Fishies in-app purchases are fishy
Update: Manton Reece points out that the issue of in-app purchases being made without challenge is probably due to the App Store's holding onto purchase authentication for a few minutes after buying or updating an app. Craig Hockenberry cites the advantages and potential pitfalls of 'communal computing' on iDevices.
Several iPhone and iPad users have noticed charges totaling several hundred dollars on their iTunes accounts. At first, the issue looked to be part of the App Store's recent woes, but it appears to be linked to an app called Fishies from PlayMesh -- best known for its iFarm app.
Fishies allows you to create a virtual fish tank. You can raise fish, become friends with other users and make purchases for your underwater world. The program itself is cute and colorful, therefore appealing to kids. While the app itself is free, you have to purchase in-game currency called virtual pearls. These run from 99 cents for 10 pearls to $149.99 for 1950. To do this, you need to input your iTunes account information -- though some are reporting that the app isn't prompting for this before the purchase is made.
Designer Mike Rohde wrote on Friday that the app had made nearly $200 in unauthorized purchases from his iTunes account. When his son asked for permission to buy virtual pearls, Rohde turned him down and urged him to sell items to generate currency for free. When both father and son tried to do this, the program kept crashing. Later, they discovered that the app had gone ahead and purchased the pearls without any iTunes account information entered.
There are other reports ranging from a 13-year-old purchasing $375 worth of virtual pearls (although in that case, the kid had Dad's iTunes credentials) to a Scottish man who had £485 ($730) disappear from his account after the program did not prompt him to enter in his iTunes information. The FIshies app itself has nearly 700 1-star comments on the App Store, many citing frequent crashes of the sort that led to inadvertent purchases. Other complaints include the inability to receive the in-game currency after purchases were authorized.
As of yet, there has been no comment from PlayMesh. As of today, Fishies is not even listed among the company's games. Apple's response has been to tell customers to file a dispute with their bank or credit card company, although after Rohde called Apple's iPad support line (suggested by Paul Thurott's similar experience) he did get a refund from Apple for the largest purchase.
If you do have this app, the best suggestion for now is to delete it from your iOS-operated system until the bugs are worked out [or make sure that you aren't entering your password on your device for other purchases and then handing it immediately to your kid]. If you worry that questionable purchases are being made, unlink your credit card from your iTunes account and dispute the charges. If you want to keep the app, turn on Restrictions (aka parental controls) to prevent access to in-app purchases.
[Hat tip to Daniel Jalkut]
Share
Categories
Update: Manton Reece points out that the issue of in-app purchases being made without challenge is probably due to the App Store's...
Add a Comment
My son ran into this when he got his new iPod Touch pre-iOS4. We loaded up his iTunes account with some gift cards so he could buy himself some apps or music, but he suddenly realized that all of the money was missing. After a little detective work and looking at his iTunes receipts, we realized that he had been buying from the Fishies store and not realizing it was taking from his money. Luckily we didn't have a CC tied to his account, and that stopped it.
His solution? We disabled the in-app purchases with the new version of iOS4. If he wants a game or song, he emails us the links and we gift it to him. That way he doesn't get tempted to use in-game purchases at all.
This is Apple's problem. They could address this any number of ways. Maybe password caching should be turned off by default, with an option to enable it if you want.
Although that won't solve the issue of people who purchase in-game items, because they don't realize that it cost real money. You have to be pretty dim to do that, as it's clearly stated that you are about to make a purchase. But I remember being startled the first time I encountered this in iRule. This was a new (and unwelcome) concept for me. But I wasn't so startled that I blindly made a purchase.
Paul thorott of Windows Weekly on the twit network had a problem with this. His kids were playing and bough fish for 900$
July 10 2010 at 8:27 PM Report abuse Permalink rate up rate down ReplyBTW - Mike Rohde has updated his article, apologizing to PlayMesh for his initial wrongful assumptions that his experience was entirely developer's fault. It includes a response from PlayMesh.
Please update your article especially where it unfairly advises users to delete it from their devices.
The url for reference is:
http://www.rohdesign.com/weblog/archives/003193.html
As a developer, this story does not sound exactly right. Like others have said, a 3rd party app can only initiate a purchase. What that means is showing the standard "Do you want to purchase item X for $Y?" The rest of the transaction is taken care of by Apple's API, including requesting for the user's credentials after they confirm the purchase request. The next time the app is notified is after the user has either authorized the payment or canceled it.
The iOs does cache iTunes passwords for a few minutes, and this also applies to in-app purchases. So, if your password has been cached, the app will still prompt you with the standard "Do you want to purchase item X for $Y?" Then, if you confirm the purchase, it will go ahead with the transaction without asking again for a password. This is most likely what happened with these so-called "scams."
