Google improves Play Store in-app purchase protection

Martin Brinkmann
Mar 16, 2014
Apps, Google Android

In-app purchases are a controversial topic right now, and both Google and Apple have been sued before for providing ineffective protection against these types of purchases.

There are two extremes and lots of middle-ground in between. On the one side, you have games and apps that implement these purchases in the least intrusive manner possible.

A good example of this are the games Dota 2 and Team Fortress 2, which do offer in-game purchases but mostly for cosmetic items. Players who do not buy these items are not restricted in any way when they play those game.

On the other side are games such as Dungeon Keeper or Candy Crush which abuse the system in my opinion as they limit the game flow and experience significantly unless in-game purchases are made to speed things up or period where nothing can be done.

Google is rolling out an update of its Play Store application that improves the in-app purchase protection.

There are two new features that improve it:

  1. If a game uses in-app purchases, it is now displayed in the list of requested permissions before installation.
  2. You can now configure purchases to always require an password.

It should be clear that these new features won't protect people from themselves, or children from making them if the protection is not properly configured or the password handed out without second thought.

google play password protection in-app purchases

So here is how you configure the new feature. Please note that you need to have Play Store version 4.6.16 for that. If you do not have it yet, you can grab a copy of the apk from Android Police. Note that this is a third-party site which means that you need to be extra careful when downloading apks from it.

  1. Open the Play Store application on your Android device.
  2. The settings menu opens on the left now.
  3. Scroll down until you see the user controls option here.
  4. There you find the "require password for purchases" option which is set to 30 minutes by default. This is the option that was available in earlier builds of the Play Store app.
  5. When you tap on the option, you can change that to "for all purchases through Google Play on this device" or to "never"

If you select for all purchases, you will be asked every time you make a purchase on the device while never has the opposite effect.

Parents who hand over their phone or tablet to kids, should probably enable the "for all purchases" option to avoid that kids make purchases in the 30 minute window they have after a purchase was authorized by you.

The second new feature is the new app permission that is displayed when applications support in-app purchases.


Closing Words

The new feature as it stands now seems to be optional. It is likely that most Android users won't notice that it is there because of it and continue to use the "password once, 30 minutes password-free purchases" option instead.

I do not think the new options go far enough. While the new permission notification may help Google legally, it is likely that many users are not paying attention to the permission dialog when they install apps from the store.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. bruh said on August 18, 2023 at 1:25 pm

    Uhh, this has already been possible – I am not sure how but remember my brother telling me about it. I’m not a whatsapp user so not sure of the specifics, but something about sending the image as a file and somehow bypassing the default compression settings that are applied to inbound photos.

    He has also used this to share movies to whatsapp groups, and files 1Gb+.

    Like I said, I never used whatsapp, but I know 100% this isn’t a “brand new feature”, my brother literally showed me him doing it, like… 5 months ago?

  2. 💥 said on August 18, 2023 at 3:55 pm

    Martin, what happened to those: 12 Comments ( Is there a specific justifiable reason why they were deleted?

    Hmm, it looks like the gHacks website database is faulty, and not populating threads with their relevant cosponsoring posts.

  3. 45 RPM said on August 19, 2023 at 6:29 pm

    The page on ghacks this is on represents the best of why it has become so worthless, fill of click-bait junk that it’s about to be deleted from my ‘daily reads’.

    It’s really like “Press Release as re-written by some d*ck for clicks…poorly.” And the subjects are laughable. Can’t wait for “How to search for files on Windows”.

    1. owl said on August 20, 2023 at 12:51 am

      > The page on ghacks this is on represents the best of why it has become so worthless, fill of click-bait junk…

      Sadly, I have to agree.

      Only Martin and Ashwin are worth subscribing to.
      Especially Emre Çitak and Shaun are the worst ones.

      If intended “Clickbait”, it would mark the end of Ghacks Technology News.
      Ghacks doesn’t need crappy clickbaits. Clearly separate articles from newer authors (perhaps AIs and external sales person or external advertising man) as just “Advertisements”!

      We, the subscribers of Ghacks, urge Martin to make a decision.

  4. chessandonions said on August 20, 2023 at 12:40 am

    because nevermore wants to “monetize” on every aspect of human life…

  5. Frank Rizzo said on August 20, 2023 at 11:52 pm

    “Threads” is like the Walmart of Social Media.

  6. Ashray said on August 21, 2023 at 4:06 pm

    How hard can it be to clone a twitter version of that as well? They’re slow.

  7. Paul(us) said on August 21, 2023 at 5:16 pm

    Yes, why not mention how large the HD files can be?
    Why, not mention what version of WhatsApp is needed?
    These omissions make the article feel so bare. If not complete.

    1. Paul(us) said on August 21, 2023 at 5:18 pm

      Sorry posted on the wrong page.

  8. Marc said on August 21, 2023 at 6:00 pm

    such a long article for such a simple matter. Worthless article ! waste of time

  9. plusminus_ said on August 21, 2023 at 7:54 pm

    I already do this by attaching them via the ‘Document’ option.

  10. John G. said on August 21, 2023 at 11:43 pm

    I don’t know what’s going on here at Ghacks but it’s obvious that something is broken, comments are being mixed whatever the article, I am unable to find some of my later posts neither. :S

  11. Tom Hawack said on August 23, 2023 at 2:28 pm

    Quoting the article,
    “As users gain popularity, the value of their tokens may increase, allowing investors to reap rewards.”

    Besides, beyond the thrill and privacy risks or not, the point is to know how you gain popularity, be it on social sites as everywhere in life. Is it by being authentic, by remaining faithful to ourselves or is it to have this particular skill which is to understand what a majority likes, just like politicians, those who’d deny to the maximum extent compatible with their ideological partnership, in order to grab as many of the voters they can?

    I see the very concept of this as unhealthy, propagating what is already an increasing flaw : the quest for fame. I won’t be the only one to count himself out, definitely.

    1. Tom Hawack said on August 23, 2023 at 2:34 pm

      @John G. is right : my comment was posted on [] and it appears there but as well here at []

      This has been lasting for several days. Fix it or at least provide some explanations if you don’t mind.

  12. Tom said on August 24, 2023 at 11:53 am

    > Google Chrome is following in Safari’s footsteps by introducing a new feature that allows users to move the Chrome address bar to the bottom of the screen, enhancing user accessibility and interaction.

    Firefox did this long before Safari.

  13. Mavoy said on September 16, 2023 at 2:17 pm

    Basically they’ll do anything except fair royalties.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.