Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

App Store: Unconfirmed buy after clicking on URL ("silent buy")?

Hi Forum,


Last Friday I bought on my new iPad without my confirmation ("Click on Price or Purchase") 2 applications by simply clicking on a web link which opened the App Store on my new iPad! Yes, you read correct: I did NOT confirm the purchase by clicking on ANY button in the App Store! The App Store page (showing the corresponding App) simply claimed that the application was already Installed - doh! Checking the iPad "workspace" ("Home") afterwards indeed showed the app installed (completely downloaded while I was dazzled in the App Store - record time in downloading!).


Anyone else ever experienced such a thing, a purchase action without you confirming such an action? Mind you, I am not talking about the fact that when you buy one application (and identify using your Apple ID password) that your identity remains valid for another 15 minutes, and the next time you just have to click "Install" (without entering your password again). I am really talking about the fact that you click on some web site URL link which opens the App Store and executes the purchase for you!



Okay, here's the whole story:


First I started FaceTime on my iPad. I had to re-enter my Apple ID password (probably because I hadn't used the app for a long time? But I did use it in the past...), and I called a friend of mine (video chat).


Matter of fact I was now somehow "logged in" with my Apple ID (into FaceTime! At this point I never had identified myself in the App Store on my iPad on that day).


Next I went to a news site on "9 to 5 Mac" which promoted strongly reduced apps ("iOS & Mac App special deals for the 4th of July" - apparently I am not allowed to post this URL here, some Forum moderator already deleted a previous post of mine - but it totally doesn't matter, just assume ANY website which links to the corresponding iTunes pages!).



Interested in the game "Real Racing 2 HD" for iPad I clicked on the link next to "Real Racing 2 HD" (in Safari on iPad) which pointed to click.linksynergy.whatever, followed by lots of parameters (again, I am not allowed to post URLs here, even though they might be part of the problem! But again, the actual URL parameters could be insightful, but in the end the error would be on Apple's side anyway).


What happened next is that in Safari I got a redirect to some page and immediatelly after that the App Store on the iPad was opened (as expected) (in Safari the browser returned back to the "9to5mac" site).


Now what I did not expect was that in the App Store the button which usually shows the price (or the option to Install) was greyed out and it said "Installed"!


Huh, what?! But maybe I had once bought that game already (as a matter of fact I did on the Mac Desktop App Store a long time ago - so maybe a nice gift from Apple or the developers?)



So I clicked on another link to "Battlefield: Bad Company 2" - a game which for sure I never had bought on any device before!


Interestingly this time a message popped up in the App Store saying "Your request could not be satisfied" ("Ihre Anfrage konnte nicht abgeschlossen werden.") - we will come back to that later.


So I manually entered the title of the game ("Categories / Search")... and again it claimed that the game was already installed! And indeed, both games were on my workspace, fully installed - and working!


To make that very clear: I never clicked on any other button in the App Store, from the very beginning it said "Installed"! Nor did I ever (on that day) identify myself with my Apple ID in the App Store (but in FaceTime just before, in case that is related anyway...).



So I went back to my MacBook Pro, checked my email and indeed, about 30 minutes later I had a Purchase Confirmation email from Apple (luckily that 99 cents promotion was apparently still valid: I was charged CHF 1.00 per App). So yes, that implicit BUY action really cost me money.


Now to the even weirder part: remember the "Your request could not be satisfied" message from "Battlefield"? Curious what would happen when I clicked in my MacBook Pro desktop Firefox on above links, I was forwarded to the iTunes Apple website, but in the US Store (not surprisingly), and a popup message appeared telling me it wanted to open the iTunes app. After confirmation with OK iTunes launched and the following message appeared: "Your request could not be satisfied - the requested article is currently not available in the Swiss store. But it is available in the US store. Click on 'Change Store' to view the article."



Original message:


"Ihre Anfrage konnte nicht abgeschlossen werden.


Der von Ihnen angeforderte Artikel ist zur Zeit nicht im schweizerischen Store erhältlich. Er ist jedoch im amerikanischen Store erhältlich. Klicken Sie auf „Store ändern“, um den Artikel ansehen zu können."


(The same message appears with "Real Racer 2 HD" on my MacBook Pro. Both apps actually are in the Swiss App Store as well, also for the reduced price of CHF 1.00. However on my iPad I just remember getting the "Your request could not be satisfied" for "Battlefield").



So both links from the original website (9to5mac) pointed to the iTunes US store, on my iPad only in one case did I get a "Your request could not be completed" message, but in any case both apps were installed without me acknowledging the purchase (by clicking on "Install").




