Thoughts on the FTC’s policing of In App Purchases and “Friendly Fraud”

Content, Commerce, and Privacy. I’ve touched on these three regulatory issues we face in the mobile game market in this blog before.  It’s a confusing space because all three of the “live rails” (as I call them) inter-relate.  Last week the blogosphere was filled with Google’s settlement with the FTC regarding in app purchases that were made by children without their parents’ approval.  According to the FTC, Google is well aware of the problem and refers to it as “Friendly Fraud” or “Family Fraud”.  Let’s take stock of what the FTC has done about kids and IAP and how the various platforms have responded. 

Apple

In January, the FTC announced that Apple agreed to refund over $32M in unauthorized in-app purchases.  While $32M seems like juicy big number, and it sounds like a fine that would hurt Apple, it’s actually neither.

It was a refund.  An “Undo”.

Sadly, the primary pain of the Apple FTC consent agreement went to game developers who had already banked $21M of that $32M, and had a bad day when Apple informed them they were clawing those revenues back.  Apple, the $171 billion company had to refund a little less than $10 million, which is essentially nothing to them.  A few months later, Apple announced new “Family Sharing” and “Ask To Buy” features for its platform at its developer conference in June. We’ll never know if the new family features were part of Apple’s consent to the FTC. It’s probably fair to say that the Apple platform has seen the last of governmental IAP clawbacks.

Amazon

In July the FTC also targeted Amazon for the same IAP issue. But unlike Apple, Amazon did have some basic protections built into its platform, and decided to force a court case by declining the FTCs consent decree.

We are probably years from knowing the final outcome of Amazon’s strategy, but in the interim, developers who target the Amazon platform (including the new Fire smartphone) have to be wary of their IAP methods, since Amazon’s existing protections are now under a cloud of potential FTC clawback, or worse, actual fines. Time will tell whether Amazon’s choice to make a stand was a good one or not.  To me, it puts the Amazon platform at a disadvantage when it was already a very distant third.

Google

When Google was contacted by the FTC, it appears to me that they (wisely) decided to accept the FTC’s consent decree, change their IAP flow and move on. Unlike Apple, Google decided to absorb the full brunt of the refunds, and not to claw back already booked revenues from their developers.  This seems fair to me, because the game developers were certainly not responsible for the design of the Google Play IAP flow. Score some “Good Guy Platform” points for Google on this one.  Game developers will probably not have to fear future IAP clawbacks from Google.

Family Friendly Mobile Platforms?

In a very interesting sub plot, Google let it be known that they plan to offer “family” accounts that will, for the first time, allow children under 13 to have accounts for Google’s many services.  Apple’s Family Sharing and Ask To Buy are also steps down the path toward a structured child-friendly app environment where content, commerce, and privacy are tightly controlled under a watchful parental eye.  Both of these companies are under intense privacy scrutiny and will have to be fully compliant with all aspects of COPPA or face the FTC again.

Will these evolved mobile platforms eventually provide COPPA compliance for games?

Keeping in mind that Google and Apple both lobbied heavily and were able to get specifically exempted from COPPA compliance in the law, I don’t think anything has happened that will change their mind on wanting to avoid the COPPA issue.  As a practical matter, an app store like Google’s could do some of the things required by COPPA, but they would never be able to know what PII your game captures, nor what ad networks, analytics systems, leaderboards, optimizers, cross promotion networks or other APIs you use in your app.  Nor would they ever want to be on the hook for the potential sins of bad actor game developers who grab kids PII without parental permission.

It looks to me like game developers can’t depend on the app stores to provide COPPA compliance.  While they might create an environment that eases compliance, the publisher is always going to be on the hook for their games.  

While many, including me, are surprised that COPPA2 is over a year old and there have not been any public enforcement actions, I think the way these IAP actions against Apple, Amazon and Google were handled holds important clues to what we can expect from the FTC.

FTC investigations are handled in secret, and are not publicized until they reach a consent (like Apple and Google) or end in a court case (like Amazon).  For all we know, there could be a half dozen cases underway right now, working their way toward one or the other of the final outcomes. 

If you'd like to educate yourself on COPPA2, here's a page of history and links AgeCheq has created for game developers. To learn more about COPPA directly from The Federal Trade Commission, check out this list of answers to frequently asked questions: http://www.ftc.gov/tips-advice/business-center/complying-coppa-frequently-asked-questions .  Because there are numerous “incomplete” versions on the web, I encourage you to always view the final, official text of the COPPA law, which can be found here:

http://www.ecfr.gov/cgi-bin/text-idx?tpl=/ecfrbrowse/Title16/16cfr312_main_02.tpl