In addition to my description, another fellow has confirmed the same behavior: http://www.manton.org/2010/07/itunes_password.html
I am very surprised TUAW did not investigate this further before posting, given they have at least a couple developers on their staff. For such an inflammatory piece, they should at least confirm these claims before attempting to tarnish a developer's reputation.
I'm have been an iPhone developer for the past 2 years, I have dealt with in-app purchase.
From my developer experience
- You can't steal money if even you tried to. Apple's framework does not allow that.
- Every in-app purchase is given a strict pop up notice, it's not by developer design, it's also by Apple framework. You have to agree to it in order for the transaction to happen.
- You won't even try to have a game with unclear in-app purchase instructions. AppStore approval is hard enough to get by, no developer in their right mind would risk it.
From my everyday experience
- Your 5-year old kid is not the best source of information. Checking this source would be wise.
TUAW, did you reproduce this issue, or did you just take the kids' word this time for this sensational article at the expense of a developer?
That is nonesense - my 6 year old ran up £232 this morning in a few minutes, without knowing my password! She showed me a cute looking fishes icon this morning while I was half asleep and asked if she could play it. It was marked 'free' by the AppStore, as are all games I have downloaded for her, so I thought 'why not?' about ten minutes later she asked me how to do something and it was iy then that I saw the £££ signs from within the app.
Next thing I knew I had made 4 'purchases' on my iTunes account. I AM FUMING - THIS IS A SCAM BE WARNED!!!
I have complained to Apple but so far only a standard automated response
You know what this is kind of getting ridiculous if apps are doing things like this and I said if then it is Apples fault and responsibility. I mean they approved the apps and everything has to go through them so if they want a walled garden they have to take the good with the bad.
July 10 2010 at 1:05 PM Report abuse Permalink rate up rate down ReplyOk apple, you wanted to curate the store, time to step up and do it. You can't turn down all these legitimate apps and sit by while people's kids are clearly taken advantage of by apps on your store. I think we can all agree that hundreds of dollars for "pearls" is a scam.
July 10 2010 at 1:01 PM Report abuse Permalink rate up rate down ReplySure, but people buy "Fake" stuff all the time in games. I know people who spent thousands of REAL dollars buying fake points in Mobwars on Facebook.
Ultimately, if they are adults and want to spend their money this way, they should be allowed to do so. The same goes for this Fishies game...Farmville, whatever.
However, this is seemingly a case of parents not realizing that giving their kids free reign on an electronic device tied to their credit card is a bad idea.
You wouldn't give a 10 year old a credit card, but giving then an iDevice tied to your own iTunes account is effectively doing exactly that. Don't blame Apple in the end for what is really the PARENTS mistake!
Another reason? What are the others? I've been buying stuff from iTunes for at least as long as you have, and have never had or even heard of any problem like this until now.
What do you do, by the way? Buy everything with iTunes gift cards?
I prefer to pay for things using cash if the option is available. The problem with online stores is that cash payments are virtually impossible.
The solutions I use are iTunes gift cards and CoinStar machines. Gift cards are great, but if I wanted to add between $5 and $14.99 to my account, the CoinStar machine would be the way I would go.
As for reasons not to have a credit card on file, I list these:
• Accommodation for someone who prefers to pay with cash
• Reduce the occurrence of so-called "impulse" purchases
• Prevent the inadvertent purchase of an expensive item
This is another reason why not to link your iTunes account to a credit card.
I've been buying content from iTunes since 2005, and not once have I needed to enter any credit card information.
Hot Apps on TUAW
Deals of the Day
more deals- Refurb Apple MacBook Air Laptops: 12" 64GB SSD for $699 + free shipping
- JVC Motion Sensing Clock Radio with Dual iPod Docks for $55 + free shipping
- Apple iPhone Headset with Mic for $4 + $2 s&h
- miFrame Picture Frame Dock for iPad for $64 + $8 s&h
- Refurb Apple iPod nano 8GB MP3 Player for $99 + free shipping, 16GB for $119
- Hannspree Apple-Shaped 28" 1080p LCD HDTV for $270 + free shipping
Software Updates
more updates- EFI Firmware Update brings Lion Internet Recovery to 2010-model Macs
- OS X Lion 10.7.3 released with Safari 5.1.3, Wi-Fi bug fix
- Aperture updated to 3.2.2, addresses Photo Stream issue
- Apple updates Keynote to address Lion issues
- Google Search app gets new look on iPad
- Apple releases Apple TV Software Update 4.4.3
Featured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
27 Comments