Beware of Android Market - especially with your kids

[billythewiz]

Its just a point about phones in general, the is no difference from buying apps and phoning a number

I don't know a single phone that even provides the option of PIN locked phone calls in addition to a PIN that locks the whole device. Actually that's not completely true, when you first power on an iPhone you have to supply a PIN to unlock the device and another to unlock the SIM. But only once, never for ever call (or text) made.

This contrasts with app purchases on IOS (where a password is mandatory, even for free apps) and Android (where a PIN is at least optional, assuming you have a recent version of the Market App).

Phone calls are also different in that you have either pre-paid them, or you've entered into an explicit contract for them.

My wife paid for a charity race in October. My 5 year old clicked a "Yes" button and spent £16 on the 30th December. Apparently the first action provided consent for the second !

[Hoonigan]

You aren't gonna convince Pancake that this is a problem.. You didn't untick the "save my details" box, or set up a pin, so it's entirely your fault, apparently.

Seems like a very stupid decision to put such things into an OS, IMO.

[Pancake]

Oh yes, unticking a box is soooo hhhaaarrdddd

[sweey]

This exact thing has happened with iOS in 2011.

[billythewiz]

Its just you are making out as if it did everything without you knowing

That's exactly what it did.

open source and people can do with it what they want.

That's one of the funniest myths about OSS. We laugh about it work all the time and we run more OSS than you can imagine - Linux desktops, Libre Office and Latex for documentation, Firefox/Chrome, Thunderbird, GNU compilers, Bugzilla and more OSS Python packages than I even know.

But anyway, the Xoom is a harware device and as such its manufacturer has certain obligations. Open Source Software doesn't give them the ability to abdicate all responsibility for their product.

And FWIW, Motorola is now owned by google. http://www.gsmarena.com/google_acqui...-news-3001.php

[Hoonigan]

Oh yes, unticking a box is soooo hhhaaarrdddd

I've seen several threads on here where people have fallen foul of this exact problem.

It was with an etailor that was selling an insurance policy on items, that was opt-out and not opt-in.

Not everyone reads everything, I'm sorry, but your viewpoint, or your actions, isn't the only way things happen.

[sweey]

I've seen several threads on here where people have fallen foul of this exact problem.

It was with an etailor that was selling an insurance policy on items, that was opt-out and not opt-in.

Not everyone reads everything, I'm sorry, but your viewpoint, or your actions, isn't the only way things happen.

I'm aware that Scan do this with items in the basket. If you're not reading carefully or looking at the basket total to make sure it comes back to what you expect it to, you're opting into insurance.

[Hoonigan]

I'm aware that Scan do this with items in the basket. If you're not reading carefully or looking at the basket total to make sure it comes back to what you expect it to, you're opting into insurance.

Well now that you've said it, that's exactly who I was referring to.

[billythewiz]

You aren't gonna convince Pancake that this is a problem.. You didn't untick the "save my details" box, or set up a pin, so it's entirely your fault, apparently.

Sure, I realise that, but others might read this conversation, now and in the future, and it's important that they realise the risks and find ways to mitigate them. If this problem continues, it may also be useful for them to know how long it has been a problem.

As for unticking, you're right, my wife didn't untick in October. Perhaps at that time she didn't want to. She was paying for a charity race. A race that she also entered in 2010 and will probably enter again in 2012. Perhaps she wanted the convenience of not having to re-enter her card details again in 12 months.

I also didn't set up a PIN (in Market) when I attached the device to her google account, but that's at least in part because it WAS NOT POSSIBLE !
It also didn't occur to me that google would some how have access to my credit card details (details that I never entered into the device) and would also allow them to be used without ANY rudimentary confirmation.

I used my credit card this afternoon (in a shop), and I was forced to provide a PIN. With the Xoom it is possible to turn on a device that is off and immediately start making purchases without providing any verification whatsoever.

Pancake is obviously a google/Android fanbois. I meet his kind all the time in my profession. Personally I really like my XOOM, I'm generally very pleased with it, but this is one area where google should hang it's head.

[sweey]

Pancake is obviously a google/Android fanbois. I meet his kind all the time in my profession. Personally I really like my XOOM, I'm generally very pleased with it, but this is one area where google should hang it's head.

Comments like that don't help.

It would be VERY easy for me to call you an Apple 'fanboi' based on your comments in this thread and the title you made in the other one for the very same reasons you are calling him one.

It took me a few posts ago to point out this exact thing happened with iOS in 2011 unless of course I actually missed it even earlier in the thread in which case my apologies go in whichever direction they are necessary.

[MSIC]

Oh yes, unticking a box is soooo hhhaaarrdddd

I've reported this post - i dont see how it is helping the original poster.
As far as i'm concerned the guy isnt making a complaint, he is (very helpfully) warning other people who might be at risk of repeating his mistake.

