

    I assume that you will still be taxing all purchases made with that $30 reducing the cost of the claim by 30%....

    bad apple.

    1. Anonymous Coward

      Re: Oh how very nice of you apple...

      I am surprised they are allowed to get away with this - compensation should not be in the form of their own bloody product!

  4. Andy ORourke

    It's not like...........

    You HAVE to keep a credit / debit card on file, I don't if I ever need some credits I just buy myself a gift card and bob is your mothers brother

    1. Velv Silver badge

      Re: It's not like...........

      Buy an Apple Gift card. And if you watch the Hot Deals/MoneySavingExpert pages you'll regularly find deals on iTunes gift cards.

      Tesco did the 3x£10 pack for £25 at Christmas, and The Co-Operative Supermarket had the £15 card for £10 for a while, and Clintons Cards had a buy one get one free for a while. I don't think I've ever paid face value.

  5. Anonymous Coward
    Anonymous Coward

    App developers lobbied Apple for in-app purchases, something that Apple didn't implement at first.

    You can see why there were so keen to get Apple to do it, they knew this sort of thing (the app equivalent of collectable stickers or cards) would make them a fortune.

    1. Pet Peeve

      Yeah, I'm actually glad for the password prompt, because it's not that difficult to accidentally make an in-app purchase without it in some "free" apps.

  6. historymaker118

    The in app purchases are insanely priced

    Seriously, as an example, the My Little Pony game from Gameloft came out on iPhone/Android with eye-wateringly high prices for in app currency, ($99 for enough gems/coins to finish HALF the game) and fans worked out that it would take ~28 YEARS of playing every single day to complete without paying money. To just complete the main quest (the bare minimum) in less time it costs ~$40. The *buy more stuff* page pops up almost constantly, and it becomes hard NOT to open the store to do anything.

    Parents should check what games they let their children play, most if not all games on iPhone/Android have some sort of in app purchase available and there are far too many companies out there looking to rip off customers by taking lots of money from unsuspecting parents accounts.

    MICRO transactions are one thing, but anything over £10 for imaginary currency/items is just taking everyone for a ride.

    1. Andrew Lobban

      Re: The in app purchases are insanely priced

      Couldn't agree more. Many of the kids games are clearly designed to exploit the 15 minute window after a parent has entered the password and handed the device back to their child. Constant friendly looking popups that kids press with no appreciation of the consequences.

      I've pointed out to quite a few of my friends with children that they should switch of 'in app purchases' in the iOS settings to avoid any surprises.

      To be fair to Apple in the UK, one of said friends (before i got to her!) got stung for £69.99 by smurfs village. One e-mail to Apple support and the money was instantly refunded along with a nice email about how to adjust the settings. Doubt you would get that a second time though, responsibility is definitely yours at that point i assume.

    2. Cpt Blue Bear

      Re: The in app purchases are insanely priced

      This is the franchise's modus operandi translated into digital sales.There is always something else to you "need" to buy and as you get in deeper the prices go up until you find the customer's limit. I remember working this out at the age of 11 or 12, as did most of my mates.

      I shouldn't pick on My Little Pony alone - Barbie, Star Wars, etc are all the same.

  7. Anonymous Coward
    Anonymous Coward

    Who really gives their kids their password - why not your ATM pin.

    1. Anonymous Coward
      Anonymous Coward

      They didn't give their kids the password...that's the whole point of the law suit

      1. Parent installs FREE app for kids to play with

      2. Parent sets 'requires password to purchase'

      3. Parent thinks 'job done'

      4. Kids realise (or maybe doesn't even notice) that the 'password required' doesn't kick in until 15 minutes after the password was last entered (to install/update the app), and go on spending spree by clicking away at will. As their parents think it is safe they don't worry about the in-app things the kids are clicking - they were wrong not to worry.

      Personally my kids use an apple account that has no credit card details (which is an option well hidden in the apple sign-up by the way) - so they cant pay for anything, ever, by accidentally clicking any app/itune stuff.

      1. Andrew Lobban

        Re: They didn't give their kids the password...that's the whole point of the law suit

        Quite right, although just in case you weren't aware, you can disable in-app purchases completely in the IOS settings menu now, as well as require the password immediately every time(rather than the 15 minute default), think it was added with iOS6.

      2. Stephen 2

        Re: They didn't give their kids the password...that's the whole point of the law suit

        Indeed, seems like a lot of people here don't understand the process.

        One important thing to note is that many.parents let the iPad be used by very young kids that have little concept of money and way well not even realise that what they're doing in the game is resulting in real world costs.

        So its not just kids being naughty.

  8. Anonymous Coward
    Anonymous Coward

    Simply put;

    Apple approved malware

    1. Joe Drunk
      Thumb Down

      Apple hater here, somewhat Fandroid. Not Apple approved you clueless AC (pretty much all AC are clueless tards unless they are posting something against the company they work for).

      Apps with in app purchases have been around awhile on consoles and now IOS/Android.


      1. Anonymous Coward
        Anonymous Coward

        Apple claims to have a stringent QA process for apps, thus Apple approved malware.

  9. Don Jefe

    Toys and Children

    Tablets are toys. Look at what the vast majority if people use them for if you doubt. The point here is that many parents aren't familiar with toys that their children can use to directly access their credit cards. If Lego sets allowed you to order more bricks from inside the sets you'd see the same sort of thing.

  10. Anonymous Coward
    Anonymous Coward

    Funniest story I saw

    Was some idiot in the paper complaining her 6 year old son ran up a £3,000 bill buying virtual vegetables at something stupid like £60 a pop (seriously?!) Best bit is apparently the child needed to enter a password to buy them and her excuse was 'oh my child must have memorised the password after seeing me type it in' Amazingly Apple refunded her too.

