App Store iconSource: iMore

What you need to know

  • A six-year-old spent $16,000 on in-app purchases without his mother knowing.
  • He was using her iPad in another room, which begs the question... how?
  • I think I know how it went down – and despite what the boy's mother says, it isn't Apple's fault.

Ever since I wrote a story earlier today about a six-year-old who managed to spend $16,000 on in-app purchases, I've been trying to work out how it all went down. And I think I've cracked it.

For those unfamiliar, a quick rundown.

  • A six-year-old was left with an iPad while his mother worked.
  • He managed to spend more than $16,000 on in-app purchases. Rings in Sonic Forces, if you must know.
  • His mother says it's Apple's fault and can't understand why it was allowed to happen.

Now, as is always the case with these stories, everyone is now playing that game where they like to think they're the best parent on the planet and that they'd never leave their kid with an iPad unattended. I'm here to tell you today that people do what they've got to do to get through the day sometimes and, especially in the middle of a pandemic, they've got to work. The kid's parent probably already feels pretty bad – they don't need you quarterback-parenting it.

But that doesn't mean that there isn't a cautionary tale here. But it isn't about kids and iPads as such. It's about disabling security features, either on purpose or by accident.

I've been trying to get my head around exactly what went on here for a few hours today. It didn't make sense because the App Store asks for your password when buying in-app purchases. Sure, you can tell it not to prompt for a password for 15 minutes after entering one. But can you disable it altogether?

You cannot.

You can't completely turn off password protection for paid items on your iPhone, iPad, iPod touch or computer. On Apple TV, you can turn off password protection for both free and paid items.

If you have enabled Touch ID or Face ID for App Store and iTunes Store purchases, you'll be asked to use Touch ID or Face ID for every download, even if the item is free.

And it's that final sentence that, I think, explains what happened here. And as a parent, it's all pretty familiar.

  1. Parent needs a way to keep their child entertained.
  2. Parent has an iPad with Touch ID or Face ID enabled.
  3. Child's fingerprint or face gets added to the iPad so the parent doesn't have to unlock it for them.
  4. Sonic Forces offers up an in-app purchase, the App Store prompts for authentication, the kid's biometrics are registered, and hell breaks loose.

So who is at fault? It's a difficult one. It isn't Apple, because its security mechanisms were worked around by the kid's biometrics being added to the iPad. Once the keys to the kingdom are gone, you can lock the doors all you want – nothing's safe.

Realistically, it's the parent's fault but I can absolutely see how and why this happened. It's an unfortunate occurrence, but it happens. Maybe the kid should have been at school but wasn't because of the pandemic. Maybe the childminder was off sick. None of it really matters at this point. Someone's $16,000 in the hole for rings in a Sonic game. And that, perhaps, is the real issue here. These predatory in-app purchases need to stop, and soon.

Of course, it's also possible I've been misreading the tea leaves here and I'm way off. We'll probably never know.

We may earn a commission for purchases using our links. Learn more.