In-app purchases and the App Store: What every parent needs to know

In-app purchases (IAP) can seem like complicated, confusing things, especially if you're a parent new to the iPhone, iPod touch, iPad, and App Store, and trying to figure it all out for yourself and your kids. If you're already concerned about spending, if you're already stressed by technology, if you're already juggling as much as you can, then in-app purchases gone wild can sound downright scary. Sadly, that's largely because of stories, needlessly sensationalistic stories, portraying IAP as scary. Stories that, instead of empowering parents to take control, paint them as hapless victims whose families are completely beyond control. Luckily, Apple provides tools for any parent to effectively manage their children's App Store activities, including in-app purchases, and there are even more on the way soon.

So what's an in-app purchase? Just that — a purchase you make inside an app or game after you've already downloaded it from the App Store. An IAP can be consumable, like game coins. You buy them, use them, and then they're gone and you have to buy more if you want to use more. They can also be non-consumable, like extra levels. You buy them and keep them effectively forever. They can even be renewable, like monthly subscriptions that repeat until you cancel them.

There's a lot of jargon thrown around. An app or game that is free to download but charges for in-game content is called "free to play" or "freemium" (a portmanteau of free and premium). A game that costs money to download and also charges for in-game content is called "paymium".

Some developers do it right, providing a great experience whether or not you opt for in-app purchases, and simply make it even better if you do. Others do it wrong, frustrating and manipulating you into handing over as much money as possible. (Think casino in app form.)

So, what can you do to make sure you're both informed and empowered when it comes to your kids and in-app purchases?

In-app purchase options

Apple provides for a variety of hardware, software, services, and resources to help parents learn more about and better manage in-app purchases.

On the App Store home page, at the bottom, are prominent links to:

The first explains what IAP are, the different kinds, and what parental controls are available. The second also explains IAP, but also passwords and Touch ID, allowances and gift cards, parental controls, age ratings, and passcodes. There's also "[About Kids Apps and Games](https://itunes.apple.com/WebObjects/MZStore.woa/wa/viewMultiRoom?fcId=821882885&at=10l3Vy&ct=UUimUdUnU25824" which explains the content and categories.

On the App Store:

  • In Top Charts right beneath the price badge, Apple puts an "In-App Purchase" label below any app or game that contains IAP.
  • On an app or game's description page, Apple has an "In-App Purchases" tab that lists all the IAP inside and what they cost.

This way you can know what you're getting before you download or buy. There's a special Kids section that's even more stringently regulated than the general App Store, so you can be confident only appropriate material, sorted by age, can be found there.

In Settings there are:

  • Restrictions where you can completely turn off Installing Apps and making In-App purchases.
  • Parental controls to make sure your iTunes password is required, immediately, for every purchase.
  • Options you can choose which range from Don't Allow Apps, or only allow age levels from 4+, 9+, 12+, or 17+.

For purchases:

  • In apps, Apple informs you of what in-app purchase you're making and how much it will cost before it asks you to confirm your purchase. (Some developers also inform you about in-app purchases when you first launch the app.)
  • With Touch ID, Apple lets you turn off iTunes account purchases, so even if your child's fingerprints are registered to unlock your phone, it can't be used to buy things.

In iTunes:

  • Apple allows you to load gift cards and even set a recurring allowance from your own iTunes account into your child's iTunes account so there's an absolute limit on what they can spend at any one time.
  • Apple allows you to request a refund for any unauthorized purchases your child may have made. (Though given all the above, that should be nigh-impossible.)

Taking control of in-app purchase on the iPhone, iPod touch, and iPad

Given the above, there are several ways to make sure you never, not ever have unwanted in-app purchases of any kind on your account.

Put your child on your iTunes account, don't give them your password

Whether your child is using your iPhone, iPod touch, or iPad, the easiest way to keep them from making unauthorized or unintentional in-app purchases is to simply not give them your iTunes password. That way your child has no way to buy anything without your express consent (you entering the password). There is one additional step to perform, however, to make sure they can't quickly buy anything else once you have entered your password.

