
On the flip side, it's because of whingers like this that I have to enter my iTunes password all the effin time. It get's extremely tiresome and reminds me of when I used to use Windows and it would constantly ask me 'Are you sure?'
Parents whose credit cards took a hammering after their kids went on iTunes spending sprees are in line for some compensation from Apple - in a lawsuit settlement that could cost the fruity biz $100m. Parents were horrified to receive huge bills from their iTunes accounts for items such as virtual vegetables for iPad games. A …
Since the move to iOS 6 app updates no longer require a password. Which makes sense given that you've already given permission for it to be there, and changes in access to your data are handled separately by the OS.
In general though, I'd much prefer to be asked 'are you sure' than not, when it comes to spending on my credit card.
Are you certain because I know I have iOS6 but I haven't recollected it. Unless the absense of the problem wasn't noticeable of course.
And being asked when you are paying is fine... though "are you sure" might be better than "enter your password AGAIN"... but for free stuff it gets wearing.
JDX,
Yep, I'm certain. I updated 3 apps on my iPad last night, and didn't have to put my password in. I don't remember if there was a setting I had to adjust, but I don't think so. I'm pretty sure it just happens when you update to iOS 6.
It might be nice to just have an 'are you sure' box for free stuff, but as other people are always borrowing iPads (especially kids - who make a beeline for them), I think that the owner needs some control. Of course, user accounts might be a solution for this, but Apple prefer to keep things simple. Also I'm sure they'd prefer you to buy one device per family member...
However, there is a new bunch of restrictions settings, so you can lock the phone to your PIN, while not allowing access to various things, such as in-app purchases, mail, contacts, phone function etc.
Some days, several times - I might download a dozen apps looking for the best one. Having to re-enter my password 10 times in a row is a PITA.
Obviously when MS do it with UAC it's crap. But if Apple do it - with a really ugly popup - it's stupid to suggest otherwise.
"But for any form of payments I think you should always enter a password/pin, as Android will also happily go "Yeah Charged" without a wiff of a pin or password."
The option is there, you just need to enable it - and parents usually will. I have the "require pin to purchase" option turned on for my Nexus 7 and android phone... my son can't buy anything without entering my pin, even for inapp stuff.
"my son can't buy anything without entering my pin, even for inapp stuff."
Why on earth would you be giving your son your PIN to enter? Surely that defeats the point? And I would have thought you would want to prevent inappropriate stuff anyway, as it is, like, inappropriate.....
@ Jim Booth. you can choose in iOS as well. You can disable in app purchases completely if you wish and you can lengthen the time (to 15 mins) after entering your password before the OS needs it again.
If Android also lets you completely disable the need to enter a password at all, then whilst i agree choice is good, i would question the sense in such a security model.
Where does it talk about kids having access to their parent's credit cards? The article I read talked about a security vulnerability that was exploited by children. You can be keeping one eye on them - 'yup, still playing the game' - and not notice they're running up a mammoth credit card bill.
You have chosen the wrong colloquialism.
Bait and Switch is where you advertise [ProductX] for [PriceX] (aka the Bait) then when a buyer appears you suddenly don't have any of [Bait] in stock but [ProductB] IS in stock and it is just a few dollars more.
The correct statement would be Apple et al. rely on dumbasses not fully thinking through the implications of adding a credit card.
They are removing barriers to purchase, which doesn't have a catchy colloquialism yet.
It's not a security vulnerability, and is in fact still in place, though you can turn off authorization completely now as an option.
The idea is that once you've authenticated, that you don't have to do so again for 15 minutes. "sudo" works exactly the same (in fact, it may even BE sudo under there), so calling it a vulnerability is silly.
The short of it is that a bunch of dumb adults unlocked itunes purchases for their kids, and were shocked, SHOCKED I tell you, that said kids went on a buying spree during the interval. Apple too the reasonable position that none of this is their problem, so said dumb adults abused the legal system to get cash. Sigh.
Think the issue was that people had enabled the "require password to make purchases" and had expected that to mean that all purchases would require a password when it turned out that it was really "require password in last 15 minutes to make purchases" and that that had not been made clear and most people would have assumed ticking the "require password" option would prevent anyone else spending money on the phone/pad.
Errr, Pet Peeve, that is a vulnerability in sudo. Not a prob in some situations, a serious consideration in others.
Sudo has two advantages over iTunes, though: it's normally used by people who understand the consequences AND the problem is easily mitigated. (close window/lock screen/logout or some such when you go AFK).
You call 'em dumb adults, I call 'em non-specialists who expect things to not have dangerous hidden connections. And right they are.
To me this is quite clear; the parent makes a purchase for their child, the card is authorised. There is no good reason I can think of to then not require authentication for subsequent purchases.
There is also an element of bad parenting to this of course - the children should not have considered stealing from their parents and the blame for that lies with the parents - if their kids aren't old enough to understand that this is theft, then why the hell have they got iPads to play with?
