The appeal and risks of in-app purchases
Many online games offer a “free-to-play” model, enticing children with the promise of an exciting and immersive experience at no initial cost. As children play, they quickly achieve early success, which releases dopamine and makes the game highly engaging. However, as the game progresses, it often becomes more challenging, encouraging players to make in-app purchases to gain additional lives, power-ups, or exclusive content. And, of course, this means more money for the game makers.
In-app purchases: Numbers to know
- Consumer spending on the App Store will reach nearly $200 billion by 2025.
- 98% of Google Play revenue comes from free apps.
- In-app purchases are one of the most common monetization models. An estimated 50% of non-game and 79% of game apps use it.
- Users are spending $380 billion worldwide on in-app purchases.
Source: Business of Apps, 2024
What makes spending in apps even more tempting is the fact that users often pay with virtual currency, such as stars, or gems. But this virtual currency needs to be purchased with real money. The seamless integration of these purchases within the app interface, coupled with enticing offers, time-limited deals and the use of virtual cards and wallets can make it hard for users, especially children, to resist the urge to spend.
But while in-app purchases can enhance the gaming experience, they also pose several risks. Children may make impulsive purchases without understanding the financial implications, leading to unexpected charges on parents' payment cards. Even more concerning, cybercriminals can exploit in-app purchase systems to steal personal information, potentially leading to identity theft. However, there are many security tips that can help your child enjoy the benefits of online games, all while keeping their data safe.
How do cybercriminals use in-app purchases for identity theft?
1. Phishing and social engineering
Cybercriminals can create fake in-app offers that appear attractive to users. These offers might promise significant discounts or exclusive content. When users click on these offers, they are redirected to fraudulent websites designed to look legitimate. Here, users are prompted to enter their personal information, including names, addresses, and payment details. This data can then be misused for identity theft.
2. Malicious apps and updates
Cybercriminals can develop malicious apps that masquerade as legitimate games or utilities and even create fake reviews and ratings to make their fraudulent apps appear more credible. These apps might function normally but contain hidden code designed to capture personal information when you use the app or make purchases within it.
3. Exploiting in-app payment systems
In-app purchases often require users to enter payment information, which can be intercepted if the app’s payment system is not secure. Cybercriminals can exploit vulnerabilities in these systems to gain access to credit card details, which can then be used for fraudulent transactions or sold on the dark web.
4. Man-in-the-middle attacks
During in-app purchases, data is transmitted between the user's device and the app's server. Cybercriminals can perform man-in-the-middle attacks to intercept this data. By placing themselves between the user and the server, they can capture payment information, login credentials, and other sensitive data transmitted during the purchasing process.
Safeguarding your child’s digital identity
To protect your child from identity theft and manage in-app purchases, consider these strategies:
- Control the purchase options in the settings
- iOS Devices: Go to Settings > Screen Time > Content & Privacy Restrictions > iTunes & App Store Purchases > In-app Purchase and select “Don’t Allow” to prevent your kids from making in-app purchases.
- Android Devices: Use the "Purchase Approvals" feature in Google Play to manage and approve transactions.
- 2 Enable family sharing and purchase approvals
- iOS Devices: Set up "Family Sharing" and activate the "Ask to Buy" feature to approve or deny purchase requests.
- Android Devices: Create a "Family" group in Google Play to control purchase approvals.
- Regularly monitor subscriptions:
- iOS Devices: Review subscriptions through Settings > Your Name > Subscriptions.
- Android Devices: Check for expired or declined subscriptions via Google Play > Profile Icon > Payments & Subscriptions.
- Utilize comprehensive security solutions:
- ESET Parental Control App: This app not only helps manage in-app purchases, but also protects children from threats on their smartphones and tablets. It includes features like app blocking, usage monitoring, and safe browsing.
- ESET Home Security Ultimate: This solution helps you protect the entire digital life of your family, including data, with many helpful features – for instance, the metadata cleanup feature. On some apps, users can share their images, inadvertently also sharing the metadata embedded in them. The metadata cleanup feature allows your family to remove metadata from images before uploading them. This helps to protect your and your child’s personal information from potentially being exploited.
Handling unauthorized purchases
What should you do if your child makes an unauthorized in-app purchase? Contact the game developer to request a refund. Apple and Google support may also assist in reversing these transactions. Explain that the purchases were made by a child without permission to improve your chances of a refund.
Don’t be scared of apps
It's important to recognize that while there are possible risks regarding in-app purchases, many apps can bring significant benefits to your child’s life. Nowadays, there is an app for everything: education, sports, creativity, and more. You should not see apps as dangerous – only teach your kids to approach them with several security measures in mind:
- Teach your kids to ignore suspicious links and banners, and to be wary of offers that seem too good to be true.
- Ensure your kids use different usernames and passwords for each app. Make it easier for them with a password manager.
- Set up multi-factor authentication on your child’s accounts. This adds an extra layer of security, making it harder for cybercriminals to access your child’s data.
- Utilize biometric verification methods like Touch ID or Face ID to secure transactions.
- Encourage your children to discuss any uncomfortable online experiences and educate them on how to report malicious behavior within apps.
Overall, games and other apps can provide great entertainment and educational value, offering a wealth of resources that foster creativity, learning, and productivity. However, it’s crucial for parents to stay vigilant about in-app purchases and potential security risks. By taking proactive steps — such as enabling purchase controls, using security apps and educating children about online safety — you can help ensure that your child's app experience remains positive and secure. Remember, the goal is not to eliminate the use of apps but to create a balanced and safe environment where children can enjoy the benefits of technology while staying protected from its potential pitfalls.