  1. Launch Settings from your Home screen
  2. Tap on General
  3. Tap on Restrictions
  4. Tap on Enable Restrictions
  5. Enter a 4-digit Passcode
  6. Confirm the Passcode
  7. Scroll down to Allowed Content
  8. Tap on Require Password
  9. Tap on Immediately

Now a password will be required, immediately, for any iTunes purchase, and you'll never have an unwanted charge again. (If you have any App Store restrictions in place, including age restrictions, the password will automatically be set to immediate.)

Note: Your iTunes password is different from your device passcode, password, or Touch ID. You can give your child the passcode to your device if you really want to, and can even register their fingerprint for Touch ID (and turn it off for App Store purchases), and still not give them your iTunes password.

Give your child their own iTunes account, teach them how to manage money

If your child has their own iPhone, iPod touch, or iPad, you can choose to give them their own iTunes account as well. When you set up their iTunes account, don't attach a credit card to it. Buy an iTunes Gift Card instead and use that to create the account. That way there's a hard limit on how much money your child can spend. When the gift card runs out, no more purchases, in-app or otherwise.

You can then choose to give them additional iTunes Gift Cards or you can set them up with an iTunes allowance so a set amount of money is delivered from your account to their regularly (if you choose an allowance you can even create an iTunes account for your child as part of the setup process.) Again, when that runs out, that's it until the next time.

That not only prevents accident or abuse, it teaches a valuable life lesson.

  • How to set up an iTunes allowance

In-app purchases past, present, and future

When Apple originally introduced in-app purchases they had a rule that "free apps have to stay free". In other words, you couldn't have a free app and then make money off in-app purchases. You had to make a paid app. No "freemium" only "paymium".

It was a new system, however, and Apple, developers, and customers were all learning and trying to figure it out. For example, "free apps have to stay free" didn't allow developers to make, and customers to benefit from, free apps as demos or trials. Even though $0.99 doesn't sound like much, it all adds up, and many people just wouldn't or couldn't pay it over and over again, sight unseen. So, Apple dropped the "free apps have to stay free" and developers who chose to could make games that cost nothing up front but offered compelling in-app purchases in an attempt to get customers to upgrade.

Unfortunately, every system is subject to abuse. Some developers decided to make the "free" part so utterly frustrating and the in-app purchases so enticing that many people would pay them just to get their car back on the track faster or have a higher crushing score than their friends. Likewise, some customers were content to download a free game and even if they loved it, never make any in-app purchase at all, which made it hard for developers to stay in business.

Inevitably, before anyone knew any better, some kids racked up huge bills for in-app purchases, most famously "Smurfberries". Apple refunded a lot of money, the U.S. Federal Trade Commission got involved, and the European Union is still getting involved. They'd like Apple — and Google, and Amazon, and every company with an app store — to make in-app purchases and their costs even more clear.

Not surprisingly, the EU is singling out Apple — nothing gets bigger headlines that Apple — despite Apple changing and improving the in-app purchase system on the App Store over and over again, and on a global basis. (The EU obviously cares only for the EU, just like the FTC cares only for the U.S., but parents have children all around the world.) What the EU wants also seems, at least based on the coverage, to be ill-defined.

For example, the EU wants free-with-IAP apps to be labeled as something other than "free". What would you label them as? "FwIAP"? Would that be less or more confusing? How would you differentiate between apps that are delightful for free but have a few optional IAP (like different colored costumes) from a game that's all but unplayable for "free"?

The EU doesn't want apps or games that strongly urge kids to buy them or persuade adults to buy them for them. Again, kids without passwords can't buy anything, and kids with limited funds in their own accounts can't by much of anything. Apple could police the general App Store even more strongly than they already do — and like they already do in the Kids section which exists for just exactly this reason. Developers who act poorly could also be targeted directly.

The EU wants consumers informed about IAP, and for the "Require password immediately" setting to be default. The first is, as far as I can tell, long since done. The second is tougher. Apple used to require passwords immediately with no other options and people complained about it in such numbers and with such frequency that it was changed. Apple could launch yet another pop up the first time an App Store purchase is made and ask if it should make itself child-safe.

