A mother from New York recently filed a lawsuit against Google (News - Alert) after her child racked up $66 in charges while playing Marvel Run Jump Smash (RJS). The case brings to the forefront the practices of app developers as it relates to collecting fees and providing consumer protections.

RJS is an action game developed by Marvel Games and uses superhero characters created by Marvel Comics, such as Spider-Man, Captain America, Iron Man, Hulk and Super Spy Black Widow. The Walt Disney (News - Alert) Company is the parent company of all the various Marvel entertainment companies.

As a player, you assemble a team of superheroes and navigate through environments with obstacles and super-villains. The challenge is how to best use the skills of each superhero to deal with a given situation. The app, which runs on Android (News - Alert) or iOS devices, is free, but it entices users to make in-app purchases to meet the game’s challenges.

That’s where the trouble starts. Although users must go through the usual authorization procedures to make initial purchases, this and other similar apps have a 30 minute grace period that allows subsequent purchases without re-authorization.

According to the suit, which was filed in San Francisco federal court, this allows, “Google to pocket millions of dollars from such Game Currency transactions with minors and without authorization of their parents, whose credit cards or PayPal (News - Alert) accounts are automatically charged for the purchases.”

It is possible to remove the 30-minute grace period by changing a setting in Google Play Store to “use password to restrict purchases.” This would have prevented the plaintiff’s child from being able to make additional in-app purchases after the initial purchase had been made.

Legal precedents suggest that the mother is likely to win her case. Apple (News - Alert) lost a similar case involving in-app purchases last year, paying $5 million in a settlement and $32.5 million in refunds.

Ultimately both sides have to show more responsibility to avoid this problem. Parents should pay closer attention to what their children do while online, including anything involving a financial transaction. They should never trust an app developer to protect their financial interests and make sure that app settings will protect against surprise charges.

From the developers’ side, the current practice won’t fly. The default setting should be to have authorization grace periods turned off; users should not have to opt out to protect themselves. Many users are not technically savvy and forcing the onus on them to change apps to have the most benign settings is unethical.