I write software for a living. I also go to the pub. There’s probably a strong correlation between those two things. On a recent visit to my local one of the bar staff there spotted the MacBook I was carrying and asked if I ‘knew about computers’. Anyone with any computer knowledge has suffered this from their family over the years. I’ve trained mine by writing really detailed manuals so when I say “open the System Preferences” they no longer need to ask ‘what’s the little picture on it?’. I switched them to Hushmail from Gmail which slashed their support calls. Teach them a little bit and give them the confidence to be able to go out and find the answers themselves. In an example of the cycle of life I’m doing for my parents exactly what they did for me as an infant when I was struggling with the ability to stand and place one foot in front of another without crashing to the ground.
It turns out that – we shall call her Phoebe – was playing an iOS game on Tuesday, got asked for her TouchID verification, and suddenly found AUD$160 charge on her credit card. She asked me about this later that afternoon when I had stopped in. She showed me the game. I wasn’t familiar with it as I don’t play computer games (it’s enough that I work all day on them) but it seemed to involve adding clothes to a model and then some form of gamification with other people. I’m far too old to be a Millennial so wouldn’t understand it anyway.
She went through the process of how it happened and I captured it on video (a whole 17 seconds long):
Note the complete lack of a dialog box asking if she wishes to complete the purchase of an item for AUD$160. If you are scrolling though and iOS mistakenly treats a scroll flick as a tap and you get a request to verify your security you may well authorise using TouchID. Especially if you are one of the hundreds of millions who don’t expect app developers to pull scummy tricks which seem very similar to those used by various advertisers including spammers.
Coincidentally the previous week I’d taken a lead out of (indie developer legend) (underscore) David Smith’s book and added a tip jar to my app (in the three subsequent weeks since I’ve earned about AUD$5 – so not a money-earning option to take unless your first name is Marco). I’d actually needed to read the Apple Developer documentation on StoreKit and best practises for in-app purchase. The app I was shown did not provide that.
So on Wednesday I wrote an email to the company (click on it to expand):
It pointed out that they had ignored the highlighted part of the Apple requirements. They hadn’t even provided a verification dialog box to ask the user if they wished to part with over $150 (the phrase “appallingly dangerous UI” may have been used). There’s a lot of words to describe people who implement those practices: most of those are only four letters long (six with the ‘er’ suffix).
The reply I received on Thursday consisted of this (click on it to expand):
That’s corporate speak for ‘screw you, we already have your money’. I am actually tempted to email again and ask her what her developers said.
So on Saturday (when Phoebe was again on shift) I wrote a response and sent it to Apple via this which is the best option to use in these cases.
It basically pointed out what had happened and linked to the relevant documents (screenshots, the above video, and PDFs of emails saved to Dropbox and public links added help immensely). Be warned it has a character limit.
I dropped in to the pub on Sunday afternoon. Phoebe had received a response from Apple. A full refund. That’s something pretty rare for a consumable item on an in-app purchase. But I think Apple had recognised that the developer had performed a pretty scummy set of actions where they had taken advantage of the ignorance of the user to gain more income. Phoebe did say she’d emailed her thanks to Apple and had received a somewhat surprised response to that – apparently people expressing gratitude for services rendered doesn’t happen too often.