Nothing like memorizing dad’s passwords – both for his iPad and his Apple ID – to buy all the scaly goodness your little heart desires.
The latest “Dad, I shrank your bank account due to super easy in-app purchases” story involves a 7-year-old who racked up a £4000 bill (about $5900) by buying dinosaurs.
As the Metro reports, Mohamed Shugaa, from West Sussex, UK, found out his son had made the transactions during a 5-day dino spree in December, using Dino Bucks in the iTunes game Jurassic World on his dad’s iPad.
Sure, he knew his son could unlock his tablet with his passcode.
But Shugaa was (unpleasantly!) surprised to learn that his son, Faisall, had also memorized his Apple ID password.
That’s all you need to unlock the gates to flashy dinosaur upgrades.
Faisall made 65 purchases from Apple between 13-18 December, never realizing that Dino Bucks translate into real money.
His dad thought that Apple should have known a whole lot better than that:
I was so mad. I’m 32 years old. Why would Apple think I would be spending thousands of pounds on buying dinosaurs and upgrading a game?
Why didn’t they email me to check I knew these payments were being made? I got nothing from them. How much longer would it have gone on for?
This certainly isn’t the first time Apple’s been called out for letting kids make purchases in child-focused apps.
It got into trouble with the Federal Trade Commission (FTC) for making it too easy for kids to blow money through in-app purchases in January 2014, when the commission cited Apple’s use of a buy button that led to a password screen that 1) failed to inform parents of what they were authorizing and 2) opened up a 15-minute window following login: plenty of time in which to make additional purchases without parents’ knowledge.
While no judgement was ever made, Apple handed over at least $32.5 million to cover refunds to exasperated parents.
In a similar settlement in September 2014, Google handed over $19 million to the FTC .
In both cases, the FTC’s point was that it shouldn’t be too easy for kids playing games – games that are clearly targeted at kids – to click buttons that bill their parents in real money for shiny (or reptilian, in Shugaa’s case!) virtual objects.
Of course, we can’t expect either Google or Apple to shoulder all the responsibility in these cases.
If your kids are racking up charges against your credit card, that probably means you’re letting them have unsupervised access to your device.
Heaven knows that can lead to even more trouble than surprise credit card transactions, given that you’ve probably set up your device so it’s easy for you to read and send corporate email, automatically sync changed data with other computers you use, access your social networking accounts, and much more.
The FTC has a great infographic with simple but very good advice about how to keep up with kids’ apps, which can pull any of these stunts:
- Collect and share personal information. An investigation by privacy watchdogs in 2015 found that just over 2 in 3 apps and sites were collecting children’s names and email addresses.
- Let your kids spend real money even if the app’s free. Case in point: the free Jurassic World, which in spite of being free has a T. Rex-sized appetite for in-app purchases.
- They might include ads. So bad, for so many reasons, as we learned in eyeball-popping fashion with the naked selfie ads offered up in kids app My Talking Tom.
- They might link to social media. It’s hard enough for any of us, at any age, to think before we post. It’s probably not the best idea to mix kids high on Jurassic-level adrenaline with social media.
Even if you don’t have kids draining your bank account by in-app purchases, you should still keep an eye on your bank account statements.
After all, there’s no maximum age when it comes to fraudulently squeezing savings out of accounts.
One example: in April 2015, a California woman filed suit against Google, alleging that inadequate security enabled crooks to run through 650 transactions, worth thousands of dollars, on her Google Play account, all debited electronically without her sign-off.
Here are some ways to avoid unwillingly overinvesting in dinosaurs:
- Enable Touch ID for all purchases, if your iDevice has the feature. It’s not impossible to skirt fingerprint readers – both the iPhone 5s and the Samsung Galaxy S5 fingerprint readers have been bypassed – but if your kid is that determined, at least the feature will slow him or her down as they nab some wood glue and a good print.
- Create a separate iTunes account for the tot – one not associated with a credit card. It’s annoying to deal with more than one account on the same iDevice, but it might well be worth the aggravation.
- Don’t show anybody, even family members, your passwords. After all, that tablet isn’t just a platform to play games. It’s what you use as a tool in your job, and as such, it can be the launchpad for electronic mayhem. You wouldn’t let the kids play with paper-cutting guillotines, so why let them near your email accounts, for example, by giving them the passwords? We often preach the creed of passwords needing to be long, complex and unique in order to make them hard to crack. Here’s a short, sweet video that shows you how to pick a proper one.
When Shugaa first contacted Apple Support to demand a refund, he was told there was no guarantee he’d get his money back. However, the father of two said he eventually managed to convince Apple to fork over a refund by telling the company that he needed the money to buy Christmas gifts for the kids.