And the EU wants email address provided for vendors so they can be contacted directly with concerns. Apple already provides a "support" link on every App Store page to enable just such requests. Is email the best form of communication for the most people? Would a form be better? Again, some consideration would seem appropriate here before publication.

What's more, there's a chilling lack of respect for personal and parental responsibility in the language being used. Trying to protect children by infantilizing parents is not an effective solution. Instead, informing and empowering parents allows them to not only protect but also inform and empower their children as well. That's what gets results now and into the future.

Apple — and Google, Amazon, and others — should absolutely implement the features needed for parents to control when and how any purchase, in-app or not, by their children or anyone else are made on their devices. Apple, based on everything outlined above, seems to be not only doing that, but consistently improving it. Most recently:

  • iOS 7, the current version, added a Kids category to the App Store. Apple regulates the Kids category even more strictly than the general App Store and provides age ratings so you can find only age appropriate material for your kids.
  • iOS 8, scheduled for release later this year, will further increase parental control by introducing Family Sharing with Ask to Buy, so parents can keep children on their iTunes account, give them the password, and still be notified and be able to individually approve or deny, an purchase. Apple showed it off this past June at WWDC 2014 to millions and millions of people around the world, including the EU.

Developers also have to shoulder their fair share of responsibility. Apple is already damned if they do, damned if they don't — castigated for being too controlling and yet not controlling enough.

Instead of demanding that every potential vector for error or abuse be eliminated at the platform level — an impossible task — developers who are clearly abusing the system by deliberately targeting children and misleading consumers should face direct attention from the FTC and EU, and from customers who feel cheated. That would put the fear where it really belongs.

Bottom line

In-app purchases can seem like complicated, confusing things. That's a problem that needs to be solved by platform owners like Apple, and also developers, and customers. Without everyone taking responsibility for their parts and working together to make the system better, there's no solution, regulated or not, that'll work.

At the end of the day, however, every system can be better, every developer can be better, but it all comes down to the parent. Parents are the last, best line of defense. If you're a parent, get informed and take control. If you do, there are already more than enough tools to keep both your iTunes account and your children safe.

