11
Mar
nexusae0_play_thumb
Last Updated: March 12th, 2014

Attention, parents: if you've used your Google account to buy apps, books, videos, or music on Google Play, your credit card information is stored. If you give your phone or tablet to your kids, they might be able to buy stuff that you don't necessarily want. That's a lesson that Ilana Imber-Gluck learned after her 5-year-old son spent $65.95 on Marvel Run Jump Smash. Unsurprisingly, she chafed at the experience, suing Google in a northern California court on behalf of herself and "all others similarly situated."

2014-03-11 13.25.52

The central issue seems to be a 30-minute window after downloading an app, during which the user - whoever that might be - can rack up in-app purchases without supplying a password. This window could allow children to purchase huge amounts of worthless digital currency and upgrades using real money from their parents' accounts, which is what Imber-Gluck and her lawyers suggest happened in this case. Apparently Google is equating the download of a free app (which doesn't require a password) with a purchase, clearing users to make restriction-free purchases during the 30-minute window (but only if the password check has been previously disabled). Update: After discussing this among the team and several commenters, we think it's more likely that the mother simply disabled the password check, or (less likely) that the child simply got the downloads in almost immediately after a purchase. Downloading a free app will not start the 30-minute window.

A similar suit forced Apple to pay out to a class action lawsuit in February of last year, plus a $32.5 million fine to the FTC. The FTC ruling forced Apple to obtain express, informed consent before charging for any in-app purchase. If Imber-Gluck's suit is successful, it could force Google to close this window as well. Regardless of what you think of this particular lawsuit, that would probably be a good thing for end users.

At the moment the 30-minute window can be avoided by going into the Settings menu of the Google Play Store and checking the option to "use password to restrict purchases." That will force the user to input their password, even for in-app purchases on a newly-downloaded game. In fact, this is the default behavior for Google Play - Imber-Gluck must have disabled it herself through the menu or one of the in-app purchase popup dialogs in order to open up the 30-minute window.

The core question of the suit may come down to whether or not this option is made clear to parents, and how much responsibility they have to understand the systems they and their children are using versus how much responsibility Google has to protect its users from possibly unwanted purchases. Developers should keep a close eye on this one, since forcing a password check for each and every purchase could alter the dynamics of Play Store and in-app purchases.

Source: Law360 via GigaOM

Michael Crider
Michael is a native Texan and a former graphic designer. He's been covering technology in general and Android in particular since 2011. His interests include folk music, football, science fiction, and salsa verde, in no particular order.

  • Aaron Jaeger

    Another loss for accountability and personal responsibility - oh, and proper parenting.

    • Tim Harper

      I disagree. Proper parenting has nothing to do with this. She let her son use her phone or tablet. That doesn't mean she's a bad parent. I can understand how someone wouldn't know an in app purchase takes the same requested permissions as the play store. They are, in fact, completely different applications. Other people might not even be aware of the existence of IAPs. Ignorance is the main culprit here, and requirements for password input before any IAPs would go a long way in educating the not-so-tech-savvy android users.

      • Mark Curtis

        "requirements for password input before any IAPs would go a long way in educating the not-so-tech-savvy android users."
        Which, as the article points out, is the DEFAULT BEHAVIOR.

        • Michael Vieux

          No it's not DEFAULT BEHAVIOR, there is a 30 minute window when no password is required.
          I have my phone and tablet's set to require a password, but did not realize that Google allowed this 30 minute window.
          So being tech savvy has nothing to do with it.
          There is nothing in the article that says she hadn't done everything correctly and set her tablet up to require a password.

          • http://www.modminecraft.com/ Nick Coad

            What's with all the people who clearly have not read the article? Second last paragraph:

            At the moment the 30-minute window can be avoided by going into the Settings menu of the Google Play Store and checking the option to "use password to restrict purchases." That will force the user to input their password, even for in-app purchases on a newly-downloaded game. In fact, this is the default behavior for Google Play - Imber-Gluck must have disabled it herself through the menu or one of the in-app purchase popup dialogs in order to open up the 30-minute window.

            You can disable the 30 minute no-password window by checking the box, but it's CHECKED BY DEFAULT. This woman disabled the password protection and now she's upset that Google didn't request a password from her stupid kid.

          • Alex L T (lemoncone)

            That's correct Michael, the default behaviour is NOT to require a password within 30 minutes of the last time you made a purchase through Google Play.

            Even worse, Google does not advertise this fact anywhere (unless you view the settings in the Play Store app) and if payments are supposed to be protected by this password, shouldn't it be required for ALL purchases? This "30 minutes" option should not even exist - it's only designed to milk less tech savvy people and people who haven't noticed that an insecure option has been set without their express permission.

            Also bad is that where a user has a problem with the Play Store app (its cache files are too large, it crashes, it runs slowly, etc.) and uses the "Clear Data" facility, once again the "30 minutes" option is set without notifying the user.

            I can't confirm whether the "30 minutes" option is toggled when Play Store automatically updates itself to a later version. In theory, the current setting should be saved in the existing data files, but I haven't tested this scenario.

      • Aaron Jaeger

        Letting you child use your device is fine. But you need to make sure you know what they're doing with it. I will admit, the same thing happened to me a while back before requiring a password was the default behavior. I contacted the developer (Rovio) and they gracefully issued a refund - I did not expect the kindness and would have accepted paying the money. Afterwards, I set a password and have had no difficulty since.

        The bottom line is: you are responsible for what your children do. So pay attention to what they do. Suing someone else is not the answer.

        • Tim Harper

          The thing is, many people don't know about IAPs. Maybe she gave her kid her device and checked on him periodically..maybe he accidentally made a few extra taps (he was 5 years old). Even if she knew what app he was using the whole time, why would she even think to check for IAPs if she's never heard of them. Granted she could have checked out the app before letting her small child use it. I think ignorance is the culprit...but maybe she is a money hungry gold digger or an irresponsible parent.
          I'm not agreeing with her lawsuit, but I think people jump to conclusions without thinking of other possibilities.

    • Zach B.

      Eh I wouldn't really bring parenting into this, but accountability and personal responsibility, absolutely.

      • Aron Tripp

        There is a fine line, granted. But my kids know they are not allowed to download or "add" anything to their games. Even at 5, they knew not to. They know that if anything pops up on the screen, ask! So parenting is sort of relevant.

    • Andy_in_Indy

      I consider myself pretty well informed when it comes to Android, and I did not know that the purchase would over ride the password request for 30 minutes for in app purchases. I thought the only way to over ride the password request for was to intentionally select to disable it.

      • Lisandro O Oocks

        I didn't know either, even though i digest Android half the time of my day.
        Perhaps Google and that Lady could both learn a lesson about this.
        Also, wtf with making paying games filled with IAP's.
        At first I was with Google on this, but now I'm starting to think that the Lady could be right on this one.

    • Michael Vieux

      Aaron, I'm sure you've had a chance to read the other comments that posted after yours.
      The article clearly states that being personally responsible will not protect you from IAP , Google turns off the password request for 30 minutes after the first purchase.

      So I guess your post is just another loss for intelligence and reading comprehension :-)

      • http://www.modminecraft.com/ Nick Coad

        Oh the irony... the article actually clearly states that you can disable the 30 minute window by checking the box to request a password for every purchase, but that this box is actually checked by default. Therefore she must have unchecked it herself at some point. Read the second last paragraph.

        I guess your post is just another loss for intelligence and reading comprehension :-)

      • Aaron Jaeger

        The article says the default option blocks IAPs even on newly downloaded games.

        "At the moment the 30-minute window can be avoided by going into the Settings menu of the Google Play Store and checking the option to "use password to restrict purchases." ---That will force the user to input their password, even for in-app purchases on a newly-downloaded game. In fact, this is the default behavior for Google Play. ---"

        Either way, suing is absurd. Contact the developer and politely ask for a refund after explaining what happened. Most will help out. Afterwards, be more careful.

  • Patrick Beliveau

    Living in the US must be nice with all the frivolous law suits you guys file... If the default behaviour is to ask for a password for in app purchases, but it was disabled... want to take a guess who's at fault? Its definetly not google's problem... Just trying to make a quick buck off their own stupidity.

    • mustbepbs

      Hey, we had a lady that sued McDonalds because her hot coffee she ordered was hot and she spilled it on herself. Now the cups actually say HOT and CAUTION: HOT on the lids.

      We know.

      • Justin W

        Not defending that lady, but the coffee at that McD's was proven to be far too hot to even drink, which is why she won.

        • Ronny

          You are correct. It's amazing how much the facts behind this case were distorted.

          • Justin W

            It seems like McDonald's ran a smear campaign against her, but I doubt that'll ever be proven.

