Skip to main content

The polar bears and penguins sold within kids’ apps offered in the Google Play Store may have been virtual, but the unauthorized charges Moms and Dads got stuck with were all too real.  A proposed FTC settlement will refund at least $19 million to parents whose accounts were charged illegally, according to the complaint, and will implement enforceable changes in how Google handles in-app purchases.  Of course, the order applies just to Google, but the case offers compliance tips for anyone in the app industry.  How do your practices measure up?

Many of the kids’ apps available from Google – even some of the free ones – offer in-app purchases.  At a per-click cost that ranges from 99 cents to $200, they don’t come cheap.  According to the FTC, when Google first introduced in-app charges in 2011, the company didn’t require a password or other method to get the account holder’s authorization.  Kids could incur in-app charges billable to their parents simply by clicking on popups within the app – as Moms and Dads found out when they checked their statements and learned that all those clicks had resulted in hefty unauthorized charges.

Sometime in 2012, Google changed its procedures and started to present a popup that asked for the account holder’s password before purchase.  But the FTC says Google’s purported “fix” didn’t solve the problem – and actually introduced confusing new wrinkles.  For example, the new popup just asked the account holder to type in their password and click CONFIRM, but never mentioned anything about charging for an in-app purchase.  But it gets worse:  Google didn’t tell people that entering a password opened a 30-minute window where kids could rack up unlimited charges without Mom or Dad’s approval.  In effect, how Google chose to design its payment system created a half-hour shopping spree for kids, with parents obligated to pay the piper.  In this case, the piper was Google, which pocketed about 30% for every app sold in its store.

This isn’t the FTC’s first salvo against unauthorized in-app charges in kids’ apps.  In January, it was a $32.5 million settlement with Apple that requires the company to get the account holder’s express, informed consent.  In July, the FTC sued, also seeking full refunds for consumers and an order requiring informed consent for in-app charges.  (That case is pending in federal court in Seattle.)

For members of the app industry interested in keeping their practices within the law, what tips can they take from the Google settlement?

1)  Get consumers’ express consent before billing them.  It’s hardly a novel concept, but it bears repeating:  It’s illegal to place charges on consumers’ accounts without their permission.  That was the law before the advent of mobile apps and we’ll go out on a limb and say the same principle will apply to The Next New Thing.  Regardless of what you sell or how you sell it, get people’s informed OK before billing them.

2)  Read – and heed – your mail.  According to the complaint, Google started to get flak from consumers almost as soon as it introduced in-app purchases in kids’ apps.  The FTC’s complaint cites just a few of the thousands of communications from parents that should have made it crystal-clear to Google that it had a problem on its hands.  What’s the message for marketers?  One insightful – and free – gauge of what’s going on in the marketplace is what your customers are telling you.

3)  Listen to your staff.  It wasn’t just parents who expressed concerns.  In a 2012 email, one Google product manager warned higher-ups that:

“friendly fraud” (unauthorized purchases by individuals you know) is the lead cause of chargebacks.  For example, parents realize their kids have made a series of purchases and call the credit card company claiming those were unauthorized.  Risk estimates that close to 80% of current chargebacks are driven by this specific issue.

Another in-house communication referred to a “high number of canceled orders for in-app billing” and explained that “these usually tend to be family fraud (kids takes phone and buys lots of food for virtual fish).”  Remember:  Those weren’t quotes from someone with an axe to grind.  It’s what Google’s own people were saying about problems with the payment process.

4)  Nix the trick fix.  Once you know there’s a problem, commit your company to correct it pronto.  It’s unlikely that half-hearted measures will do the trick.  As the complaint in this case alleges, the changes Google implemented didn’t solve the problem.   

What’s the next step for businesses?  Think through how you bill customers to make sure you have their express authorization.  Take special care with kid-related apps.  If you were one of the parents billed without your permission, the settlement requires Google to contact you within 15 days of the final entry of the order with details on how to get a refund.

You have until October 6, 2014, to file online comments about the proposed settlement.


It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

Get Business Blog updates