The controversy started last year, when parents discovered that password-caching in the iTunes app opened the door to small children inadvertently making in-app purchases that could add up to significant money. I wrote about how designer Mike Rohde’s 7-year-old son managed to rack up an almost-$200 bill that way in “Be Aware of iTunes Password Caching” (14 July 2010), and, more recently, the Washington Post found the story of an 8-year-old who worked up a $1,400 bill.
After some months of this sort of coverage, Apple received a letter from the Washington State Attorney General’s office, the Federal Trade Commission chairman promised to look into the situation, and members of Congress criticized Apple’s approach.
Glenn Fleishman wrote about some techniques for avoiding the problem in “Avoid Unwanted App Store and In-App Purchases” (5 October 2010), but the real solution was for Apple to require passwords for in-app purchases.
With iOS 4.3, Apple has now done exactly what I recommended, adding another password prompt for in-app purchases made within the 15-minute window after entering the main iTunes account password for downloading an app.
I tested this by first downloading the free Geared app, which generated a password prompt. I confirmed that my password was still cached by immediately downloading the free Fishies app (the app with which Mike Rohde’s son had problems). I then went into Fishies and attempted to purchase a chest of pearls. That action generated first an iOS dialog confirming that I wanted to make an in-app purchase, and then it asked yet again for my password, even though I was still within the 15-minute window. (To give credit where credit is due, the Fishies app had already implemented its own internal parental controls to prevent access to purchasing aspects of the program.)
So it appears that Apple has finally closed this hole. It’s a little too bad it took so long, given that the first reports of the problem started appearing 8 months and one significant release of iOS ago. But it’s here now, and for that we can be grateful.