        • http://www.rebelwithoutaclue.com/ Rebel without a Clue

          Still weird, since every cup of coffee I order in an establishment in my country is too hot to drink (the ordinary cups of coffee that is) and it's common knowledge not to drink them right away. But you are right, the story isn't complete with all the facts.

        • Matthew Fry

          In retaliation, now McDonalds coffee is lukewarm always.

      • Jon

        Bro, you obviously don't know the truth behing the McDonald's lawsuit. McDonald's admitted they were serving coffee MUCH hotter than what's drinkable because they figured people would drink them when they got to work. They had been notified and sued many times before because of this. Come on man

      • Andy_in_Indy

        That coffee caused second degree burns (blisters and dead skin) - there is no need for your coffee to be that hot when they pass it out the window.

        • AJH

          It actually caused 3rd degree burns. She probably would have had second degree burns if the coffee was at a drinkable temperature. The excessive temperature of the coffee caused some permanent tissue and nerve damage.

      • Zach B.

        Yeah, that wasn't frivolous at all. There is a huge difference between hot coffee and 2nd degree burns.

        Edit: 3rd degree burns. My mistake. Reinforces my point.

      • SSDROiD

        We all love it when someone only posts half the story, don't we?

      • Matt

        She had third degree burns on her legs from the coffee. It was being served far hotter than it should have been. There's a movie called Hot Coffee that covers this lawsuit and how it basically became a synonym for a frivolous lawsuit when, in reality, it was anything but frivolous (mostly McDonald's corporate and media spin on the lawsuit). https://en.wikipedia.org/wiki/Hot_Coffee_%28film%29

        • https://plus.google.com/+AlexFischer Alex Fischer

          And if I remember correctly, the lady didn't want a lot of money, she just wanted her medical expenses paid and McDonald's basically told her to get lost which is why she then took the company to court.

        • tekfr33kn

          Just to clarify, she got 3rd degree burns between her legs because she put the hot coffee between her legs as she was driving off. The pressure popped the lid and the coffee spilled out, causing the burns. Even if the temperature of the coffee has been lower (for immediate consumption) the way she held the coffee had a lot to do with the damages suffered and she shared some responsibility. However, the courts didn't see it that way and wanted punitive damages to be high.

          • CTT

            She was not driving, and the car was parked.

          • Johnny Bravo

            she was in the passengers seat and her grandson was in the drivers seat. Better yet, they weren't moving; they were PARKED in the McDonalds parking lot. The Drive Thru attendant didn't put the lid on tightly which is why it popped off when she grabbed her cup, she never had the coffee between her legs.

          • RaptorOO7

            She still HAD the cup between her legs, it doesn't belong there. We have far too many cup holders in American cars to begin with.

          • DJ

            Many cars do not have cup holders, especially not in 1992.

          • tekfr33kn

            We may be discussing two different cases. After all, McD's has been sued more than once for hot coffee in the lap. The case I'm thinking of, the woman was definitely driving away.

            The take away for this whole discussion is that the US is a very litigious society. Personal responsibility is rarely a factor. It's very sad.

          • tekfr33kn
          • Johnny Bravo

            alright, maybe it was between her legs. for some reason that was not how my brain wanted to remember it.

          • AJH

            Coffee served at temperatures suitable for drinking would have caused 2nd degree burns. Still bad, but not the massive tissue damage she suffered due to McD's extremely high temperatures.

          • DJ

            The car was not in motion, she was not driving. She was putting cream and sugar in her coffee. And was a jury of peers who assessed punitive damages, "the courts" reduced the damages on appeal.

        • frafri

          She never put the coffee between her legs, she never went to MCD. in fact, she never got coffee. because she never got up that day. because she never existed.

          • rEVERSEcAMELcASE

            The coffee is a lie

      • markgbe

        Anyone who thinks a lawsuit from getting burnt by hot coffee is not frivolous is a jack ass, fact.

        You don't use your crotch as a storage location for boiling things, it's very simple.

        • simp1istic

          There's certainly a jackass or two here, but it's not the people you think it is.

          • markgbe

            yeah... i think i already made it clear. It's the people who agree that hot coffee is the problem here, not what the person does with the hot coffee. :)

            That reminds me, i'm going to go store my gasoline next to my fireplace and sue Exxon Mobil because my house burned down.

          • simp1istic

            I'm happy to live in a country where the Jurors on the case vehemently disagreed with you. Sometimes justice does prevail I guess. Have fun burning your house down.

          • markgbe

            "Justice", LOL.

            Whatever blows your hair back.

          • simp1istic

            Hey man, a (great) jury made the call. Not me. Blame the founding fathers i guess! Or maybe go all the way back to english laws beginnings.

          • markgbe

            i blame only individuals who don't take responsibility for their own actions in life, like the mother in the article we're commenting on.

          • simp1istic

            I tend to realize we're all members of a society in which we can't and shouldn't be expected to be experts on every single facet of our lives. Particularly in the (to most people) often intimidating and confusing technology sector. People should absolutely be weary and take responsibility as well.

          • markgbe

            absolutely.

          • http://turbofool.com Jarrett Lennon Kaufman

            What about corporations who don't take responsibility for their own actions? They get no blame? The coffee was illegally hot. They'd been cited multiple times for making it too hot, and finally someone proved exactly why the law they'd been breaking was necessary. This has nothing to do with the woman and everything to do with enforcing the law against the corporation.

          • markgbe

            "illegally hot". Is that a fact? I've not been able to find any regulations on the temperature of hot drinks unless i'm missing it?

          • Swaminathan Venkatesh

            Sorry to beat a dead horse, but was there a legally hot temperature for coffee before this incident or after this incident?

          • http://turbofool.com Jarrett Lennon Kaufman

            From everything I've previously read on the topic, yes, there was an established legally safe temperature which is why they were able to be cited multiple times before this. Having said that, I readily admit I'm having trouble finding sourcing for that information now (partially because I'm at work and limited on time), so my position doesn't have a citation to back it. If anyone can prove otherwise, fine. But from everything I've read, besides our own initial knee-jerk "derp, coffee is hot, this is insane" reactions, the case was actually quite clearly legitimate.

          • Swaminathan Venkatesh

            That's interesting. If there was a set max temperature to serve coffee, it shouldn't matter whether the consumer spills it or not. Open and shut case. Just the damages needed to be analyzed.

          • http://blake.pm Blake Mitchell

            That comparison is intellectually dishonest. McDonalds was purposely making the coffee hotter than they should have been because it would make a pot last longer. They made a decision for profit that put this woman in a position to get burns from coffee that was too hot. Was it her fault that she spilled it? Sure. Was the location of the burns her fault? Sure. Would she have had those type of burns had McDonalds not had the coffee overheated? No.

            A more apt analogy would be if a gas company put an additive in gasoline that increased their profits but as a side effect would ignite from a fire 100 25 feet away. You then stored your gas tank in the garage and your house burned down.

          • markgbe

            agree with all of this. The struggle is personal responsibility vs something potentially dangerous.

            At what point do you point fingers at something inherently dangerous vs pointing at the user.

            Age old argument i guess..

            guns

            fast vehicles

            drugs, alcohol

            coffee....

          • http://blake.pm Blake Mitchell

            Some of those arguments don't fit with this though. The gun argument is about whether you should be able to have one and inflict upon others.

            The thing about coffee vs driving fast, drugs, and alcohol is that those are none dangers at this point. You know what you are getting with these things. Coffee you expect to be hot but don't expect to melt your flesh off. That is why McDonalds was liable and the amount was high because it was punitive. If you slap them on the wrist they don't have the incentive to change.

        • Neo’s TV

          people who purchase a liquid that is intended for consumption should be able to make the reasonable assumption that the liquid is "safe." Safe to drink, hold etc. without causing physical damage to the body. not frivolous.Regular coffee is HOT. 155-175 F. McDonald's was serving near boiling temperatures. 195-205 F

        • LeightoWR

          The issue was that she would have been burnt just as badly if she had just dropped the coffee on herself (as opposed to cradling it near her vag). Reasonable foreseeability would suggest that if you serve almost two million dollars worth of coffee everyday (as stated above) eventually someone's going to spill it on themselves so it's pretty obvious that McD's shouldn't be serving something that'll cause 3rd degree burns on contact. The lawsuit was based on the suffrage of damages not how they were received as they would have been the exact same if she had spilt the coffee any other way because McD's were deliberately overheating it.

      • Jonathan Ly

        You obviously don't know the actual happenings of the case....

      • DrCarpy

        http://www.dailymail.co.uk/news/article-2470792/Stella-Liebecks-hot-coffee-McDonalds-lawsuit-The-truth.html

        Knowledge is key to any rebuttal. Feel free to click the link above, and empower yourself with fact, rather than fiction. The others 39 folks at the time of this post can do the same as well.

