Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

 

 

Pick an apple! 
 
Find Wi-Fi Networks with VirusBarrier X6

If you're in a location with multiple Wi-Fi networks, it can be hard to figure out which is the best one to connect to. VirusBarrier X6 can help - open the program's Network window to view a list of available Wi-Fi networks, complete with the name, channel, and signal strength of each.

Visit Intego

 
 

Be Aware of iTunes Password Caching

Send Article to a Friend

A brief tempest of recent blog posts highlights a design compromise that Apple made with App Store and in-app purchases from iOS devices.

To summarize, designer Mike Rohde bought an app on his iPad and, while waiting for it to download, his 7-year-old son played a free aquarium app called Fishies that offers additional items for sale via in-app purchases. Without realizing what he was doing, Mike's son purchased a number of items within Fishies, including a chest of pearls priced at $149.99 - he racked up almost $200 for the day. Reasonably enough, Mike went ballistic when he saw the bill from iTunes. Luckily, despite the iTunes terms stating that all sales are final, he was able to call Apple Support and have the largest charge refunded.

So what happened? Developer Manton Reece explained it well in his own blog post. In essence, because Mike had purchased an app on his iPad and then let his son play with Fishies immediately afterward, iTunes cached Mike's password and used it when his son made purchases within Fishies, instead of requesting it again. Mike's son was prompted for each purchase, but since the iOS didn't require a password, it's easy to see how a 7-year-old could agree to the in-app purchase prompts without realizing what was happening.

This entire situation came about because of a design compromise. By requiring you to enter your iTunes account password for a purchase or free download, Apple ensures that an authorized user is in control of the device. That's a good thing. And by caching the password for 15 minutes, Apple reduces the significant annoyance of typing passwords (especially strong ones that include numbers and punctuation) on a virtual keyboard. In general, that's also a good design, although it can obviously have unintended side effects.

To eliminate those side effects, Apple could require a password for every purchase or free app download, but that would hurt the overall user experience. In most instances, there's no need to prompt multiple times for purchases made in quick succession because it is most likely that they're being made by the same authorized user.

Arguably, Apple could also cache the password separately for app purchases and in-app purchases, such that purchasing an app wouldn't enable in-app purchases without requiring a password. However, there's no telling if such a change would be easy to make or if it would make a significant difference, since any sort of caching will allow inadvertent purchasing.

Another solution would be to add an option in the Store settings panel that would enable users concerned about this possibility to require passwords more frequently, for transactions over a certain amount, or even for every transaction.

In the end, though, the best advice is merely to be aware of the possibility that a cached iTunes password could be used for purchases, which is most likely to happen when an iOS device is shared with young children who might purchase things inadvertently. Older children might become aware of the loophole and exploit it intentionally, but that's something to be solved via discipline, not technology. It's much like an automatically locking door - if you're concerned about security, you wait to see if the door has closed and locked behind you after you enter or exit the building, because if you don't pay attention, it would be possible for someone to grab the closing door and enter without having a key.

That said, the constant increase in the number of passwords - on multiple devices - that we need to deal with is becoming a significant user experience problem, and one that Apple would do well to think about.

 

READERS LIKE YOU! Support TidBITS by becoming a member today!
Check out the perks at <http://tidbits.com/member_benefits.html>
Special thanks to James S Schenck, jlj, Bruce Feldmeyer, and Louis
Bergeron for their generous support!
 

Comments about Be Aware of iTunes Password Caching

To leave a comment, click Add a Comment and then enter the text, your name, and your email address (which won't be displayed). Your comment will appear after you follow a link in the one-time confirmation message we send to verify that you're a real person.
Receive comments via RSS
Merchon Cottrell  2010-07-14 14:00
You could just open the settings app, tap on the iTunes row and log out. You are then require to enter your user name and password to make any purchase. So, buy an app, log out and then give the device to your child.
Reply
Adam Engst  An apple icon for a TidBITS Staffer 2010-07-15 06:02
That's a good workaround for now!
Reply
Dan Ho  2010-07-14 14:30
Why not cache the password for a max of 15 minutes, OR until the unit sleeps? Both conditions seem pretty intuitive to me. With the addition of the sleep condition, however, you could easily force the pw cache to be cleared by simply pushing the sleep button and unlocking again. "Here you go, son, knock yourself out."
Reply
Adam Engst  An apple icon for a TidBITS Staffer 2010-07-15 06:05
I like that idea (and in fact, it may even be true - have to test) but we'd definitely need to spread the word so people would learn about it.
Reply
uhuznaa  2010-07-14 15:49
Hmm, is the password really cached and re-transmitted or is there a kind of authentification window with no password required then? This is important, because in the latter case there is the possibility to hijack the connection. And in the former there is the password somewhere to be found in memory.
Reply
Adam Engst  An apple icon for a TidBITS Staffer 2010-07-15 06:05
There's a prompt that asks if you want to make the purchase, but without a password request. I don't know if the password is retransmitted, but I'd be a little surprised, for just the reason you note. Someone would have to sniff the traffic to see for sure.
Reply
why not just require a password for all purchases above a user defined $ threshold
Reply
You didn't mention turning off In-App purchases in the Settings App.
Reply
Adam Engst  An apple icon for a TidBITS Staffer 2010-07-18 12:56
I don't see any way to do that, in general, or for this Fishies app.
Reply
Settings > General > Restrictions > Allowed Content (In-App Purchases) OFF

(This was in the updated blog http://www.rohdesign.com/weblog/archives/003193.html . I emailed the author directly and he let me know about the update.)
Reply
Adam Engst  An apple icon for a TidBITS Staffer 2010-07-20 12:41
Thanks - and here I was looking in Settings > Store. :-)
Reply
Pete Brewster  2010-07-20 12:21
I've just been charged for a purchase I didn't make. Haven't heard back from iTunes yet, but I don't think the buy was made by my nine-year-old grandson on the iPod purchased specifically for him, but registered to me.
Reply
Adam Engst  An apple icon for a TidBITS Staffer 2010-07-20 12:31
Curious. I've not heard of this happening. Did the app appear on the iPod touch in question, or in the copy of iTunes that it syncs to?
Reply
Adam Engst  An apple icon for a TidBITS Staffer 2011-02-28 15:30
Looks like this is still being an issue, with the FTC starting to get involved now.

http://www.macworld.com/article/158164/2011/02/inapppurchases.html
Reply
In the restrictions,you can turn off the caching. Change "15 minutes" to "immediately" in the "require password" section.
Reply
To leave a comment, click Add a Comment and then enter the text, your name, and your email address (which won't be displayed). Your comment will appear after you follow a link in the one-time confirmation message we send to verify that you're a real person.
Add a comment