Unauthorized Children’s In-App Purchases Round Two: Google Faces Class Action

By Cynthia J. Larose

Written by Julia Siripurapu, CIPP/US

Just two months after Apple’s settlement with the FTC over lax parental controls over children’s in-app purchases (see our prior blog post), Google takes the spotlight with claims of unauthorized children’s in-app purchases in the Google Play Store! This time, it’s not an FTC action, but a class action. The suit was filed on ­March 7 in the U.S. District Court for the Northern District of California.  The suit was brought by a New York mother (“Plaintiff”) on behalf of herself and other parents whose minor children downloaded free or relatively inexpensive child-directed games from the Google Play store and then incurred charges for purchasing items that cost money within the app without parental consent or authorization. For example, the Plaintiff’s five year old son spent over $65 dollars on virtual Crystals while playing the game “Marvel Run Jump Smash!” on an Android device.

According to the complaint, the apps directed to children that are offered for sale in the Google Play store are “designed to induce purchases of what Google refers to as ‘In-App Purchases’ or ‘In-App Content,’ i.e. virtual supplies, ammunition, fruits and vegetables, cash, and other fake  ‘currency,’ etc. within the game  in order to play the game as it was designed to be played (‘Game Currency’)”. As noted in the complaint, while Google required users to enter a password to authenticate their account before purchasing and downloading an app or Game Currency, once the account is authenticated, the user, including children, could purchase “several hundreds of dollars” in Game Currency during a 30 minute window without having to re-enter a password. This billing practice allowed Google to automatically charge the account holder’s credit or debit card or PayPal account, without notifying the account holder or obtaining further consent of the account holder.

While the FTC has not yet taken an action against Google, the European Commission announced last month that it will investigate member nations’ claims that Google and Apple’s practices of offering so called free-to-play applications that carry large hidden costs related to in-app purchases are misleading.

Following the FTC settlement, Apple changed its process to require input of the account password for each in-app purchase. On March 13, Google rolled out an Android update that allows account holders, i.e., the parent, to opt to be asked for their password for every in-app purchase during the 30-minute window. In addition, Google added an indicator for apps with in-app purchases.

Subscribe To Viewpoints

Published

Viewpoint Topics

Professionals

Author

Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.