        As a parent with a young child, I ensure my child doesn't make in app purchases. Feel free to parent and not pass the buck to Google who didn't sire this child.

        • markgbe

          i'm well versed on the facts. The point is, boiling (or near boiling) things go in a cup holder not in a crotch.

          • DrCarpy

            So I guess the scalding coffee wasn't the problem. Had she not spilled the coffee and just tried to drink it, she still would have suffered injury. So what's your point?

          • markgbe

            i drink coffee today that is too hot, i wait until it is not hot.... that is my point.

          • DrCarpy

            https://www.youtube.com/watch?v=pCkL9UlmCOE

            Try heating any liquid to 180 F to 190 F. Go pour it on yourself. Come back and post the results. You have nothing to fear according to your "logic"

          • markgbe

            my logic is i don't pour it on myself, lol.

          • DrCarpy

            It wasn't her intention. Hence an accident. It was intentionally 180-190F. Therein lies the problem. If not her, it would have been someone else, another patron, employee, etc. It was an easy fix, yet they (McDonalds) chose not to recognise their mistake until there was grievous injury. Surprise that a big corporation would choose bottom lines over people.

          • markgbe

            Problem indeed. 190 deg water, that is/was not illegal. This is a hot button issue for good reason.

          • AJH

            There is a difference between hot coffee and coffee that is so hot that it causes tissue and nerve damage. Coffee from your typical at-home coffee machine is not going to be that temperature. McD's deliberately brewed coffee 30 degrees warmer than your typical coffee machine. Might not sound like much, but that's the difference between a small burn and maybe a blister to permanent damage. Especially since McD's uses styrofoam-lined cups, so often it is unclear exactly how hot the coffee is until you've taken a sip.

          • Pierre Gardin

            Should we also remove seat belts in cars to punish people who don't drive careful enough?

          • markgbe

            yes survival of the fittest. :)

      • Johnny Bravo

        It turns out the media actually somehow made the lady look like an idiot. If you actually listen to the whole story it turns out the lady was justified. (And I feel bad because I was one of those people who said that suing McDonalds because your coffee is hot is absurd and idiotic)

        First off the coffee was way too hot. Turns out McDonalds would over heat it to an extreme degree because they figured people go to work or do something else before they actually take a sip from their cup. By then the coffee would have been cold and they would get a bad rep. (By the way, coffee is a big deal since McDonalds makes about $2 million per day just from coffee.)
        The lady was also not driving,she was in the passenger seat. Better yet, the car wasn't even moving. They were in the McDonalds parking lot. Even more, apparently the lid was not put on tightly so when she did pick up the cup, the top flew off and because of physics, coffee fell and burned her thighs.
        Now I'm sure we all had some accident and had some kind of a minor burn, and we're all thinking "it is still ridiculous to sue them". The pictures and medical reports they have show that she actually had a 2nd or 3rd degree (can't remember off the top of my head) burn on her thighs.

      • lee jun-hoe

        Coffee has been served as hot as far as anyone remembers. And (I hope) that everyone knows that the boiling water is 100C. Is anyone else trying to say that somehow MacD made it higher than 100C? If you spill hot boiling water on yourself, are you going to sue the law of physics for making water so "unnaturally hot"?

        Most people liked their coffee hot, which is the way it is served. If you want your coffee not hot or warm, you should tell the barista then. Just like most ppl like their pizzas piping hot from the oven, and most folks probably have experienced trying to grab a hot pizza and then had to pull back quickly. So if you keep a hot pizza between your legs and the carton came lose and you burn yourself, you should definitely sue the pizza place.

        What happened to personal accountability? And yes, I'd like if folks who complain that the coffee at MacDonalds (or anywhere else) is unnaturally hot to please specify clearly to the barrista, "WARM coffee please, don't give me any of the unnaturally hot stuff!"

        • Pierre Gardin

          Your analogy is dead wrong ("had to pull back quickly" vs hospitalization-level tissue damage).

      • RaptorOO7

        That and she was such a genius she put the cup where it didn't belong to begin with. Seriously who puts a hot liquid (in a cup or otherwise) where it doesn't belong and not expect to get injured. Quick money grab that was as well.

      • dandmcd

        Take a look at the real photos of the burns the lady suffered and after tell me it was frivolous at that point. Yes, the dollar amount of the lawsuit was far too high, imo, but I would have agreed with the judge. It also was found this was happening at many McDonalds and not SOP to do so. It was boiling burn your insides hot.

      • Brit

        You should probably go see the movie in it. I believe it's called "hot coffee" the burns she got were ridiculous. Yes I think people sue just to sue but I do think that the coffee she got was ridiculously hot.

    • cwalton3

      Don't say all of US but California this is common practice for almost everything.

    • bremberdee

      Let me guess, Canadian? Must be nice to be America's bitch...

      • C Sab

        We wouldn't know, we're the ones on top. Literally and figuratively. Bitch. ;)

    • Elihú Rodriguez

      agreed -_______-
      it seems to be our culture now.. it only takes one imbecile to ruin it for the rest.

    • Guest

      The funny thing is that the password entry requirement is actually enabled by default. When that option first appeared it was already checked on my devices.

      One has to knowingly disable it for this scenario to happen. This is a pretty obvious money grab.

      • Tim Harper

        If he downloaded a bunch of apps, I'd agree with you. However, it's not common knowledge that IAPs use the same protection. Some people don't even know about IAPs.

        • RaptorOO7

          Then don't use the technology if you don't know what you are doing. Ignorance is no excuse when a simple Google search or YouTube search or reading the TOS would have worked.

          How about just disputing the charges on your credit card, no they want money back from Google. Funny how these lawsuits always seem to come out of CA.

        • John Doe

          IAP must use google wallet and go through the play store which by default requires you to enter a password to make a purchase unless you select the never ask me again box or disable it in play store settings. Meaning she knowingly disabled purchasing password protection its like PPV on cable/satellite you can't call complaining if you disabled your password.

          • Gabernasher

            No, it's like you order a PPV movie for your kid with a password, then they go and order 30 more things because they disable the password for 30 minutes after you enter it. So it's actually like she bought the kid the game, which is a paid game.
            https://play.google.com/store/apps/details?id=com.marvel.runjumpsmash_goo

            Because you can buy stuff for 30 minutes after a password is entered, the kid spent ~$66 without needing a password.
            Please try again.

          • Sven Johannsen

            OK, trying again. The article clearly notes that the 30 min window is only if the user unchecks the default "use password to restrict purchases." Leaving that checked requires a PW on each and every purchase, regardless how recent it was. She apparently opted for the window. The window length may not be obvious, but if you turn off a setting that says "use password to restrict purchases." then you might want to assume you no longer need a PW to make purchases. Oh, and maybe tell your kid not to make purchases.

          • Gabernasher

            The article is clearly wrong. What 30 minute window would there be if the password isn't used to restrict purchases? Check the policy on Google Play, or look for one of my many comments where it's quoted.

          • Sven Johannsen

            Had you read past the first line, you might have noticed I said that. The 30 min window is normal and the default. Maybe that should be clearer. Having to 'find out more' on a setting you never go to, or having to search for one of your illustrative posts on a setting that implies the PW restricts purchases, might be less than intuitive. If it says PW required, why would anyone assume they need to find out more. I imagine it would be a nice touch if it noted that there is a 30 min window when you put in your PW. That way you would certainly be aware of it. Little msg box "You now have 30 min of unrestricted purchasing access." Regardless, I still stand by accepting responsibility, not passing it off.

          • Gabernasher

            It's call a class action lawsuit since Google didn't learn from the suit Apple lots for the same exact reason, it's called a lot less headache for a lot of people if she wins and they change it.

      • Johnny Bravo

        not to mention android tablets (and rooted phones with custom roms) have the option too add other users for scenarios just like this.

      • Guest

        Actually, we re-created the scenario... yes, the box may be checked, but it is bypassed if you were in the kid's app and made purchases for jewels or gems or whatever, from "within" the app. It seemed to bypass any google play type blocks that were effective if you purchased from google play upfront - like purchasing an app itself.

    • Leonardo Farage Freitas

      In Brazil costumer service is horrible, for we don't have the culture of suing left and right. Dunno if having all this law suits dooming over the companies would change anything, but still IMO everyone has the right to sue what they think is right.

    • realitysconcierge

      I saw that and I was like... Wut.

    • RaptorOO7

      Agreed. I turned off the password requirement on my Android phone/tablets since I am the only one who uses it. I hate entering the password everytime especially if you use 2-step authentication which has an app specific password.

