What do in-app purchases mean, and how secure are they?

In-app purchases, or IAPs, prompt users to pay extra for subscriptions, premium features or game add-ons. They're a standard feature on apps available through both the Apple App Store and Google Play.

But while these IAPs are convenient and easy for making purchases, they can also pose a security threat if you lose or misplace your phone, or if someone is able to hack into your account remotely. Here's a closer look at how IAPs work and what you can do to keep your information secure if you choose to use them.

What does in-app purchase mean?

There are several categories of IAPs. For example, a retailer app like Amazon or Target is free to download and will let you order and purchase items directly through the app. Then you can have the items delivered or pick them up in the store.

There are also apps that offer subscriptions or encourage you to unlock premium services or content. For example, Pandora and Spotify are both free to download, but to get rid of advertising, you have to upgrade and pay a fee. Publication apps like The New York Times or The Wall Street Journal offer basic features for free, but expanded or additional articles and features require a subscription. In the case of some meditation or exercise apps, they might be free to download and offer a trial period before requiring the user to pay for continued access.

Finally, games like Fortnite, Pokemon Go or Candy Crush are free to download but encourage players to buy extra lives, unlock new levels or even finish a game for a small fee. These spur-of-the-moment purchases can be an especially costly surprise for parents who allow their children to play games on their phones or tablets. Some of these IAPs can cost anywhere from $0.99 to $75.

Are in-app purchases safe?

When any user creates an account with the App Store or Google Play, they must provide a credit card or debit card number. If a user downloads a fee-based app or makes a purchase through any app—whether fee-based or free—it automatically charges their card. Users don't need to enter their credit card information or even a password.

While these extra purchases are technically optional, they often go straight onto your credit or debit card without any additional steps or a text alert. If you press purchase while on an unsecure Wi-Fi network, you could be unknowingly making your information easier for hackers to access.

In addition, companies that create the apps you use often store your credit card information on their servers when you make IAPs. This could be worrying if you're using an app from a company you don't know much about and whose security protocols you aren't confident in. Your personal data can be breached.

Know before you download

Fortunately, both the App Store and Google Play clearly state if an app has IAPs and what those are, so you know before you download them. Here are some other steps you can take to help make IAP transactions more secure.

• Only download apps from sources you trust and know, and read the app reviews to see if there have been any security complaints or issues.
• Keep in mind that IAPs automatically go on the card you provided, and getting a refund can be difficult, if not impossible.
• Limit your IAP transactions to locations where you know you have a secure network, such as at home.
• Don't buy an app purchase on public or shared networks like at the library or a coffee shop.
• Select the option to always require your password to make new purchases.
• If you are still worried, you can turn off in-app purchases through your phone's settings controls.

IAPs aren't necessarily a bad thing, but they can pose a security threat. Luckily, the same technology that makes our lives easier can also make us more secure.