Maybe I did click on "Install" after all? Maybe one time that can happen - but not twice, especially if you pay close attention on whether you do so or not! Maybe I purchased those applications anytime before (with proper confirmation on my side)? But that must have happened between July 3rd (the day the 9to5 article appeared) and yesterday, July 6th. Because as I said, I am totally sure that I never bought Battlefield ever before! And the previous 2 days I was not at home anyway (and I did not have my iPad with me).


But to make really sure whether it is possible that these applications - 444 MB for Real Racer and 265 MB for Bad Company, total 709 MB, not exactly tiny downloads - were downloaded yesterday I checked my home router statistics (*), and indeed: on that Friday the download was 756 MB! That pretty much exactly matches with the iPhoto Stream downloads/synchronisation I did as well!


And mind you: usually when you click on "Install" you get pushed back onto the "Home" screen of the iPad and you see the icon appearing, together with the download progress bar. That definitively did not happen when the App Store was opened on my iPad, after clicking in Safari onto those two links! The apps were fully installed (and the icons next to each other, indicating that they were downloaded indeed after each one) when I checked (so yes, congratulations to the Apple App Store - download speed must have been amazingly fast!).



So here are a few more key facts:


* I bought the new iPad in the US (in case that matters)

* All involved software updated to the latest (non-beta) software: iOS 5.1.1 (Lion 10.7.4)

* Since last week I have a Voucher amount of 50 CHF for my iTunes/App Store account (for the first time ever) - so that voucher amount got charged. Maybe that is related to the problem?

* I have exactly ONE Apple ID for everything (iCloud, Desktop App Store, iOS App Store, FaceTime, ...) - I never had any other Apple ID



Oh and mentioning iCloud (which might be related). I am not sure whether it was before, during or after those two purchases, but I played around with iPhoto on my MacBook Pro and created a new iCloud Email acount (and also enabled "Mail & Notes" iCloud service in the System Settings during that action). So not sure whether this could have had an influence on that "implicit purchase action" as well...



So what did I do? I called Apple Support here in Switzerland, told them about this issue and they told me the "15 minutes and your identifictation remains valid" thing (which I already knew). My objection that even when I am authenticated in the App Store a click on a random website (leading to the iTunes website and opening the App Store) should never do a purchase without me confirming was acknowledged by the support, but I don't expect them to do a follow-up on that (they noted down the URL I gave them and that was it).


Anyway, I did not insist on reverting those purchases, as I would have bought them anyway - but it gives me a very shallow feeling that when clicking on some link it might actually produce a valid purchase action, even if you haven't actually authenticated in the App Store (but possibly with some other Apple service such as FaceTime)!



Anyone else experienced a similar situation?


Best regards, Oliver


(*) Even though we are talking about games here you may safely assume that I am pretty proficient with any OS/computer and even know the difference between "authentification" and "authorisation" when it comes to IT security 😉

iPad (3rd gen) Wi-Fi, iOS 5.1.1

Posted on Jul 8, 2012 4:53 AM

Reply
2 replies

Jul 16, 2012 2:18 PM in response to lytic

Hi,


unfortunatelly it seems that one isn't allowed to post 3rd party URLs (even though I am totally not connected with that site in question!) - I already had my previous post removed after just one hour.


But you'll find the page in question when you search for


"iOS Mac App special deals for the 4th of July" 9to5mac dot com


(replace the " dot " by a "." - use the quotes " in the query). It should be the first Google hit...



Again, I don't think this is the fault of those site (respective the site you get redirected to, which will finally point you to the iTunes website...). If at all then it was a security hole in iTunes Store itself which allowed the external site (probably even without purpose) to trigger a "silent buy"! It was also at the time when Apple apparently struggled in the App Store with certain App downloads being faulty, so it is well possible that this was just a "temporary glitch".


Mind you, the above links will redirect you to the US store, and since I am based in Switzerland (and my iTunes account is registered for the Swiss Store), I should not even have been able to manually trigger the purchase there in the US Store. For instance when I click on those same links in my desktop browser the iTunes Store application opens and i am told that "these offers (offered in USD) are not available in the Swiss store and I have to switch the Store from the Swiss -> US Store - but then off course I would not be able to purchase (which is correct), since I do not have an US iTunes account.



However the same offers are (were) available in the Swiss App Store as well for the equivalent reduced price in CHF - so even though I got an "unavailable" message on my iPad for the second application it was still downloaded - without further ado! The Apple receipt was then in the correct amount and currency (the same amount as in the Swiss Store). So again, even though I should not have been able to download these two apps iTunes somehow manages (behind my back!) to download the corresponding offer from the Swiss store, without me pushing any button (I am not even sure whether you can actually "change Stores" in the iPad version of the App Store, as in the desktop iTunes app...)

App Store: Unconfirmed buy after clicking on URL ("silent buy")?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.