It was the height of the pandemic. Everything was topsy-turvy. Jessica Johnson’s real estate commissions were already down by 80 percent. And now she was home-schooling two little kids.
So, sure, she may have left them to their own “devices” for a few more hours than the screen time guidelines we recommend. Her 6-year-old, George, had one device he particularly enjoyed: his mom’s iPad. His favorite app was Sonic Forces: Speed Battle from Sega, a racing game. (Think Mario Kart, but with hedgehogs.)
You run like mad. You dodge stuff. You jump to catch prizes. If you want to run extra fast, you can even purchase competitive advantages like they do in the Tour de France. In the Sega world, these come in the form of rings — red and gold. And when I say “purchase,” I mean you have to actually buy the (fake) rings with a (real) credit card. A bag of virtual gold rings goes for — brace yourself — a whopping $99.99.
Maybe you see where this story is headed. Little George, who was totally into his Sonic, bought enough virtual bling via Apple’s App Store to purchase a Kia Rio, cash in hand. His mom, Jessica, got stuck with the $16,293.10 bill.1
If you’re a parent with kids on iPads like me and would kill to find out how on earth this happened, you’re in luck. There is an explanation, but it lies deep within your child’s iPad settings.
Did You Know? Jessica Johnson isn’t the only parent to end up on the hook for thousands of dollars of unauthorized App Store purchases. In 2020, an 11-year-old girl in the U.K. unwittingly bought the equivalent of $5,792 of Roblox add-ons.2 Back in 2016, in Canada, a teen FIFA addict milked his father’s credit card to the tune of $7,625 in Xbox purchases.3 The list goes on.
If you had told me 15 years ago, when my wife bought me my first iPad, that in a decade we would have two little kids running around the house, each with an iPad of their own, I would have called you crazy. But it happened — in households all over the world. A lot of expensive, cutting-edge consumer equipment designed for adults was now in the hands of little kids.
The solution big players like Apple and Google came up with was parental controls. Our children can use their iPads and Chromebooks, in other words, but if they’re under 13, we parents have to co-manage their accounts.
No parent would argue that this is a bad thing. After you link your Apple ID or Google account to your child’s, the amount of control you assume is totally up to you. Most of us dads and moms are just setting time limits and bedtimes and tracking down their devices if they lose them — pretty basic, not very invasive, and definitely useful.
Here’s where it gets interesting.
Going deeper, you can filter out explicit video and search content for your children, and set permissions for purchases and third-party apps. When you’ve set these last two up correctly, anything your child wants to download or buy on their device needs your approval. When you don’t, you run the risk of a $16,000 App Store bill courtesy of Apple.
Not looking to line Apple’s coffers with any more of your hard-earned money? Here’s what you need to do right now.
FYI: The Federal Trade Commission (FTC) hasn’t turned a blind eye to Apple’s predatory marketing practices. In 2014, it filed a lawsuit against the tech giant, forcing it to pay $32 million in reparations to parents they’d bilked for hidden purchases.
Before you get started: In order to child-proof your kids’ Apple devices, you’re going to need one adult Apple ID in the family. You’re going to use that ID to monitor your children’s screen time, downloads, and purchases.
If they don’t already have one, create an Apple ID for your child. (Don’t let them use yours. That’s exactly what Jessica Johnson did, and we saw what happened to her.)
The easiest way — in my book — to do this is via a desktop or laptop. Open up System Preferences, click Family Sharing (up top, next to Apple ID), and then hit the “plus” to add your child to your family group. Now hit Create Child Account.
When you’re all done, set the new username and password aside. You’ll need them in a second.
Pro Tip: Make sure you record your kids’ login info somewhere because chances are they’re not going to remember it. The safest, easiest way to store family passwords is with a password manager. Here’s a digital hygiene checklist to help get you started.
Next, enable Ask to Buy. (It’s the third tab under Family Sharing.) Once Ask to Buy is up and running, whenever your child tries to purchase something via an app, the iTunes Store, or the App Store, you’ll have to confirm the purchase.
Is this a pain? Not really. Apple will send a purchase request to your connected Apple devices. You’ll have the option to approve or decline it. If you choose to approve it, they’ll ask you to enter your password. Pretty simple.
Did You Know? If you let your kids use your iPad — rather than getting them a device of their own — things get more complicated security-wise because you’ll essentially be setting up safeguards (bedtimes, content filters, etc.) that apply to your own account, not theirs. More importantly, you’ll be missing out on Ask to Buy, a critical piece of the child-proofing puzzle.
Remember that new Apple ID you created for your child in Step 1. Now’s the time to use it. Sign your kid in to their iPad (because they’re probably itching to use it).
Your child may actually need to use their Apple ID password, so make it strong but not too complicated. A passphrase might work best here, rather than a code. Three to five random capitalized words followed by a symbol and a number should do the trick.
To review briefly, Ask to Buy (Step 2) should work on all purchases your children attempt to make, including the dreaded microtransactions we parents know as “in-app purchases.” But as a fail-safe, I recommend you also bar all in-app purchases on your child’s actual device. Here’s how to do that.
Head over to your child’s iPad Settings and click Screen Time (it’s on the left sidebar). Once you activate Screen Time for your child (and create your private passcode), click Content & Privacy Restrictions. And don’t forget to nudge that button at the top to the green position to activate them.
There’s a whole bunch of stuff you can do here, including setting content filters and activating location services — all good stuff. But for the moment, just click on iTunes and App Store Purchases. When you do, you’ll arrive at a screen that looks just like the screenshot at the top of this section.
You’ll notice that the default setting for In-app Purchases is “Allow.” Similarly, Require Password is set to “Don’t Require.” If you look closely, you’ll actually see, in Apple’s fine print, that what they’re allowing by default is additional purchases made after an original purchase. So, unless you switch this on, your child could continue to spend your money without your knowledge even if you require a password for an initial purchase. Sneaky, right?
Well, folks, you know what to do. Shut down those in-app purchases at the source, and require a password for anything your child tries to buy in the App Store or iTunes Store.
Now you’re totally covered.
Pro Tip: If you’re a Mac user, you can actually manage your child’s iPad Screen Time settings from your desktop or laptop. You’ll find them under Family Sharing.
I wish there was a happy ending to this story. I wish Jessica Johnson had reached out to Apple and they’d said sorry and refunded all her money. (They did eventually refund about 60 percent of it.) I wish Sega stopped marketing $100 gold bags to kids who don’t understand the concept of a credit card. But, alas, this isn’t likely to happen soon.
So, for the time being, we parents are just going to have to bite the bullet, flex our digital security muscles a bit more, and batten down our kid’s devices ourselves.
No doubt, mistakes will still happen. There’s just too much fine print and too many settings for every parent to catch everything. If you or your children ever do fall victim to the App Store’s deceptive marketing ploys, here’s what you should do. First, reach out to the app seller. Second, dispute the charges with your bank or payment service provider. Last, but not least, lodge a complaint with the FTC. They’re listening, and if enough parents make a fuss, they do act.
Good Morning America. (2020). Mom warns parents after son charges $16K on in-app game purchases.
BBC. (2020). Dad horrified at £4,642 gaming app bill.
Vice. (2016). Kid Racks Up Over Five Grand of ‘FIFA’ In-Game Purchases; Dad Duly Flips Out.
CNBC. (2021). Who’s responsible for your kids’ unauthorized credit card charges?