iTunes password caching
Mike Rohde racked up $190 in iTunes in-app purchases without knowing it, blaming an app called Fishies by PlayMesh for tricking his son into purchasing virtual items without a password prompt. He was obviously pretty upset - I would be too! - but calling it a "scam" probably goes too far. So what really happened?
It is fairly well known that after the App Store prompts for your iTunes password, you can download more apps for a certain length of time (at least a few minutes) before it requires a password again. What seemed less clear is that this applies to in-app purchases as well.
To be sure, I ran a test to confirm the behavior:
- Download a new free app from the App Store (I downloaded the current number 1 iPhone app, Farm Story Summer).
- Enter your password to confirm the download.
- As soon as it finishes, go to another completely different app (in my case it was Iconfactory's Ramp Champ, which I had downloaded months ago).
- Purchase an in-app virtual item.
- It prompts for whether you want to buy the item (the standard Apple prompt), but without requiring a password.
...
PlayMesh Fishies App Story: iTunes Password Caching