Why Kids are Adding Cost to the Enterprise
There have been a couple of interesting stories of late about in-app purchasing and mobile app data collection when it comes to games and apps aimed at children.
The FTC recently finalized a court order demanding Google to refund $19 million dollars in unauthorized in-app purchases. This ruling has been dubbed the “parents’ payout”.
For anyone not familiar with the story, Google billed users millions of dollars for charges incurred by children who were buying virtual lives, game credit, digital gifts and what-not via in-app purchasing, without consent from account holders—a.k.a. the parents. When Google first introduced in-app charges to the Google Play store back in 2011, the FTC’s complaint stated that Google billed for such charges without any password requirement or other method to obtain account holder authorization. The complaint also alleged that even after requiring a password to incur in-app charges, the company failed to tell parents that entering the password would then open a 30-minute window during which children could make unlimited charges without authorization.
Second, there has been new uproar in the media that nearly a year after federal regulators issued new privacy rules for kids’ mobile apps, many software programs are still quietly collecting vast amounts of data via what seems to be harmless apps. Though all of this is focused on kids and parents, we must remember that those parents are also employees and in the BYOD world we live in, those same employees are using their mobile devices for both work and personal activity. So when kids download games and other apps onto the same device the parent also uses for work, it introduces risk in terms of third-party access to sensitive, company information. Add the risk of unlimited in-app purchasing and corporations are now at risk of being fronted big bills from private in-app purchases. For customers in Europe, where in-app purchases can be tied to carrier billing, in-app purchases can also represent a financial risk to corporations that reimburse their employee cellphone bills. We recommend that IT and security teams educate their users on app security and privacy risks, as well as potential financial risks.
At Appthority we help customers ensure their apps are safe by providing a solution for managing mobile app risk and protecting private enterprise data via our Enterprise App Risk Management service. IT and security administrators turn to us to maximize their Mobile First and BYOD strategies without having to deal with the headache of managing risky apps.
Do you trust your employee’s apps? Share your thoughts with the Appthority team at @Appthority.