    What happened to parents taking responsibility?! Now just dump them in front of Daddies iPad with 6 chicken nuggets and chips then occasionally pop over and top up their fizzy drink

    1. This post has been deleted by its author

      1. Danny 14 Silver badge

        Re: Funniest story I saw

        quite conceivable. My 8 year old daughter memorised her teachers password for logging on the school system. However, she seems to have more morals than her dad and told her teacher (the day after it should be noted though).

  11. Anonymous Coward
    Anonymous Coward

    Tapping a screen twice is not sufficient to authorize a credit card purchase.

    I No longer trust Apple with my credit card details. If I buy something I enter it in, make the purchase then remove it. This means I end up buying a lot less.

    I had my ipod touch set to always require a password. I touched the wrong part of the screen in a free app while picking up my ipod and my credit card was instantly billed with no password required and no means of obtaining a refund.

    Fumble with your device, tap once to bring up a window, then its wont' respond to anything until you accidentally tap yes or no to the purchase.

    Even Amazon allows you to undo a one click purchase within a 30 min window.

  12. This post has been deleted by its author

  13. ecofeco Silver badge


    "And full refunds could be available if parents meet the above requirements and fill in an online claim form."

    ...if they don't find some reason to deny them after making it difficult to find and fill out the form. (what is the 10,000th digit of pi)

  14. ItsNotMe

    How about trying this folks?

    Don't GIVE the little nippers an iPad! Or any other device, for that matter.

    If they have to have one...let them get a job...earn the money to BUY it themselves...then let THEM figure out how to pay for all the things they feel they need.

    It starts & ends with the parents' decisions to give their children EVERYTHING. Make them earn what they have, and they will be far better for it.

    End of rant...move along now.

    1. ulric

      Re: How about trying this folks?

      it's not the kid's ipad, it's the family ipad

    2. Stevie Silver badge

      Re: How about trying this folks?

      Works well until YOUR kid has a play with your neighbour's iPad ('cos *his* kid let yours have a go).

      Of course, you'd have thought this out better if you actually had any kids. Amazing how these issues can broaden one's mind once the same set of mad skillz used in a job are put to work looking out for tiny clones.

      You'd be amazed at what pops out of the code then, and how quickly DINK logic, formerly a bastion of What Is Wrong With The World Today breaks down.

      Example: Proper thinking can show why "Parental Oversight" can never be the perfect answer to everything - the basic premise (Parental Oversight is Omnipresent) is flawed. Think of a kid as a secured account to which everyone in the world knows the password and you can see that the problems of properly policing a child's experiences with anything are monumental and cannot ever be universal.

      Or better. Just remember the stuff you did that your parents never found out about. Were they bad parents for "allowing" you to do that?

  15. ulric

    All a kid needs, really..

    "spend money in-game on goods such as fruit, vegetables, ammunition"

  16. AidanCheddar

    Keep it up, kids! Sooner or later Apple will go broke.

  17. FanniM

    My friend's toddler got something online from Amazon one-click. My friend didn't even think of sueing Amazon though. You have to be more careful with your children.

  18. Anonymous Coward

    Parents ..

    Parents .. take responsibility for your own children ...

  19. JeffyPooh Silver badge

    Badly worded sentence

    " Apple ID and password is required for purchases on iTunes-linked credit cards but only for fifteen minutes after one signs in."

    You mean, "...but only fifteen minutes after one signs in." Delete the "for".

  20. Barely legible

    Reminds me of the old adage

    "There is no such thing as a free lunch" especially if there is fruit involved !

  21. JeffyPooh Silver badge

    Blaming parents for a combination SmurfBerries scam and ineptitude by Apple?

    There was an innocent time before the SmurfBerry scam artists arrived (I'll call them 'scammers' to their kicked-in face if they'd like to discuss it in person). There was a time and iOS version before Apple thoughtfully provided a specific setting to disallow In-App purchases. There was a time when Apple allowed the iTunes password to remain active for 15 minutes.

    All of these aligned one fateful day. My kid wanted to get the SmurfBerry app. I'd never heard of spending real money in a child's game - of course Apple would never allow such a thing in the walled garden that is iOS, right? It wasn't ten minutes later that I got an email for the in-app purchase of $2 worth (sic) of SmurfBerries.

    So I launched a voice mail missile towards a random telephone line within Apple HQ. They responded the next day with a refund, an apology, and they obviously followed-up with corrective actions.

    Blaming the parents for such a subtle series of system design flaws by Apple is utter garbage. I know it's tempting and smells like PCness, but it's still utter mindless tripe.

  22. Camilla Smythe

    Uhm 30%?

    Are Apple, my little, ponying up for just their 'take' or are they covering the other 70% as well?

  23. Anonymous Coward
    Anonymous Coward

    Debit Card

    If ever a site wants me to register credit card details, I use a debit card. Set the balance to $0, then before each intended transaction transfer the exact amount required from another account. (Works best where there is no transfer fee.)

    1. Law

      Re: Debit Card

      And in this particular scenario you wouldn't realise your account would about to be charged, so no money in the account to cover it. At this point you're gonna have one of two things happen :

      1 - your bank bounces the payment, charges you 25 quid for the privilege... Bank wins.

      2 - your bank allows the payment via an unarranged overdraft, then charges you like 10 pounds a day for a max of 5 days, plus a one off arrangement fee for the overdraft. Bank, apple and developer wins.

      Either way you'd still be vulnerable to this type of scam / feature with your odd ritual for payments.

  24. Paul Webb

    Latest UK outbreak (Zombies v. Ninjas, £1700 bill run up by 5 year old)

    This was just on the local news, featuring many of the issues already mentioned.

    Apologies for the source, I can't find it anywhere else (at the time of posting):

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019