I think that people need to either show a little gratitude, or else some restraint.

[billythewiz]

Well now that you've said it, that's exactly who I was referring to.

LoL. I thought you were referring to the miss selling of Payment Protection Insurance. That little "tick box" scam ended up costing Halifax (who provide my card that google is so profligate with) £3.2B !!

Ref: http://blogs.thisismoney.co.uk/2011/...santander.html

[billythewiz]

Comments like that don't help.

You're probably right

It would be VERY easy for me to call you an Apple 'fanboi' based on your comments in this thread

Would it really ? Obviously this thread shows that I'm unhappy with google/android/motorola (tick whichever box floats your boat) at the moment, but you'll have to look hard to find me singing apple's praises. As I said (when I asked for this not to become an IOS vs Android flame), I have an iphone because it's provided by my employer (my boss is an Apple fanboi who doesn't like Blackberry). IMO, from my experiences, the iPhone is a mediocre phone and a pretty rubbish "business communications device" (which is why I have it). Just this morning I tried to forward an email with only one of the two attachments still attached ... not possible. It was both or nothing ! As a toy, it is pretty neat but there is no way I'd buy one for myself - far, far too expensive !
When I had the choice (iPad vs Android vs Whatever), I chose an Android device !

It took me a few posts ago to point out this exact thing happened with iOS in 2011

I'm not familiar with that incident, but I don't doubt you and I don't think it's acceptable. It doesn't matter that a tick box was or wasn't checked, that T&Cs were accepted or that Android also did it or that it's Apple so they are forgiven (they aren't). In all circumstances it should not be tolerated.

It was only by not tolerating this kind of crap that Free Software came into existence !

[Pancake]

I've reported this post - i dont see how it is helping the original poster.
As far as i'm concerned the guy isnt making a complaint, he is (very helpfully) warning other people who might be at risk of repeating his mistake.

I think that people need to either show a little gratitude, or else some restraint.

Oh right, every post has to be helpful to the OP now, thats a rule

The only reason i have a problem with it is because its pretty much the same as saying "Gosh, someone picked up my mobile phone and rang someone, why isnt there protection against this!?"

And if he had of read what he was doing he would have no gone into this mess! so he could also have said:

"Guys, i gave my bank details to some email from "my bank" and they scammed me"

Its just common sense to read everything you have ticked/unticked on a page, especially when your credit card is involved.

[billythewiz]

Its just common sense to read everything you have ticked/unticked on a page, especially when your credit card is involved.

A couple of things to note,

I don't know whether my wife "read everything" when she provided her card details to google Checkout in October. She probably didn't but she will of had a certain level of inherent trust that a company like google wouldn't be doing anything "non-standard".

At that time we did not own any android devices.

I did read everything when I signed the device in using her google account details. There was NOTHING about credit cards, PINS or Google Checkout.

I made an explicit point of NOT entering any card details into the device.

It never occured to me that my card could be used at all, never mind without a single piece verification. I do not know a single instance where I am able to use a credit card, merely by being in possession of it. In every single situation I have to provide a password or PIN for EVERY SINGLE PURCHASE.

In fact, this is the only instance I can think of, in my entire adult life. Even in the early eighties, before "cash point cards" were common place and credit cards were only for old, rich people, the bank's check book was essentially useless without a check guarantee card (and the ability to produce its signature in front of an observer).

This device is the only instance in my entire life that I can think of, where verification is only ever required once (in this case in October) and that is accepted forever more without any further re-verification.

It's just ridiculous. Simple.

[Blastuk]

A couple of things to note,

I don't know whether my wife "read everything" when she provided her card details to google Checkout in October. She probably didn't but she will of had a certain level of inherent trust that a company like google wouldn't be doing anything "non-standard".

At that time we did not own any android devices.

I did read everything when I signed the device in using her google account details. There was NOTHING about credit cards, PINS or Google Checkout.

I made an explicit point of NOT entering any card details into the device.

It never occured to me that my card could be used at all, never mind without a single piece verification. I do not know a single instance where I am able to use a credit card, merely by being in possession of it. In every single situation I have to provide a password or PIN for EVERY SINGLE PURCHASE.

In fact, this is the only instance I can think of, in my entire adult life. Even in the early eighties, before "cash point cards" were common place and credit cards were only for old, rich people, the bank's check book was essentially useless without a check guarantee card (and the ability to produce its signature in front of an observer).

This device is the only instance in my entire life that I can think of, where verification is only ever required once (in this case in October) and that is accepted forever more without any further re-verification.

It's just ridiculous. Simple.

I actually had no idea google had attached my credit card details to the market and lets me buy stuff without any verification by default, I guess I'm lucky in that I'm the only one using my device...