Attention, parents: if you've used your Google account to buy apps, books, videos, or music on Google Play, your credit card information is stored. If you give your phone or tablet to your kids, they might be able to buy stuff that you don't necessarily want. That's a lesson that Ilana Imber-Gluck learned after her 5-year-old son spent $65.95 on Marvel Run Jump Smash. Unsurprisingly, she chafed at the experience, suing Google in a northern California court on behalf of herself and "all others similarly situated."
The central issue seems to be a 30-minute window after downloading an app, during which the user - whoever that might be - can rack up in-app purchases without supplying a password. This window could allow children to purchase huge amounts of worthless digital currency and upgrades using real money from their parents' accounts, which is what Imber-Gluck and her lawyers suggest happened in this case. Apparently Google is equating the download of a free app (which doesn't require a password) with a purchase, clearing users to make restriction-free purchases during the 30-minute window (but only if the password check has been previously disabled). Update: After discussing this among the team and several commenters, we think it's more likely that the mother simply disabled the password check, or (less likely) that the child simply got the downloads in almost immediately after a purchase. Downloading a free app will not start the 30-minute window.
A similar suit forced Apple to pay out to a class action lawsuit in February of last year, plus a $32.5 million fine to the FTC. The FTC ruling forced Apple to obtain express, informed consent before charging for any in-app purchase. If Imber-Gluck's suit is successful, it could force Google to close this window as well. Regardless of what you think of this particular lawsuit, that would probably be a good thing for end users.
At the moment the 30-minute window can be avoided by going into the Settings menu of the Google Play Store and checking the option to "use password to restrict purchases." That will force the user to input their password, even for in-app purchases on a newly-downloaded game. In fact, this is the default behavior for Google Play - Imber-Gluck must have disabled it herself through the menu or one of the in-app purchase popup dialogs in order to open up the 30-minute window.
The core question of the suit may come down to whether or not this option is made clear to parents, and how much responsibility they have to understand the systems they and their children are using versus how much responsibility Google has to protect its users from possibly unwanted purchases. Developers should keep a close eye on this one, since forcing a password check for each and every purchase could alter the dynamics of Play Store and in-app purchases.