A few of you have seen my video on Family Sharing I made, that exposes an issue with family share billing. It works as expected using a PC like platform, but on Android as you are aware has its own p...
See more...
A few of you have seen my video on Family Sharing I made, that exposes an issue with family share billing. It works as expected using a PC like platform, but on Android as you are aware has its own permission system and this is where a exploit can take place. This can be rather hard to explain perfectly but I'll try my best ----------------------------------------------------------------------------------------------------------------------------------------- How purchase approvals work across devices Stadia purchases can be made from a variety of devices: On non-Android devices: you'll be asked to approve purchases On the Stadia app on Android: your purchase approval settings on Google Play will apply ----------------------------------------------------------------------------------------------------------------------------------------- The problem is that, on Android purchases, you setup thru https://play.google.com/store/account There you can setup rules for who in the family can purchase. Most will want to use this for their kids to authorize the purchase and the family controller gets an notification to authorize the purchase as they don't want their credit cards tied into their kids accounts directly. Pretty much the whole point of the family billing system. But there is an issue on the Google Play end, that can be a bit of an exploit or at least a problem down the road. If the family members account, which is another google account, has their profile birthdate making them 18 years of age, then no authorization takes place and your card can be charged without authorization, as if they truly had all your card info etc on their account. 1. The first problem, is people who are on perhaps PC might never be aware of this issue when setting up their payment. For me, I tested if my family members could charge my card, and it asked via email, but that was done through a PC, however thru a phone or tablet, (android of course) They could buy the game without requiring any permission. To further complicate this issue, if the family member is 18, in the settings to make purchases AUTHORIZED, is greyed out... You can not block a purchase if they are 18 on there google profile. Here is the approval setup that you will see when a family members birthdate is set to where he is 18 years or older... As you can see, the ability to require purchase approval is "greyed out" unsettable. They will be able to charge your card without your permission. And here is when they are young, under 18 years of age, you can set so you get the request to authorize the purchase. So, there is absolutely no way whatsoever to protect your card, exposing an issue down the road. Let me explain a few scenarios. First of all, you have to understand that you can change your age in your Google profile. So anyone can make any account 18+ pretty easily. This is the exploit part of the problem. If your child changes his age, or even becomes of age by time passed, you unknowingly now have accounts out there that can charge your card. 1. Kids making purchases are probably not going to happen, but do you want the issue to arise? I would not want to deal with this myself. 2. A more likely scenario, accidental clicks. Zooming around, click, missclick, oh crap... Do you want to deal with this problem? 2. Kids account gets hacked. It's a kid, so anyone tries to make a purchase just comes to you to authorize. No harm, but all hacker has to do is change birthdate. Now person gets into google play store and racks up a bunch of charges. You might say, I'm not responsible for these charges, but do you really want to deal with this problem? If you ask me, It just makes no sense why this is greyed out in the first place?!?!? I think it needs to be addressed is why I am bringing it to your attention... Finally, If you are the master account holder with the credit cards. I have a suggestion. 1. Get a Major Brand Gift Card of like $25 dollars. Set it up as your primary Google payment card. You most likely are going to be aware of when it will be charged. Simply change primary to your main card when making purchase and if anything bad does happen, they can only use the mere $25 or whatever on the gift card. Unfortunately you can't set Google Play credit to primary payment for subscriptions etc. A credit card will be needed for this. Hopefully we can get this bundled up so we all feel safe. Happy family gaming all!