    • John Gage

      First off, stop being a xenophobic beta. Second of all, please RTFA. Password request for credit card purchase is not only ON by default, but also, _she had it ON_.

      Her gripe is:
      1. Kid whines so he can play game on mom's smartphone.

      2. Mom sedates kid by buying game/entering google play credit card password.
      3. Mom hands phone back to kid so he can play game.

      4. Unbeknownst to mom, once the password for a purchase is used for said purchase, it is cached for 30 more minutes without needing to be input again.
      5. Kid pays2win for a bunch of in-app purchases within that 30 minute window where he would normally be paywalled by password protection, but is not.

      Google is probably going to settle this and lower password cache time to 5 minutes, if possible. Otherwise they're going to have to put a 30 minute lockout period on successive purchases with the same credit card number in succession. People would complain massively about this latter solution, so I doubt that will be the solution.

      • Gabernasher

        How about they just have an option to ALWAYS require the password, and have that be the default. Not always every 30 minutes, but ALWAYS.

      • Patrick Beliveau

        And this is why the stupidity is allowed to persist because people like you defend it and allow it to keep going on.

        Just because people dont know what they are dealing with and dont read everything, doesnt mean the company (google) is at fault.

        It's also not google's fault that this mother soothes her child by giving him her phone. And before you go off about me not having kids, I have a daughter, and she has her own account, not linked to a credit card. Google is fun like that allowing multiple accounts on devices. She knows the rules about when she can have my phone, and when she asks, I switch it to her account and let her play.

        Poor parenting and poor supervision of your child is not an excuse to file a lawsuit.

        • John Gage

          I'm not defending the suit as it stands because line 19 has an error in it and needs to be fixed in order to make sense.

          What I am defending is the precedence that Google should never cache the password for any amount of time and require password input for every single purchase unless opted out in settings. Apple got sued by the FTC for this behavior and settled out for over 30 million back on January 15th. Google will probably do the same.

          Let's say anyone buys an app and inputs their password. Then they download a free game for their kid. Game's free, everything should be cool. Nope, the password protection is disabled for 30 minutes after the first app purchase and now the free game is vulnerable to non-checked purchases. That's nonsensical behavior. I don't agree someone should sue over it, but I do agree that it needs to be fixed. The FTC agrees Apple/Google is at fault and it should be fixed, as well.

          I don't care what you believe, I just want you to know the facts and how the behavior actually works properly before you go off on some anti-american tangent about how password protection was disabled when it was NOT. Then you claim, "And this is why the stupidity is allowed to persist because people like you defend it and allow it to keep going on." Do you mean stupidity as in failing at reading comprehension? If so, you're fucked and I'm sorry your daughter has a mentally incompetent father. It's okay, though, because I'll defend you.

  • Rebecca Raven

    If you turn off the password protection for purchases, you get what you deserve.

    No one uses my phone but me but I still maintain password protection for purchases and password access to my phone generally.

    • one

      You don't seem to understand that once you enter your password, there's a 30 minute window where its not needed.

      • Guest

        RTFA "At the moment the 30-minute window can be avoided by going into the Settings menu of the Google Play Store and checking the option to "use password to restrict purchases." That will force the user to input their password, even for in-app purchases on a newly-downloaded game. In fact, this is the default behavior for Google Play"

        • Igor

          As far as I know and had experienced it doesn't work that way. Here is what Google help says about it
          "After you’ve entered your password, you can make purchases on Google Play for 30 minutes without entering it again. After 30 minutes, you’ll need to enter your password again before making a purchase."

          I bought a game that rquired password and handed tablet to my children being 100% sure that to make any purchace they need a password. 15 minutes after the orginal purchace they made 10$ in app purchace, bacuase of google caching a password.

          I hard reset the device after any purchace before I let my children play to avoid accidental sending.

          I wanted to fill in refound on google page but after 5 time it faild in a row without a telling a reason I just gave up myself.

          I would have been in USA I woudl sue.

        • TFAISWRONG

          TFA is wrong.

          "After you’ve entered your password, you can make purchases on Google Play for 30 minutes without entering it again. After 30 minutes, you’ll need to enter your password again before making a purchase."

          https://support.google.com/googleplay/answer/2889951

          AP Is not the word of God, though if it was, it wouldn't exist as that's just a fairy tale anyways.

      • xxritcheyxx

        ap said that is only if you go through the settings and set it that way.

        • chnipokemon

          read "this is the default behavior for Google Play"

        • Cj

          Have you even looked at your phone recently (assuming you have an android device)? This is definitely the default behavior. You have to actively turn if off

  • Gregg

    Buy your kid a cheap ass tablet (plenty to choose from and if your 5 year old breaks it, you're not out $300), set them up their own Google account, and don't add a credit card to the account. Hey... problem solved! Or, or, how about this... get your 5 year old kid playing with Lego, crayons, play-doh or anything else that gets their brain going!

    • playpoo

      Saw that as play-poo and it made my day!

      • SSDROiD

        Playing with poo? Such parenting. Wow. :P

        • KingofPing

          doge reference?

  • Ryan

    This it's why stupid people shouldn't own electronics. If you don't understand what you're using, and you refuse to read notifications, it doesn't become the manufacturers fault. You can't sure Ford for wrecking a car if you don't know how to drive, this should be no different.

    • SSDROiD

      "You can't sue Ford for wrecking a car if you don't know how to drive."
      Oh, I'm sure plenty of people would find a way, LOL.

    • k

      I have to ask: How is it on that pedestal? How do you know this woman and her child? You read a 5 paragraph article and immediately come to the conclusion she must just be stupid. People make mistakes and sometimes bringing a suit is the only way to get something to change.

      • SSDROiD

        Hello, Jon, let me guide you through it: On the Internet, people make early accusations. It just happens. People love to try and resolve the case without even 10% of the facts. It's annoying, but it happens every single day to almost any kind of article. Welcome to the age of the Internet!

      • KingofPing

        "People make mistakes"

        Yes. They do. None of us know everything. We're all bound to make mistakes born solely from ignorance.

        The best people learn from those mistakes and move on.

        The worst make *others* pay for their lack of knowledge.

        We don't need to know her or her child. We can assume ignorance, apathy, or malicious intent. The result is the same: She's trying to make others pay for her mistake.

      • Twelk

        "People make mistakes" but it always seem to be somebody else's fault.

      • Pearl

        "sometimes bringing a suit is the only way to get something to change."
        Yep, I agree.
        But it's not "sometimes", unfortunately, it's "All of the times".
        Big companies won't bother to listen to user complains unless they faced with suit or huge loss.

      • Ryan

        You mean she "accidentally" disabled the default option to require passwords for purchase? Or how she neglected to monitor he child's activity while on the device? -_-

  • Tim Harper

    Yay! Hopefully it will kill the trend of IAP crap. There are so many great games destroyed by this.

  • imsoupercereal

    Welp this is easy enough. Be responsible for your kids and what you allow them to do. Case closed.

    • Aaron Jaeger

      You have to keep in mind that this case is being tried in California. There are a lot of liberal people (and judges) living in California. Some of those people don't consider personal responsibility an important thing.

      I too hope they do the right thing and throw the case out. Class action lawsuits usually just feed the lawyers and cost companies undue legal fees. The plaintiffs hardly receive anything.

      • Michael Vieux

        Nothing in this article says the mother wasn't being responsible.
        Even if she had had a password in place to prevent purchases, it clearly states that Google disables the password for 30 minutes.
        So, unless when you make a purchase Google States in clear language that your password is being disabled, who is at fault?

        Why would anyone expect a security device meant to prevent fraudulent use expect it be turned off for 30 minutes?

        Would you be irresponsible if Visa, or Mastercard did this, and for 30 minutes after you swiped your card anyone else could make purchases?

  • http://google.com/+derekross Derek Ross

    "Imber-Gluck must have disabled it herself through the menu or one of the in-app purchase popup dialogs in order to open up the 30-minute window."

    I believe you're incorrect. She could have easily just bought an app and then handed her tablet to her kid. He then could have had free range to do anything for 30 minutes.

    I tried this earlier this morning after I heard about the story. You attempt to buy one app, you're prompted to enter your password. Then you try to buy another app immediately afterwards, and you're NOT prompted for your password. I tried to buy an app 30 minutes later, typed in my password as expected, then was once again allowed to immediately buy another app.

    • TheFirstUniverseKing

      This. It's a problem that Google needs to fix. Who actually buys that many apps in a 30 minute window that entering their password as a security measure is an inconvenience? This 30 minute window is unnecessary. Although the title makes the case seem ridiculous, what the lawsuit is suing for actually makes sense and will further secure end-users if won. I don't know why everyone is jumping on the mother's case, when Google doesn't clearly explain their 30 minute window to the user.

