Sophos Cloud Optix
The US Federal Trade Commission (FTC), which looks after consumer rights in the US, has announced a settlement with Google.
Google will stump up $19,000,000 to refund Android users whose children, says the FTC, were able rack up in-app purchases too easily.
FTC settlements aren’t admissions of guilt; nor do the amounts paid over constitute fines.
If you want to be cynical, they’re a mechanism for buying your way out of trouble – paying, if you like, to make potential civil or criminal charges disappear.
On the other hand, they’re a great way for the FTC to stick up for consumers: a sort of “class action” without the protracted public posturing of an adversarial court case.
The FTC’s point is that it shouldn’t be too easy for kids who are playing an Android game – one that is clearly targeting kids – to click buttons that bill their parents in real money for shiny virtual objects for the game.
That, you can argue, is a bit like a bricks-and-mortar store encouraging kids to pick toys up and walk out of the store with them without asking their parents, and then automatically billing their parents’ credit cards.
More responsibility required
The FTC says that Google should have been more responsible in how it orchestrated in-app purchases when it knew that a child would be at the wheel.
Back in 2012, Google did add a popup dialog to the in-app purchasing system so that children couldn’t buy things without handing the device to a parent first.
But, as in the recent $32m FTC settlement with Apple, Google was censured for simply asking for the password, without making it clear what the purchase was for.
Worse still, argued the FTC, Google didn’t make it clear that entering your password now would give your kids a 30-minute window to make additional purchases without needing the password again:
It seems you can buy a lot of Enchanted Swords and Battle Ostriches in half an hour, especially if all you have to you is click a button.
Not all Google’s fault
Of course, it’s not all Google’s fault.
As a parent, you have to shoulder some of the responsibility: if your kids are racking up charges against your credit card, that probably means you’re letting them have unsupervised access to your device.
That’s probably the same device that is configured so that it’s easy for you to read and send corporate email, automatically sync changed data with other computers you use, access your social networking accounts, and much more.
And, let’s face it, if your kids can rack up $200 of charges for Enchanted Swords and Battle Ostriches without you realising, what other security SNAFUs might they wreak while they’re about it?
At least the $200 they might blow on virtual stuff is your $200.
But if your kids were inadvertently to post photos, or accidentally send out contact and calendar data, they’d be helping you to blow other people’s privacy.
What to do about apps for kids
The FTC has a great infographic (who said security has to be dull!) with simple but very effective advice:
The best way to check out apps for your kids? Try them out yourself.
That, you can argue, is a bit like a bricks-and-mortar store encouraging kids to pick up toys off the shelves without and walk out with them with asking their parents, and then automatically billing their parents’ credit cards.
this paragraph needs some editing man…
Thanks for pointing it out. We’ve updated the story 🙂
I honestly do not understand how an adult would allow a child to ‘play’ with their mobile device. Mine stays firmly under my protection – at all times.
If you want a child to have a mobile device, then buy it one, and lock it down so it cannot wreak havoc with it.
A child is now labeled as an “it”? You are obviously not in any danger of having your child mess with your device at this current time. -smh
That you’re getting all worked up over pronoun usage means you’re not paying attention to the argument. Andi’s point is a valid one. I have four grown children, and were they still children, I would buy a device specifically for the the children, and lock the device down so the the children couldn’t wreak havoc with the device. Better?
I can easily understand how an adult would allow that:
* Not every household can afford android devices for the kids.
* Some adults still consider it “just a phone” and arent touchy about it.
* Some parent may not want their kids to own at device at “that age”
The kids arent getting MY phone though ;).
But seriously, i think you SHOULD be able to hand someone your phone without worrying that they will ruin you or mess up your data. Phone OS designers completly ignore user-facing & user-controlled security.
You are not in control of your own security on your phone. Just look at app permissions; Why does my garmin-fitness-app suddently need camera-access and why cant i chose to restrict/reject that permission?
There should be way more focus on user-facing & user-controlled security.
I blame parents that do not disable in-app purchases without a password. My kids can tap the “Buy 100 Diamonds” button all they want and nothing happens.