The fault lies with Apple, however, for bypassing the credit card authentication mechanism in favour of some 'ooh-shiny-shiny-it-just-works' bullshit.
".....Why should they have to fork out for this? Why isnt it the parents fault for allowing the kids access to their credit cards??"
Because Apple have liability. They "curate" the content and facilitate in-game purchases through their infrastructure and take a 30% cut.
It should be pretty obvious that real money items in a kids game need some form of protection and enforceable guidelines.
e.g. All childrens games with less than a 15+ rating should be subject to parental controls and / or account protection by default for in-game purchases. If the account holder doesn't like this, they can throw the switch in their account management settings but the default should be to prompt.
Not that I think Google is any better in this regard. Both Apple and Google are far too lax presumably because these sorts of games are extremely profitable.
No, the problem is they might have made a purchase on the phone, then let their kids play a game on the phone, they don't realise the kids can make purchases without needing to enter any details..
I have been careful to ensure that I have pin protection turned on for my android phone, although I would like to be able to set it at an account level not a phone level...
You do realize that Apple is the clear winner here.
How many people are going to file a claim?
And if they do, the bulk of them will receive apple credits, not cash.
The lawyers receive the cash. So parents will spend even more money through Apple's iTunes.
Apple will end up generating more revenue and continue to lock in their install base.
The only good will come when Apple forces their army of app developers to lock down the permissions and allow parents to turn off the ability to buy in app products unless a different password is used.
Then its the parent's fault for not supervising what packages their kids buy or that they know the parent's passwords.
1. Do not under any circumstances allow your darling angelic little anklebiters anywhere near a device which you authorise any kind of expenditure on.
2. If you do make it clear to your little darlings that if they spend one penny of your money without asking you first they will be banned from using any electronic equipment at home and their pocket money will be stopped until it has made up the difference.
3. Explain that if they still persist in this anti-social (ie thieving) behaviour then all their toys will end up in the dustbin. (one couple of two kids (8 and 10) we know did this and the improvement in the little darlings' behaviour bordered on the miraculous).
You're strongly encouraged to give credit card details when you first get asked to create a new Apple ID and you have to jump through hoops to get it removed. I imagine that setting the address to e.g. Cupertino to remove the credit card isn't the first thing that crosses everybody's mind, but it's what did it for me. I'm sure there are other non-obvious ways too.
There should be an option which says 'always ask for password when purchasing' and it should be the default and there should be another option which says 'remove my credit card info now'. Six iterations of iOS later and we've finally got the first option you say? Maybe they were getting the wording and the button shadow worked out. I'm sure the second option is due to be rolled out any day now.
Buy an Apple Gift card. And if you watch the Hot Deals/MoneySavingExpert pages you'll regularly find deals on iTunes gift cards.
Tesco did the 3x£10 pack for £25 at Christmas, and The Co-Operative Supermarket had the £15 card for £10 for a while, and Clintons Cards had a buy one get one free for a while. I don't think I've ever paid face value.
Seriously, as an example, the My Little Pony game from Gameloft came out on iPhone/Android with eye-wateringly high prices for in app currency, ($99 for enough gems/coins to finish HALF the game) and fans worked out that it would take ~28 YEARS of playing every single day to complete without paying money. To just complete the main quest (the bare minimum) in less time it costs ~$40. The *buy more stuff* page pops up almost constantly, and it becomes hard NOT to open the store to do anything.
Parents should check what games they let their children play, most if not all games on iPhone/Android have some sort of in app purchase available and there are far too many companies out there looking to rip off customers by taking lots of money from unsuspecting parents accounts.
MICRO transactions are one thing, but anything over £10 for imaginary currency/items is just taking everyone for a ride.
Couldn't agree more. Many of the kids games are clearly designed to exploit the 15 minute window after a parent has entered the password and handed the device back to their child. Constant friendly looking popups that kids press with no appreciation of the consequences.
I've pointed out to quite a few of my friends with children that they should switch of 'in app purchases' in the iOS settings to avoid any surprises.
To be fair to Apple in the UK, one of said friends (before i got to her!) got stung for £69.99 by smurfs village. One e-mail to Apple support and the money was instantly refunded along with a nice email about how to adjust the settings. Doubt you would get that a second time though, responsibility is definitely yours at that point i assume.
This is the franchise's modus operandi translated into digital sales.There is always something else to you "need" to buy and as you get in deeper the prices go up until you find the customer's limit. I remember working this out at the age of 11 or 12, as did most of my mates.
I shouldn't pick on My Little Pony alone - Barbie, Star Wars, etc are all the same.
1. Parent installs FREE app for kids to play with
2. Parent sets 'requires password to purchase'
3. Parent thinks 'job done'
4. Kids realise (or maybe doesn't even notice) that the 'password required' doesn't kick in until 15 minutes after the password was last entered (to install/update the app), and go on spending spree by clicking away at will. As their parents think it is safe they don't worry about the in-app things the kids are clicking - they were wrong not to worry.