      • Hugo

        I believe the 30min window is there as a consequence of IAP, you want to keep the user in "gaming mode", having to type in a password breaks the "gaming buzz", it probably sounds evil but devs need income too and if everything was sensible no-one would play any games at all, the Play store needs to have the pin code back, it's fast and protects moderately against kids.

        • jesuguru

          Makes sense, but then why not have an IAP code - very easy to type in (3-4 digits), but 3 failed attempts means typing in your normal (strong) password.

          Edit: sorry didn't see you suggested pin code at end. Agreed.

      • Joris Griffioen

        "I don't know why everyone is jumping on the mother's case"

        Because she's blaming "the system" instead of simply keeping an eye on her child or teaching it not to click dollar values. (oh and if the kid can't learn that yet it shouldn't be using a device connected to a credit card)

        • SSDROiD

          And even if that fails, there's almost always a cheap device out there available to be bought. As much as we all love the brand-new top-of-the-line devices, older devices are still plentiful and good for a child to use, especially one who basically has no idea what they're doing (i.e. clicking on lots of dollar signs).

          • Twelk

            But if it's the childs personal device and they have their own account they won't have a credit card connected and this problem would never have happened.

        • TheFirstUniverseKing

          You're assuming she's solely blaming the system. She probably partially blames herself, but wants Google to fix this issue so that others don't experience the same frustration. Do you expect her to sue herself for her bad behavior as well? You nor I know the whole story or what role she feels she plays in this matter. But at the end of the day, the mother winning this lawsuit is a good thing for all consumers. How is fixing a bad system a bad thing?

          • Joris Griffioen

            No, blaming the system *at all* is wrong in my opinion.

            Also, you're interpreting it as if I think the current system is fine, that is not true, it needs to be changed, obviously. But that is not related to her failing in monitoring her child or education herself as to how the system *currently* works.

          • Michael Vieux

            "education herself as to how the system *currently* works."

            How clear does Google make it, that the password request will be turned off?
            How easy does Google make it for a user to know this?
            Even the almighty Apple got in trouble for something similar.
            If you’re going to sell to the average citizen, then you have a responsibility to make sure you clearly state "How Things Work" or you look like you're trying to take advantage of them.

            The problem with tech is, it's developed by techies who assume everyone has the same level of knowledge as them.
            They then turn around and sell it to everyone regardless of education or knowledge.
            Then when a problem arises they get all offended and claim the users are to ignorant to use the tech.

            I don't use Apple but they've built a huge business by realizing this.

          • Raymond Hawkins

            No, we don't expect her to sue herself. We don't expect her to sue ANYBODY over $66 for something that's her fault.

            Google keeps that 30 minute window for the convenience of us, the users. I hate re-entering my password over and over but like it to have to be entered if I've not been using my phone and somebody else finds it or something.

      • Twelk

        I think the 30 minute window is helpful for users buying music.

        • jesuguru

          Fair enough, perhaps allow an exception for music, not apps. Most kids are likely to abuse IAP's (games), rather than music or movies etc.

        • Guest

          How about they just have a checkmark to "remember password for __ minutes" where you enter the amount of time, it defaults to 0.

    • Simon Belmont

      Yeah. That's what I observed, too, a few weeks ago when I bought two apps about ten minutes apart (entered password for first one, but no password needed for second).

      I guess Google could add a checkbox to "require password for all transactions" or something like that, regardless of the 30 window (and of course, a password would be needed to uncheck that box). Just a thought.

      • http://google.com/+derekross Derek Ross

        That's what I would ultimately like to see, an additional checkbox.

        • Palin

          Absolutely needed. But I doubt they will ever give that option.

          Big companies these day are reluctant to give user any additional freedom, err.. I mean choice. Even if it's only a single checkbox.
          Unless they faced with huge income loss or lawsuit, they won't bother.

    • Aaron Jaeger

      Google would win some points by offering a refund to those affected. And perhaps make it so that all purchases, no matter how close together, are password protected. But some big lawsuit should not be necessary. This country is already too litigious as it is.

      • Gabernasher

        Unfortunately class action is probably the fastest way to get this done, Apple lost a big suit over this SAME EXACT THING, yet Google is still doing it.

  • Michael Price

    That's why I have mine password protected so my daughter doesn't spend a bunch of money on in app purchases.

    • Michael Vieux

      Read the article Michael, Google turns the password protection off automatically for 30 minutes after a purchase.
      So buy anything and the password is turned off.
      So the kiddies can make In App Purchases for 30 minutes in any game you have purchased in the past.

      Not what you or I expected I'm sure

  • Dimitrios Kirkos

    Guys, don't rush to blame it on the user. The whole "click and charge" policy is immenesly stupid on a mobile device which can fall into hands of relatives or stolen. Google Wallet wants to implement click and charge on every site you visit. Password should be required by default, no windows, or the user should be informed for this.

    As a general rule, the user has to now nothing he wasn't informed about.

    • SSDROiD

      I would be fine with accepting that she isn't necessarily what caused the problem, but suing over it? That's her stupidity all the way.

      • TheFirstUniverseKing

        What? Do you think Google would implement a change if the mother sent a politely worded email? Lawsuits generate a discussion and make consumers and the company being sued give extra thought into the matter instead of throwing it in a junk folder for a bot to reply to.

        • SSDROiD

          Maybe? I haven't tried, so I don't know what kind of a response I'd be given. Either way, there's no way in hell I'd sue over such an issue, if we can even call it an issue. I'd understand it if the kid spent $20,000, but he didn't even spend $100. There are so many other ways to resolve this issue rather than a lawsuit. And yes, lawsuits do indeed create discussion, although (as you can see from the comments) very few of them positively towards her. She gets ridiculed over this.

          • Gabernasher

            How many kids have inadvertently spent how much money? It's a whole lot more than $66.

          • SSDROiD

            OK, fine, I didn't think about it that way. I still think a lawsuit is going too far, but I can understand that other people think differently. Agree to disagree! :)

          • Gabernasher

            Apple got slapped for this EXACT thing. Why Google didn't learn from their mistakes is beyond me, they're more than likely going to lose.

  • bungadudu

    So she alone disabled the default password protection (a simple mechanism which wouldn't allow this to happen) and now wants others to repay for her stupidity?

    Before buying any new sort of technology you should be required an iq test.

    Smartphones. Dumb people.

    • Tim Harper

      Read Derek Ross's comment below. She may not have even disabled the protection. Once you enter the password, there's a thirty minute window that many purple don't know about

      • Romero

        "Apparently Google is equating the download of a free app (which doesn't require a password) with a purchase, clearing users to make restriction-free purchases during the 30-minute window (but only if the password check has been previously disabled)."

        She would have had to clear the check for passwords herself, so, it is actually her fault for turning that feature off.

        • Michael Vieux

          No they turn off the password request even if you have the Password request checked, that's the problem.

        • Gabernasher

          Think about it, what 30 minute window would there be if the password was not required? Clearly there's a mistake in the article, the 30 minute window is after you enter your password because you have purchases restricted to require a password. If there's no password required, there would be no 30 minute window where the password isn't required.

  • Marcellus1

    Totally the mom's fault. However, Google should put purchase controls on the device, like Amazon, rather than or in addition to in the cloud. I don't allow any purchases or in-app purchases on my kindle fire the kids use without a password but I don't want to also have to put in a password on my phone when making a purchase.

  • SSDROiD

    "Oh no, something went wrong! WHO CAN WE SUE!?"

  • solbin

    Fine, let her sue, but ONLY for herself. Suing on the behalf of others bullshit? Yeah, just give me $20 million because I allowed my kid to spend $60 on IAP. Either way, this needs to be thrown out of court.

    • SSDROiD

      "I bumped my toe on the table. That table was obviously placed there specifically to injure me. I'm going to sue for myself and everybody else in similar situations".

      I feel that's sort of a synonym-situation :P

    • jesuguru

      Could be wrong, but I don't think she's looking for huge settlement, rather the suit is about forcing Google to change (and recoup her $66 and maybe lawyer's fees). Agreed, she shouldn't get more than that.

  • StankyChikin

    Geesh.. Complain to Google about it's 30 minute policy, discipline your child, and be done with it. People will sue for anything nowadays.

    • Guest

      And nothing will change, the 30 minute policy needs a way to be disabled.

      • StankyChikin

        It will change if enough people complain.

        • Guest

          Or she can file suit, win, and the government will force a change for the better.

  • RiTCHiE

    Thats what you get for being a dumb mother. Nothing in this world comes for free so when it does your part of the product and your ass gets owned. But them americans will sue companys for the most retarded reasons anyways so guess this is normal for them.

  • Blane Stroud

    Well, who cares about everyone else? She's the dumb bimbo that's clicking around without looking. You have to purposely turn that setting off.