Rene Ritchie
Contributor

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

23 Comments
  • I bought two iPad Minis for my grand kids. I do not provide them with my iTunes password. That takes care of the problem. They want something they bring it to me to enter the password. I cannot believe irresponsible parents blame Apple for something so easily prevented. And Apple had to pay! Stupid. The last paragraph of the article is all that needs to be said.
  • Good article detailing parental options, but your Apple persecution complex is again showing. Read the actual EU statement : http://europa.eu/rapid/press-release_IP-14-847_en.htm In December, they asked *both* Google and Apple to consider some changes. Google has done some of them, and has scheduled to complete more by September. Apple has done none of them, nor have they committed to do any; they have effectively ignored the EU. Apple is not being singled out for headlines, of for whatever nefarious purposes you are trying to imply. The EU is calling out Apple for being the only one of the two large entities not to respond *at all* to the specific concerns the EU communicated to Apple and Google last December. Sent from the iMore App
  • Edit: I moved a point-by-point summary of their requests into the main article. Mostly Apple seems, as usual, not as good at schmoozing politicians as Google. Apple has already implemented many, many controls. Not "underway" or "pending September". I mean, that's great, but "done" and "done" is better. Apple's also done so globally, not just for the EU. The App Store is a service, so Apple can and will update it whenever they're ready to do so. Are the EU's requests the best thing for the most people? Sadly, given the EU's history, that's probably not a factor in what's going on. (I still can't believe the browser ballot...)
  • "Done" would matter if those things done were what the EU requested. They weren't, and it doesn't. "schmoozing" would be a factor if Google had similarly addressed none of the items on the EU's list and still got better treatment. But Google did respond directly to the EU's requests, and Apple did not. That's not bias - that is reality. You persist in asserting Apple is being illegitimately singled out, but after 8 months of progress from Mountain View and 8 months of silence from Cupertino in response to the EU's request, what else could you possibly expect? Sent from the iMore App
  • Here's where I think we're sticking: How do we know there's been 8 months of progress from Google? They've just said they're done it. They haven't, apparently, done it yet (at least according to the language used). Out of curiosity, and because I'm still mulling them over, what do you think of the EU's demands? Good, too much, too little?
  • (Editing, because of accidental submit. PROTIP: do not reply on phone while holding two dogs on leash in phone hand.) Let me try one more time with an example that you have used in the past: scrolling on Android. Android scrolling is bad. You have called Google out on this for years. Your criticism was loudest pre-ICS, when Google did not appear (publicly) to be working on it. Android's improvements in other areas were irrelevant, because that was not your specific area of concern. From the EU's perspective, that is where Apple is now. When Project Butter was announced, you went a little easier on Google, because they were trying to address your concern. From the EU's perspective, that is where Google is now. (Slightly past that, really, but hey, its an analogy.) That is why Apple is getting called out relative to Google, because, publicly, at least, Apple is doing nothing to address the EU's concerns, whereas Google has. It is not "schmoozing" by any definition of the word I understand. That does not immunize Google from criticism. To continue with the analogy, when Project Butter did not bring Android list scrolling up to iOS's level, you were again harder on Google. Six months down the line, the EU may come to a similar conclusion regarding Google's efforts, and/or Apple may have the perfect solution in the oven, just not publicly announced, because Apple never does. If that happens, then it is appropriate to say the EU is favoring Google over Apple. Until then, implying it asserts facts contrary to the evidence. Sent from the iMore App
  • Of the EU's demands, they seem rather mild to me, but the fascinating one is #2: "Games should not contain direct exhortation to children to buy items in a game or to persuade an adult to buy items for them;" because content has never been the provenance of the storefront, but of the advertiser and the agency regulating communication. This statement by the EU puts the onus on the store. Google may slide by here, because they do not regulate the content in the storefront (much), but Apple may have some exposure. It is difficult for anybody to argue that Apple should have no responsibility or lacks the capability to regulate the advertisement content of Apps in the App Store when they explicitly deny access to the App Store for anything from pornography to political cartoons. Clearly they can and do exercise that authority when it fits their interests, and, if they do, it will be difficult for Apple not to respond to an EU request they do the same (ostensibly) for the interest of EU citizens.
  • It makes you wonder when Apple touts "billions to developers", how much of that was supplied by children.
  • By children who can't by anything without being given a password? Does it also maybe make you wonder how many "parents" finish a weekend bender on Clash of the Clans and suddenly complain their in-app purchase $$$ was done by a "child"?
  • It's odd to see someone fight for a corporation over the consumer but, yes the children. Where do you think all these complaints are coming from, if not the parents of children who were duped from these app stores? It's like blaming the addicts for not being more responsible when the neighborhood is filled with pushers giving the first hit for free. You also seem ignorant of the fact that Apple has not always had this policy (as with everything Apple, legal matters forced them to change), and even then how convoluted is that process (a nine step method buried in the OS). Apple runs a ghetto app store, so its no surprise they will get ghetto clientele that don't know how to parent. Imagine if Apple ran a retail store like their app store; everything would be free (with an asterisk). "turning on that mac will cost you $$. what, you read an email? that will cost you $$".
