@Mad_Dog_Bravo Sorry to bring up an old thread, but just curious if you've made any progress in securing your Stadia from unauthorized purchase.
I've been playing around and try to tighten up my security as much as possible and here's what I found
So I think you should be covered as long as you make sure you need authentication through the app. Let me know if you think there are other loopholes.
I think the simplest thing is to not give them access to the Stadia app, as that's the only place you can make purchases and you don't need it to actually play games.
That being said, if on Android, the payment system does ask if you want to require entering your account password in or use biometrics before every purchase so that effectively locks it out too.
I'm not sure how the payments work on iOS but I imagine it's a similar situation.
It's the in-game purchases that are of concern.
Access to the Stadia app is easy enough to control, but it is the ability to spend an insane amount of money on in-game purchases that sets all the alarms bells ringing... e.g. 5,000 silver tokens in Destiny 2 is £39.99, that is an in-game purchase and not controlled via the Stadia app. No limit as to how many times that can be purchased....
Ideally, you want to have a way to control these purchases (disable) and lock settings with a pin/passphrase etc. Whatever the solution it needs to be suitable for all platforms (Chromecast, Chrome, etc.)
@Mad_Dog_Bravo Check out the help article below on how to restrict purchases by members of your family
https://support.google.com/stadia/answer/9575790
Snippets from Android:
Purchase approvals
Your child can make purchases on Stadia through a variety of devices, like their phone or computer. In order to set up your child’s account, you must set up a family payment method that they can use to subscribe and make purchase requests.
To allow your child and other family members to use the family payment method in the Stadia App on Android, you must also enable it on Google Play. To do this, set up a Google Play Family Library. You must have Google Play Family Library enabled for your child to subscribe and make purchases on the Stadia App on Android. Play purchase approval settings will apply for any purchases made on an Android device.
If your child is under 13, you must approve each game they want to buy. Your child could request the purchase of a game from the Stadia store, but Stadia won’t allow your child to complete the purchase until you approve it on the Stadia family dashboard online or from the Family Link app on your mobile device.
Note: You must approve the purchase on your child’s device.
Thanks @Ivan , but I'm still trying to figure out how to secure my account. At the moment I see no security, the kids start Stadia it is logged in under my account and they can purchase in-game features without any security. No way to lock this feature that I can see. I'm not looking to setup child accounts, I just want to protect my account and prevent in-game purchases. They can't buy games as they do not have the Stadia app, but they can turn on the TV and pickup a controller.
@Mad_Dog_Bravo Well, generally, you don't want anyone to have free access to your phone right. I haven't unboxed my Chromecast Ultra, but if my understanding is correct, you need your phone to launch Stadia to play on TV?
I understand if you have kids, you want your kids to have access to your phone through your account. I guess one option I can think of right now is to use an app to lock the Stadia app (so they can't access it freely)?
@Ivan No, only need the phone for setup or to purchase games. After that, just hitting the power button on the controller is sufficient to launch into Stadia, no messing about with phone, unless I wish to look at screen captures.
Similar case for running on Chrome, once you have gone through setup via Stadia app, there is no need to use the phone app when playing via a PC for example. If the kids use my account on their PC's to access Stadia then once again in-game purchases become available to anyone who wants them....
@Mad_Dog_Bravo Understood. Yeah, that's definitely an issue there. I tried to find a way for purchases made through Stadia to require pin, but can't find the setting. I guess this is something we should give feedback to the Stadia team.
thanks, not really the functionality I was expecting, but about as good as it gets for now.
Interestingly the feedback that I get from Google Stadia support is well...lacking to say the least.
I quote: "We don´t have control for any purchases inside the game. It´s best to contact the game publisher for this. We have a refund policy for any purchases in Stadia app. But if the purchases is in the game itself, I am afraid it is beyond our support."
How quickly Google seem to have forgotten their $19million fine from the FTC in 2014 : https://www.ftc.gov/news-events/press-releases/2014/09/google-refund-consumers-least-19-million-sett...
So if your kids accidentally rack up some crazy expenses on your credit card without authorization/permission, Google won't help as it's not their problem.
@Mad_Dog_Bravo Sorry to bring up an old thread, but just curious if you've made any progress in securing your Stadia from unauthorized purchase.
I've been playing around and try to tighten up my security as much as possible and here's what I found
So I think you should be covered as long as you make sure you need authentication through the app. Let me know if you think there are other loopholes.
@Ivan : Try and purchase silver in Destiny 2 via the director within the game itself, it doesn't prompt for card details, and whatever card has been associated with your Google account gets charged with no questions asked. Equally if you have a gift voucher associated to the account then that gets deducted without any ability to prevent the purchase. Having a prompt saying "Click yes to proceed" isn't security IMHO and as I described before the kids click Yes and the damage is done.
As for Stadia app security, that is fine, I'm not really concerned with in-app purchases as they are secure enough, and if they aren't then Google will only have themselves to blame if they get another multi-million dollar penalty as they did the last time they didn't bother with security on in-app purchases and the FTC hit them for $19 million.
It really is the in-game purchases that concerns me, there is no limit on these purchases, and to hit buy Silver in Destiny 2 repeatedly does mean that a kid can spend close to £1000 in a minute depending on how quickly they can click...
@Mad_Dog_Bravo Can you show me a screenshot when you try to make a purchase through Destiny 2? When I tried to purchase silver, it's opening a Google Pay window to pay by credit card, and I'm asked to provide the 3 digit security code. There was no other option to pay. I did this through PC Chrome browser and also through Chromecast on TV.
Furthermore, have you actually experienced this yourself? The only way to pay by gift voucher (I'm assuming you meant Google Play / Pay credits) is through an Android phone, and it will actually ask for your fingerprint/PIN after you click 1-tap-buy if you enabled 'Require Authentication' on Google Play. And yes, this applied to non-credit card payment methods as well (I experienced it last night when trying to purchase a game)
@Ivan : You are quite correct, and I am mistaken. GooglePay is requesting the 3 digit code from the back of my card prior to executing the transaction.
Thanks.
@Mad_Dog_Bravo No worries. I'm just glad we're able to get some clarification. You brought up a really important topic. We've seen so many news about unauthorized purchases racking thousand of dollars, and definitely would not want to see those with Stadia.
This exact issue happened to us this evening. My toddler has no problem turning on Stadia, selecting whichever account he feels like and start playing. A little bit later I have an email from Google Payments thanking me for my purchase. He spent $40 for a Hitman addon.
My accounts are generally set up for fingerprint or text code, so I dunno how he made this purchase. But Stadia says add-ons are not refundable.
I call BS that Google can not prevent the purchases. They are the ones taking my money, the least they can do is extend payment security to every purchase since the money is running through them.
Hello there,
Maybe you should try family sharing?
Create a seperate account for your child will need to ask your approval before buying things.