In-app purchases

Avoid unexpected bills by knowing how to prevent unauthorised in-app purchases on your smartphone or tablet.

Making in-app purchases

Mobile apps are often available to download free in an online store but sometimes require significant in-app purchases to maximise the experience of the app. In-app purchases may include paying to use an ad-free version of the app, buying extra lives in a game, or paying to access extra content.

Not all apps sufficiently disclose at what point the user is making an in-app purchase. In particular, children using their parent’s device may not realise the in-app purchases are spending their parent’s money in the real world.

Preventing an unauthorised in-app purchase

Apple and Android devices require authentication before making a purchase in the online store. Once this is entered additional purchases can be made for 15 to 30 minutes without requiring authentication. During this time users can make several purchases without realising that they are being charged.

Here are a few tips to avoid making in-app purchases:

  • understand the device controls
  • consider setting restrictions (passcode, fingerprint lock, face recognition)
  • consider downloading apps for parental control of smart devices
  • use gift cards instead of credit cards to minimise the amount of money spent.

How to restrict in-app purchases on Apple devices

You can choose to either turn-off in-app purchases completely, or require a pass-code for every in-app purchase.

Disable in-app purchases

Home screen display to settings app

1. Select Settings

Settings app to general function

2. Select General

General app to restrictions list

3. Scroll down and select Restrictions


Turning on restrictions by clicking the button to go green

4. Select Enable Restrictions

Entering passcode for authentication

5. Enter your passcode
(may require you to set one up)

Restrictions to in-app purchases function

6. Scroll down to In-App Purchases and switch the green button to white (off)

Require a passcode for each in-app purchase

After you authenticate an in-app purchase, no further authentication is required for subsequent in-app purchases made within 15 minutes. To disable the 15-minute rule you can change the setting to ‘Require password for purchases immediately’. Replace Step 6 above with the following:

Require password authetication in restrictions menu

NOTE: Users of iPhone 5s or above devices also have the option of fingerprint recognition called ‘Touch ID’, which can be used to authorise purchases from the iTunes Store, App Store, and iBooks Store.

See: Using touch ID

How to restrict in-app purchases on Android devices

Opening Google Play application

1. Select the Google Play Store

Go to Google play menu

2. From the Google Play Store select the menu button on the top left of the device

From the menu select settings

3. Select Settings

Set to require authentication

4. Scroll down and select Require authentication for purchases

Confirm authentication is required for all purchases

5. Select For all purchases through Google Play on this device, when prompted enter your password and tap OK.

In addition, you now have the option to see whether an app contains in-app purchases before making a decision to install the app.

Applying for a refund

Getting a refund for unauthorised in-app purchases can be time consuming and difficult. Some app related purchases can be billed to your mobile phone bill. There are a number of steps you can take to try and recover your money:

  • contact the app store as soon as possible to request a refund
  • contact your bank to discuss any unauthorised charges appearing on your credit card
  • contact your mobile phone provider about unauthorised charges appearing on your bill. If you have a dispute about charges that you can’t resolve with your service provider, contact the Telecommunications Industry Ombudsman.

Contact the app store

Take action

If you think you have been misled:

Make a consumer complaint

Related information

iOS: Understanding Restrictions (parental controls)

Setting password restrictions on your Android device