  • By calling for personal responsibility I'm fighting for a corporation? That's scary. I'm fighting for us. I'm worried about excess regulation and excess business control. That's for us. "Think of the kids" is the battlecry of the overlords. It's how they infantilize us. Many years ago someone drowned in a small stream near where I live. I mourned them, but I thought the (very serious suggestion) of putting the stream in a pipe to prevent it happening again was ludicrous. The App Store already has just about everything in place to prevent anyone, including kids, from ever making unintentional purchases, including a stellar refund policy. I do think there's a lot more Apple could do to support developers of premium apps and increase the value of the platform, but that has little to do with more government and corporate IAP controls. And I say that as a Quebecer, where "liberal" is the far right of our socialist spectrum.
  • Just look at how complex it is for a tech neophyte user to activate these safeguards. You have 11 screenshots and everything is buried, yet you call that a solution? It's this simple; The EU is responding to many user complaints. The EU thought about it and made a request for action. Google complied and Apple did not. Hence Apple gets the abuse.
  • Not giving your child your iTunes password is a great start, and about as stone stump simple as you can get. Right? Every iTunes receipt also has a prominent "Report a Problem" link on it, which is also pretty simple. Again, I'm troubled by the assumption that human beings are stupid. (Basically that "we" are smart and busily having our tete-a-tetes with the burning bushes, but everyone else is dumb and needs our constant protection.) I do think some of the EU proposals are interesting, but again, I think they're also worthy of discussion since they'll affect hundreds of millions of people, and the implementation details don't seem all clear. (See the article, above.) BTW: Google said they would comply. The language implies something underway but not completed. The EU said Apple hasn't responded to them. The language implies we have no idea what is underway. That's material different than "complied" and "did not comply".
  • You're arguing that people aren't stupid and to be careful in catering to kids or at least giving in on it. Yet this is apple's philosophy in designing and targeting "them" and not "us". You go to lengths to say how great this is and it empowers novice users. But you seem to draw the line at empowering parents. Apple can do better (and iOS 8 is a start). Where's your newfound "inclusive" spirit at? And I have to say the password thing should work. On paper. Sounds great. Until that kid learns it somehow. If you ever get to be a parent you'd know this can happen. Remind your wife of the password and the kid overhears. Wife tells her mom not realizing the danger. Kid sees mother typing it. Or it's just a password used everywhere and the kid gets wise to it. It only takes a few mins to rack up hundreds of dollars in crap purchases. Mine has done it even though i never told her the password. There's no way I'm paying 300 for virtual carrots to feed her pet horse in some random "free" game. Apple promptly refunded me but I did have to dig through iTunes to get there. Something I doubt the average user knows to do. I've made sure everyone is on same page now regarding passwords. It only takes one slip up.
  • I hate IAP's with a passion. I consider them a threat to the App Store and I buy fewer apps now the fermium model is so in your face. Apple aren't angels. Neither are Google or Microsoft and so on. You can blame the corporations all you like. The fact is people should be responsible for their own actions, that doesn't mean I favour a company over the individual, it means I favour holding the individual or company accountable. As consumers we're not forced to by apps or IAP's. My kids do not have my password. Further more iTunes, the App Store and IAP's are all disabled on their iPads. If I gave my bank card and PIN to my kids I doubt you'd agree the bank should refund me the money they spend. Does that mean you favour banks over individuals? Sent from the iMore App
  • I totally agree. If I give my 10 year old grandson the key to my Chevrolet I don't think General Motors should pay if they run over somebody. The adults are 100% responsible.
  • There's no way of knowing the answer to that. However if stupid and idiotic parents didn't give their passwords to children then the answer would be £0. I don't see why Apple, Google or any other company should have to go to ridiculous lengths to stop what users could prevent at their end. This for me is not about Apple, Google or even IAP's which I hate by the way. It's about companies being apologists for the actions of so called adults too naive, stupid and lazy to understand. Sent from the iMore App
  • For one thing, I no longer keep a debit or credit card associated with the account!! Sent from the iMore App
  • Hi Posted via iMore App
  • Having read your article, I am still uncomrfortable with free games available on app stores that offer a virtual frisbee for $100 etc.
  • I guess the EU officials aren't aware of the things coming in iOS 8. Or they just want to make an example of Apple because they know anytime Apple is mentioned its news everywhere?
  • Because the things coming in iOS 8 do not meet the requirements they set. Posted with the HTC M8 via the iMore App
  • So am I late to the party. This is a bit off topic, yet the Apple App store for OS X (1095) appears to be missing an option to "tag" an app - maybe you want to look at this later - I mean there many things this App Store seems to be lacking - I'm not sure if iOS 7 is lacking as well ... so why no "tag" option, Apple?