Personally my kids use an apple account that has no credit card details (which is an option well hidden in the apple sign-up by the way) - so they cant pay for anything, ever, by accidentally clicking any app/itune stuff.
Quite right, although just in case you weren't aware, you can disable in-app purchases completely in the IOS settings menu now, as well as require the password immediately every time(rather than the 15 minute default), think it was added with iOS6.
Indeed, seems like a lot of people here don't understand the process.
One important thing to note is that many.parents let the iPad be used by very young kids that have little concept of money and way well not even realise that what they're doing in the game is resulting in real world costs.
So its not just kids being naughty.
Tablets are toys. Look at what the vast majority if people use them for if you doubt. The point here is that many parents aren't familiar with toys that their children can use to directly access their credit cards. If Lego sets allowed you to order more bricks from inside the sets you'd see the same sort of thing.
Was some idiot in the paper complaining her 6 year old son ran up a £3,000 bill buying virtual vegetables at something stupid like £60 a pop (seriously?!) Best bit is apparently the child needed to enter a password to buy them and her excuse was 'oh my child must have memorised the password after seeing me type it in' Amazingly Apple refunded her too.
What happened to parents taking responsibility?! Now just dump them in front of Daddies iPad with 6 chicken nuggets and chips then occasionally pop over and top up their fizzy drink
This post has been deleted by its author
I No longer trust Apple with my credit card details. If I buy something I enter it in, make the purchase then remove it. This means I end up buying a lot less.
I had my ipod touch set to always require a password. I touched the wrong part of the screen in a free app while picking up my ipod and my credit card was instantly billed with no password required and no means of obtaining a refund.
Fumble with your device, tap once to bring up a window, then its wont' respond to anything until you accidentally tap yes or no to the purchase.
Even Amazon allows you to undo a one click purchase within a 30 min window.
This post has been deleted by its author
Don't GIVE the little nippers an iPad! Or any other device, for that matter.
If they have to have one...let them get a job...earn the money to BUY it themselves...then let THEM figure out how to pay for all the things they feel they need.
It starts & ends with the parents' decisions to give their children EVERYTHING. Make them earn what they have, and they will be far better for it.
End of rant...move along now.
Works well until YOUR kid has a play with your neighbour's iPad ('cos *his* kid let yours have a go).
Of course, you'd have thought this out better if you actually had any kids. Amazing how these issues can broaden one's mind once the same set of mad skillz used in a job are put to work looking out for tiny clones.
You'd be amazed at what pops out of the code then, and how quickly DINK logic, formerly a bastion of What Is Wrong With The World Today breaks down.
Example: Proper thinking can show why "Parental Oversight" can never be the perfect answer to everything - the basic premise (Parental Oversight is Omnipresent) is flawed. Think of a kid as a secured account to which everyone in the world knows the password and you can see that the problems of properly policing a child's experiences with anything are monumental and cannot ever be universal.
Or better. Just remember the stuff you did that your parents never found out about. Were they bad parents for "allowing" you to do that?
There was an innocent time before the SmurfBerry scam artists arrived (I'll call them 'scammers' to their kicked-in face if they'd like to discuss it in person). There was a time and iOS version before Apple thoughtfully provided a specific setting to disallow In-App purchases. There was a time when Apple allowed the iTunes password to remain active for 15 minutes.
All of these aligned one fateful day. My kid wanted to get the SmurfBerry app. I'd never heard of spending real money in a child's game - of course Apple would never allow such a thing in the walled garden that is iOS, right? It wasn't ten minutes later that I got an email for the in-app purchase of $2 worth (sic) of SmurfBerries.
So I launched a voice mail missile towards a random telephone line within Apple HQ. They responded the next day with a refund, an apology, and they obviously followed-up with corrective actions.
Blaming the parents for such a subtle series of system design flaws by Apple is utter garbage. I know it's tempting and smells like PCness, but it's still utter mindless tripe.
And in this particular scenario you wouldn't realise your account would about to be charged, so no money in the account to cover it. At this point you're gonna have one of two things happen :
1 - your bank bounces the payment, charges you 25 quid for the privilege... Bank wins.
2 - your bank allows the payment via an unarranged overdraft, then charges you like 10 pounds a day for a max of 5 days, plus a one off arrangement fee for the overdraft. Bank, apple and developer wins.
Either way you'd still be vulnerable to this type of scam / feature with your odd ritual for payments.
This was just on the local news, featuring many of the issues already mentioned.
Apologies for the source, I can't find it anywhere else (at the time of posting):
http://www.dailymail.co.uk/news/article-2285857/Zombies-vs-Ninjas-iPad-app-costs-parents-boy-1-700-extra-charges.html