Severe security risks with family share, app and in-app purchases

In particular when children (but actually in the end all users) purchase on purpose or accidentally an app or in-app goods by default the organizer (and of cause the purchaser) must always be actively asked for authorization, but this is NOT the case! The active request for app downloads is by default off in family share and will stay off if it is not activated (each time) by the organizer. However, a purchase request must always stay active at least after a short lag time by default! Not the case! Furthermore, in-app purchases can slip through once an app has been downloaded. This lack of security can result in substantial financial damages where the iTunes-Store does not help at all (I actually suffer from that and witness the clear no help from iTunes Store for purchases my son did of which not even he was made aware of)! While for logins and regular online purchases 2-way authentication and active purchase confirmation is standard, regarding payments for apps and in-apps for Apple these fundamental security measurements are missing. Good for the iTunes-Store revenues bad for the users.