    • L2Read

      "After you’ve entered your password, you can make purchases on Google Play for 30 minutes without entering it again. After 30 minutes, you’ll need to enter your password again before making a purchase."

      https://support.google.com/googleplay/answer/2889951

      You were saying?
      She could have easily bought app or book on her account on a different device.

  • http://brgulker.wordpress.com/ brgulker

    If it is the case that there's a half-hour window, then I support this lawsuit, because it will produce a positive outcome.

    • SSDROiD

      You support a lawsuit that when we do something wrong that caused us less than $100, we can sue and win? And what kind of a positive outcome would it be if she does win and such a lawsuit would be OK and acceptable?

      • TheFirstUniverseKing

        It's the principal, not the amount of money. Should every issue be brushed under the rug just because not enough money is involved? Besides this same issue can cause someone else to lose even more money (although a lot of in-app/app purchases would need to be made within that 30 minute window). And I guarantee you the total amount of money lost from everyone who has ran into this issue equals a LOT more than $66. I support this lawsuit.

        • Mark Curtis

          Yeah who needs personal responsibility? SUE SUE SUE

          • TheFirstUniverseKing

            Google doesn't make it apparent that there is a 30 minute window. Not even I would know about it if I didn't encounter it through personal experience. You have to know about it already in order to search for support documents about it. How backwards is that?

          • Guest

            This has nothing to do with personal responsibility and the terrible concept of if I choose "Use password to restrict purchases" it only restricts them 30 minutes after the last time I entered my password. If I buy a game for my kid, I don't want them to have unlimited access to IAPs and other app / movie / music purchases for 30 minutes when I specifically told Google to restrict them with a password.

  • Mark Curtis

    If this goes through, I'll then sue Google for lost time and stress because it took me so long to buy a bunch of apps since I had to re-enter my password every time.

    • SSDROiD

      While we're at it, I'll then sue Google for discrimination because Google Play Music All Access is not available in Norway.

  • Hugo

    The Play store authentication needs an overhaul, requesting the password for every purchase is cumbersome if you take security seriously, for example I have a strong 20char password that I have to type in for every purchase luckily I don't do IAP and only buy an app or book once or twice a week. The old system with the pin code was a lot more practical and only after a few wrong pins the full password had to be entered. But that pin was not synced so had to be set up on each device and was easily thwarted by resetting the Play app. That said, on a tablet it is not difficult to setup extra restricted users for kids, I have it setup for all my kids and have not run into any problems whatsoever.

  • NotTheTodd

    Um. If you're not a moron, you can set Google Play so that you need to enter your password to purchase anything. Problem solved. Woman is stupid and probably a terrible parent

    • SSDROiD

      That's escalating it just a *little* bit too much. You most likely have no idea if she is a terrible parent or not from this. All we know is she doesn't exactly take much interest in the technology she owns and this time that bit her hard and now she's blaming it on Google. That has nothing to do with parenting.

      • Simon Belmont

        Yeah. I get that some people aren't tech savvy and they overreact with a lawsuit that seems questionable, but that doesn't make them a "terrible parent" at all.

        This isn't a parenting issue, it's a lack of bothering to educate themselves on how Google Play's transactions works. You better believe that when my kids are old enough to go tapping around on the screen of a tablet, that I'll have all transactions locked down like Fort Knox, because I will bother to care about that sort of thing and not blame Google for it.

        • Joris Griffioen

          I'd say there's a lack of self-education. The device has access to your credit card, why would you not take the time and make sure it's secure?! (you did, she didn't)

          • Drago

            That's what he said. "It's a lack of bothering to educate themselves on how Google Play's transactions works."

            As far as I can see, she probably authorized the payment for the app and then the 30 minute window allowed the kid to make in app payments. That's the default behavior of the Google Play Store even if you require the password.

        • Michael Vieux

          You can't lock it down like "Ft Knox" that's the problem and why the lawsuit .

    • Michael Vieux

      You obviously didn't read the article or any of the comments.
      So before you start throwing the "Moron" label around why don't you do that.

      Let me save you some time:
      Google turns off the password protection automatically for 30 minutes after a purchase .
      Buy anything from Google Play and every app with IAP, no matter when you bought it is wide open for 30 minutes.
      That's the problem and what the lawsuit is about.

      If I used to many big words let me know and I'll try to dumb it down even further for you.

    • L2Read

      "After you’ve entered your password, you can make purchases on Google Play for 30 minutes without entering it again. After 30 minutes, you’ll need to enter your password again before making a purchase."

      https://support.google.com/googleplay/answer/2889951

      You're stupid and probably a terrible person.

  • Joris Griffioen

    I'm sorry, but besides all the bs about the password requirements, that screen still just displays dollar amounts. You should A: teach your kid not to just click those, and/or B: keep an eye on them when they are using a device that had permission to do credit card transactions.

  • Eoin

    What is up with all these comments? The amount of vitriol here seems a little over the top! Am I the only one to think that games very much advertized to children should not be pushing IAPs? (or at least not pushing them as hard as we know they do)

    • Joris Griffioen

      Let's not suddenly pretend it's a kids game, it's just a regular running game. Yeah it's part of a franchise that is for kids as much as adults, but those movies are PG13 .. not for 5 year olds.

  • Scott

    IAPs are not cool at all. I absolutely hate them.

  • Elliot Kotis

    That was her fault, not googles, she need to be aware of what she is putting in her sons hands, but to quote SuperSize Me "The American way, sue the bastards."

    • Gabernasher

      Google should disclose the 30 minute window and allow us to disable it.

  • MUTINOUS

    From what I heard the difference between
    Google's lawsuit and Apple's lawsuit is that, at the time, Apple did not
    require a password for purchases and Google does.

    But I guess there is still a 30 minute window,
    so she bought the game, then walked away so the Child could run amuck with her
    phone?????

    • CTT

      Apple does require a password for all purchases, including free purchases, and always had. (They even had parental controls where you can disable IAP completely) But there is a 15 minute window where you do not have to enter in the password again. (Now, on iOS, initial IAP requires a password too)

      • MUTINOUS

        The FTC's complaint alleged that Apple failed to inform parents that by entering a password they were approving a single in-app purchase and also 15 minutes of additional unlimited purchases their children could make without further consent.

        It also said that Apple often presented a password prompt screen for parents to enter their details without explaining that this would finalise any purchase made in the app.

        http://www.bbc.com/news/technology-25748292

        So it sounds like the lawsuit is that Apple did not inform their users. Does Google?

        • CTT

          The problem is that the password never actually finalized the purchase. After the password was entered, then it would ask you to conform the purchase for $x.xx with a buy button. It has been like that for as long as I know.

          I am not exactly sure how it works on Android since I never made an Abdroid app with IAP.

  • Dude

    I purchase apps for the kids devices through my PC, don't know if the 30 minute window still applies on the device it was downloaded to. We do not allow the to purchase IAP for any reason.
    This woman's error in no way makes her a bad parent, not horribly tech savy perhaps but I bet either the people bashing her do not have children or have made far worse mistakes if they have children.
    The whole IAP idea is a 3 headed monster that needs to be slain...

  • WORPspeed

    Read it at first as "Mother Seuss, Google, after child buys..." Like as in Dr. Seuss...yeh didn't make much sense, had to reread it to read 'sues' right

  • Chris

    So stupid. You can set it so it asks for your password every time. I'm the only one that uses my phone, and I STILL make it ask for my password for every purchase. Sometimes I'll click it and then before entering my password change my mind and save the couple bucks. This person is an idiot.

    • Sir_Brizz

      I am the same way. I've accidentally tapped on an IAP I didn't want before.

    • Guest

      Buy something, enter your password then buy something else 15 minutes later, it won't ask for a password until 30 minutes have passed, even if you have it checked off to ask every time. Apple got slapped for the same thing.

      • Chris

        Ah. That does make more sense...

    • Michael Vieux

      Try it, the next time you make a purchase, you'll see you're not password protected for 30 minutes.
      That's the complaint and lawsuit.

  • GryphKid44

    So she disables the setting that would prevent this, let's the five year old play with the device unsupervised, and then sues?!?! As far as I am concerned she's lucky it was only $66.

  • markgbe

    What a scumbag this person is. Take some responsibility for your own mini scum. Pay your bill and shutty.

  • sdaelr

    I just don't understand this. My 2, 5 and 7 year olds have their own N7. My solution is I set up a "family" Google account that we actually all share, of course my partner and I have our own, but on the family account there is no stored credit card, If the kids want a new app we send them just enough money with Google wallet to purchase that app. Or side load it. Kids will be kids and I can see how easily this could happen but the solution is so simple. I don't understand how these lawsuits hold up.

