I was under the impression you needed to enter your app store password to make a digital purchase.
The vulnerability i thought was that the iPad remembered the password for a short amount of time, if you handed your iPad to a kid in that time they could fire up the app and make a purchase without needing to re-enter the password. Typically though, the kid would be unable to make purchases without a password.
I lesson I learned quickly on the iPad was that few applications were really free. Either the ad's were intrusive or the majority of the content had to be purchased. I typically do not bother with free app's any more and just look for a high rated paid version.
> I was under the impression you needed to enter your app store password to make a digital purchase.
That is correct.
> The vulnerability i thought was that the iPad remembered the password for a short amount of time, if you handed your iPad to a kid in that time they could fire up the app and make a purchase without needing to re-enter the password
That is also correct, but can be fixed via parental restrictions: the default configuration allows in-app purchases, mandates password entry and remembers the password for fifteen (15) minutes, it's possible to disable in-app purchase altogether (independently from AppStore purchases) and to not remember the password at all.
Many parents hide behind a wall of ignorance. That looks technical so I will get my kid to do it. Maybe when I get a bit older I will be the same. However... as soon as my kid asks for my credit card details I will be like 'hang on.. whats this for?'
I remember the first purchase I made on Amazon. I was like 13 and I needed my mum's card to make it. She knew nothing about computers and almost nothing about the internet. It took her 2 weeks to look into it before giving me the OK. She then struggled through the Amazon website to get what I wanted. Spent a large amount of time making sure she was only getting one, the item was correct and it was being delivered to the right address. She then pressed the purchased button.
That is parenting. That is common sense. I have no idea when it became the norm to trust teen and preteen kids with parents passwords and access to credit card linked accounts.
1. parents not getting involved is not something technology can fix
2. the parental restrictions configuration uses a PIN independent from the SIM PIN and the account password, parents can disable IAP even if their child knows their appstore account password. It will not prevent the child from buying new applications, however (unless parents also disable installing applications, I guess).
The vulnerability i thought was that the iPad remembered the password for a short amount of time, if you handed your iPad to a kid in that time they could fire up the app and make a purchase without needing to re-enter the password. Typically though, the kid would be unable to make purchases without a password.
I lesson I learned quickly on the iPad was that few applications were really free. Either the ad's were intrusive or the majority of the content had to be purchased. I typically do not bother with free app's any more and just look for a high rated paid version.