    • Wesley Modderkolk

      Not everyone(in fact, most people aren't) as tech-savvy to even know about the existence of a family account, multiple user accounts, this 30 minute rule which makes very little sense whatsoever etc. etc.

      Honestly, I personally rate myself as quite an advanced user, but never heard of any of these things.

      • Gabernasher

        I hadn't heard of this 30 minute rule either, and I've had an Android device since the OG DROID and been rooting since a month after I got it.

  • WhoaManWtF

    I guess I don't make a lot of back to back purchases but it seems like if you haven't checked the never ask me box it will ask you for your password no matter the time frame... But even if not that is a free game you don't need a password to download free games so did she purchase her kid a gem pack and then he bought more? This sounds fishy as shit screw this lady, she should pay more attention to her kid instead of letting a tablet raise him.

    • guest

      "After you’ve entered your password, you can make purchases on Google Play for 30 minutes without entering it again. After 30 minutes, you’ll need to enter your password again before making a purchase."

      https://support.google.com/googleplay/answer/2889951
      You were saying?

      • WhoaManWtF

        I still say she should pay more attention to her kid and not be a absent minded parent, this is her fault she knew what she was putting in the hands of the kid.

        • guest

          So now you argue kids shouldn't be allowed tablets? That's right, let them churn butter in the backyard, no technology for the young.

          • WhoaManWtF

            Not at all, I say the parents should be more knowledgeable. My son has a tablet but he has his own Gmail account with no credit card attached, I randomly buy him gift cards.

          • Gabernasher

            Maybe she let her kid use her tablet? Had she bought anything 3 minutes prior to handing it to him he can buy whatever he wants. That's what the suit is about, it's not explicitly stated that that's how it works unless you go to that link.

  • Havoc70

    Someone please take away her smartphone as its obvious the phone is smarter than she is

  • PuzzledObserver

    I hope she will win. And, hopefully, IAP will be declared illegal.

    • Mark Curtis

      Yes, we should always make "thing I don't like" illegal

      • PuzzledObserver

        Not that extreme. There are full of apps I don't like in the store, because of low quality or simple b/c I don't know how to use. These are alright. But the IAPs are sneaky. Here is an example, one of us at home uses Beautiful Widget, the full version. Then they made a free version with IAPs. When I evaluated it, it was such a complexity and I may even end up paying more than the full version. The mess of all the various options for IAP drove me away from the Beautiful Widget app. Thanks to that I found a better alternative.

    • Guillaume

      I'd love that too, but I don't see that happening.

  • janzour

    she should have given the kid an account that has no credit card connected to it.... no shit, kids pend money if you let them it is her fault and her own stupidity, if I have kids and android os will be still alive or even smartphones will be then sure account with no credit card.

    • Sir_Brizz

      If this was on an Android tablet, she has no excuse. The multi user stuff is meant precisely for this (letting other people use your device and apps but not your account).

      • janzour

        true that, but also why give a kid a smartphone where the account has credit card connected to it? I saw kids these days they go to their parents devices and actually find out the lock pattern or also passwords and gain access.

        • Sir_Brizz

          Good questions :)

        • Gabernasher

          We don't know if she changed the default settings, it actually seems like she didn't considering the whole 30 minute rule has anything to do with the suit. If she disabled the password requirement there would be no 30 minute timer.

  • BGRUGGER

    Funny...my daughter (4) accidentally purchased the $20 superbike on bike race. no way in hell i would waste my money on a $20 app let alone a bike for game. Of course, i take responsibility for not having it password enabled. I emailed developers with no response...then emailed google app support and was refunded within 15 minutes...lesson, take responsibility for your actions and your children's actions, dont push the blame on others because you dont want to look like a dumbass

    • Raymond Hawkins

      Good job, sir! You did it right!

    • John O’Connor

      I'm rather interested in why she didn't do the same when these purchases were made or shortly thereafter. All purchases through Google Play generate an email receipt.

    • YouDummy

      You say " i take responsibility for not having it password enabled" then you say "emailed google app support and was refunded within 15 minutes" and of course the moral " take responsibility for your actions and your children's actions"

      So........... yeah.

  • Daldain

    One would be naive to not think this is what some developers try to exploit in their apps.

  • Jens Lange

    There are several ways to fix it. On the device it's a restricted profile, and yes only for tablets for now. I use that solution, and it works great. First I can install and buy any app that I like and only allow that apps for the restricted user that I find suitable. The restricted user can't buy anything.

    On google side maybe they should introduce some verification system via email. Like: Please click this link if you wan't to approve the purchase of "worthless cancerous crap iap" for just 999.99$.

  • Jeff

    Its actually not the default behavior, if you had Play Store prior to the inclusion of this option (and it was not always there either). Not sure which version included this feature, but I had to specifically enable it on all my devices when it was released years ago.
    It may be defaulted to ON for new users nowadays, but that was not always the case.

  • Boughten

    I was able to make a purchase without my password the other day. I went through all the steps then it asked me for my password. Since it is complex and I didn't feel like looking it up I thought I'd do it when I got home so at the password prompt I hit the back button. Imagine my surprise to get a purchase confirmation email 15 seconds later.

  • Mystery Man

    Google will lose like Apple.

    • Dumdumdum

      You can turn off the window in Google's system. In Apple's case you have no choice, but it's only 15 minutes.

      • Gabernasher

        No, you can't. You can only enable that the first time it requires a password.

  • Humberto Hernandez

    :facepalm:

    That the mother's fault, not Google's

    • duke69111

      I agree, where by default the restriction is checked.

      • Gabernasher

        Buy an app, then try to buy another one, it'll not ask for the password the second time, regardless of if it's checked to or not. Now try buying a song on your phone, then pick up your tablet and buy a $99.99 IAP, it won't ask for a password. This is what the suit is about.

  • RaptorOO7

    Perhaps parents shouldn't be using the tablet as the babysitter the way parents use the TV. You are the adult, you set the parameters of the device, you should know what the rules of use are. Suck it up an deal with it and next time watch your kid.

    • Guest

      So you either don't have kids, or you watch them like a hawk and don't allow them any freedom. My guess is the former.

      • uniquename72

        This may shock you, but kids can engage in actual physical activity that has nothing to do with mobile devices.

        • umataro42

          I don't have kids, but I've seen enough people who do. A lot of the time those tablets or phones are used while waiting at a restaurant or in a line when kids can get impatient, and you don't want them running around because they're not supposed to be.

          But I still think this suit should get thrown out if it can be proved that her phone was set to require a password by default but she disabled that option.

          • Gabernasher

            If she disabled that option the 30 minutes wouldn't have anything to do with the suit. She entered her password to buy the kid the app, then the kid had free reign for 30 minutes without her knowing since it's not stated anywhere but the help page that the password is not needed for 30 minutes after entering it. Apple lost the same suit and their window was 15 minutes.

  • xHabeasCorpusx

    This article got it wrong. This is a paid app.

    Why it's paid with IAP, I have no clue.

  • duke69111

    Maybe in app purchases could just go away all together.

  • Ulysses Grant

    Your lack of parenting should be your own responsibilities but afraid to admit it so the parents decided to sue someone else. Wow..america

    • Wesley Modderkolk

      What has this got to do with a lack of parenting?

  • http://www.emuparadise.me/roms-isos-games.php Apple is a patent troll

    In app purchases should be done away with.

  • PatcheZ

    Has anyone mentioned about "free" apps?
    I would hate to have to enter my password multiple times just get my weekly freebies.

    PS i think google needs to implement a competency test (aka stupidity/lazy test) before you're allowed to buy apps...

  • SuperMario7

    I still think there's a lot of people and parents out there that don't realise that a free app doesn't mean it's actually free, as most of these things are riddled with in app purchases. I actually think the Google Play store is even worse than the Apple store as on the Play Store there's only a tiny bit of grey writing which mentions in app purchases but doesn't detail costs etc, on the Apple store each app shows a breakdown of exactly how much each in app purchase costs and as far as I remember that's always been the case and even then Apple lost in court, so I'm guessing Google are heading for the same outcome and probably heading towards a class action lawsuit at some point just like Apple

    I definitely think Google need a kicking to sort this mess out, and ultimately we'll benefit with a better Play store. They're a massive multinational making billions so I'm not exactly going to feel sorry for them when the proverbials hit the fan, it's been coming for a while, when Apple got sued and lost, Google had plenty of time to make changes and could easily have avoided this...but they did jack, so here we are.

    • Jens Lange

      Ha Ha, how this: What if google would replace the "Free" with the cumulated amount of money that can be possibly spent on IAPs. I would praise that day.

      • papernick

        Do you really think Google wants to stop getting income from IAP?

  • http://www.bordersweather.co.uk/ Andy J

    So a quick browse at one of the other source links shows this was a Galaxy Tablet, she should therefore have set up a User specifically for the child which was implemented for this EXACT reason by Google.

    • Wesley Modderkolk

      Wouldn't removing the 30 minute rule be an much easier and better implementation?

      Also, great that such an solution is there, but if no one knows about it, it still does nothing. People aren't reality tech-savvy and just expect their device to work

      • Gabernasher

        And even then buying apps is a pain in the ass, as you need to either buy Google Play credit, which doesn't do much good in fighting IAPs, or attach a credit card, and you're back to this lawsuit.

  • Neo’s TV

    If this parent was dumb enough to let her 5 year old child play with her 600 dollar phone, She's already demonstrating a lack of common sense in the first place. She needs to recognize she's still responsible for his actions on that device. Whether he dials 911, or a 900 number, or purchases apps. What a dumb broad.

    • Gabernasher

      It was a tablet, she bought him a game, he had 30 minutes to buy all the IAP he wanted because the password isn't required for 30 minutes after it's enter. What a dumb commenter.

      • Neo’s TV

        yeah. her tablet. her account. when you download the game it clearly says "in app purchases". my comment still stands. Why the F would you give it to a five year old child?? common sense people. use it. frankly i wouldn't give my expensive device to child to begin with (unless explicitly bought and set up for a child) but whatever. phones and tablets are not kids toys by default. they can be set up to be so. that's the paren'ts responsibility.

        • Neo’s TV

          I'm really sick of horrible parents blaming other people for their own faults. it's disgusting.

        • Gabernasher

          Because you assume incorrectly that when you lock purchases behind a password that a password is always needed? Why wouldn't you let your kid play with a tablet? Are you saying my parents were bad because they bought me an NES when I was younger?

          • Neo’s TV

            An NES is a game system intended for gamers and kids. it is made for them in mind, so No. I'm done conversing with you. I understand you want to blame other people because you don't think you should have to make these sort of efforts to parent your child, nor take responsibility for their actions.

          • Gabernasher

            I guess you're not understanding that even when you have it require a password to spend real money, the password is only required once every 30 minutes, and unless you read the fine print, which I'm sure you do on everything, or buy things in quick succession and notice it, you won't know. You'll be assuming that it requires a password every time you want to spend money, which it does not. That is the problem, that is what Apple lost a lawsuit for. I contacted Google, there is NO WAY to disable the 30 minute timer, no matter how I spend money on GPlay, say I buy a song on my computer, all my Google Play connected devices will not need a password to purchase stuff for 30 minutes. If you don't see how that's a problem, you're a moron, considering as I said, Apple already lost a suit over this SAME EXACT THING.

          • Neo’s TV

            As a responsible adult that uses a tablet and phone (tied to my personal account and wallet) I LIKE THIS FEATURE. It is a convenience for me. I'm tired of frivolous crap taking away my conveniences, because a lack of common sense on others' parts! You can set up an account for the child that doesn't have the wallet access! do so! Do you give a child your wallet with cash and credit cards in it?? NO. you give them a "toy" wallet or purse or whatever. silly comparison, but get what i'm saying? You are letting them use YOUR account. your permissions. Your money. Your responsibility.

          • Neo’s TV

            For instance. my kids would have their own google account to log into the tablet with. If they are too young, I would limit the apps and restrict play store usage altogether. If I was feeling generous, and wanted them to be able to purchase things as they get older, I would give them an 'allowance' by putting prepaid money onto their google account at my own discretion. Google makes it really easy to do these things! You can even teach your kids responsibility this way.

          • Gabernasher

            So have an option to enable a 30 minute timer, a 15 minute timer, a whatever minute timer I want, do not disallow me from forcing a password every time. Why is it so hard for you to understand that you can have more than one option, the one they currently have is deceiving, Apple lost the SAME EXACT CASE. Do people give their kids their phones all the time? Yes? Why? Because it's actually entertaining to the kid, my wallet is not a toy, nor is it fun to play with, my Nexus 5 on the other hand can be a blast.

          • Neo’s TV

            You mentioned three times that APPLE LOST THE SAME EXACT CASE. I think that's pathetic as well. If this was only the issue of "desiring an option" I wouldn't be arguing with you. Options are great!!! I am arguing about this and the Apple case being frivolous and stupid. It is you who clearly doesn't "GET IT" Whether it is a fun toy or not, your tablet IS a wallet. It IS tied to your personal identity, email, money. It should also be treated as such. As I've repeated several times, as a responsible adult YOU set the device up for a child's safe usage. YOU are accountable to do so. Not Google.

          • Gabernasher

            Funny how quickly that class action fixed the whole 30 minute window.

          • Neo’s TV

            You said "funnY" when what you meant was "pathetic" Morons with no sense are running amok in the USA. yeehawww. proud to be an American.

          • Gabernasher

            Why is it bad to have EVERY purchase protected by a password instead of just one every 30 minutes? Oh, I guess you're one of them tea partiers who hates all regulation, except those that block the rights of people who are different than you.

          • Neo’s TV

            Please make an attempt to read and comprehend a comment before making a reply. You clearly didn't.

  • http://www.facebook.com/profile.php?id=100003386080045 John doe

    Damn these companies, when will they learn to be better parents than the actual parents.

    • Gabernasher

      Or to not use predatory practices that harm the consumer. Whichever you want to call it.

  • blacker__

    This lawsuit is valid. As a *smart* phone, the smartphone should know when it's in a child's hands and activate the password inquiry dialog.

    • RarestName

      K.

  • Martin Nilsson

    I honestly think there is a good chance that she will win, even though it might just end with a warning for Google. It doesn't matter that it's locked by default, it doesn't matter that Play Store now tells you it has IAP before downloading. And it sure doesn't matter that you can set up a restricted account on tablets (loving that feature). If people manage to do wrong, the companies will always be responsible. Heck, if someone throws a phone and injures someone, you can bet that manufacturers will have to build with softer materials and issue warnings.

    • Gabernasher

      It does matter that when I want it to verify purchases with a password, it disables that requirement for 30 minutes after I buy something. So if I have a phone and tablet on my account with restricted purchasing power, and buy something on my phone, my kid has free reign on my tablet for 30 minutes, and there's NO way to disable that.

  • Deepak Anand

    Funny how post is about Google and people are discussing McDonalds :)

  • Obama’s_Tranny_Wife

    People that spend loads of money on IAP are just plain F-ing retarded. $40 for some pathetic phone game, get a F-ing life, I can see maybe 50 cents or a dollar for something but $40 lmao so pathetic, SO PATHETIC!

    • Gabernasher

      You do know to some people $40 isn't much at all. If you can't afford to eat and you spend $40 sure, that's retarded, but if you have millions in the bank, who cares, it's your money, spend it how you want to.

  • Michael Tamayo

    I bet you she's liberal.

  • Stone Cold

    This is silly you password protect against this I do it do I don't accidentally download something I don't want. And this mom will win cause parents did the same thing to Apple.

  • Toleot

    I think it's quite easy for a child to open the setting on Google play, Google should protect the setting with a password option, so that you should input password to change any setting.

    • Gabernasher

      You do need to use the password to disable the password requirement. It would be silly if you didn't.

  • GA Mom

    My Kids ordered password protected in-app purchases too.... on two separate occasions. The password was absolutely not asked for while the kids were making purchases from within the application and we re-created the scenario to prove it. I went through Google Wallet and Google to have it resolved both times. No one at Google Wallet or Google Play really had an explanation except for the last Google rep I spoke with admitted the 30 minute window problem, and apparently there is some sort of "pin" we have to obtain from Google now. Apparently, going through the app to make a purchase, instead of through Google Play, makes the difference. The access to Google Wallet seems to go a different route?

  • Edward Bailie

    That's just so f*cking retarded. If you don't want your kid to buy random crap then watch him/her. Not Google's fault.

  • Jeff Luker

    How about she take the money out of her son? I mean, he is the one that spent it. If not, take it as a lesson learned that the password was defaulted to for a reason. I'm sorry, but people are morons.

  • Nathan

    I have the opposite problem with the poorly run google play store. I can't use my $27 left from my gift cards because I don't remember a google wallet password. I haven't used the store for over 6 months and that' the reason I don't remember. I contacted the store but they refuse to help. I guess they're losing some business with this nonsense. They should learn from Amazon which never gave me a problem after 100s of purchases. Anyone know how to resolve this?

  • Ronn

    And everyone and anyone will get paid back too, the lawsuit papers say that they are ordered to pay back atleast 19 million, and if not the difference of what they paid from the 19 million is to be paid to the FTC and they will refund it back to the consumer.

Quantcast