PAY-4 · Mobile Threat Catalogue

Mobile Threat Catalogue

Accidental purchase of in-app content

Contribute

Threat Category: In-app Purchases

ID: PAY-4

Threat Description:

Threat Origin

Not Applicable, See Exploit or CVE Examples

Exploit Examples

Not Applicable

CVE Examples

Not Applicable

Possible Countermeasures

Enterprise

If the use of enterprise apps that support in-app purchases is authorized, consider the use of EMM/MDM solutions that offer policy settings to require user authentication for each access to the native app store.

Mobile Device User

Configure settings for native app store purchases on the device so that each purchase requires successful authentication. Alternatively, only enable the bypassing of authentication for purchases during a limited period following a successful authentication to the app store (e.g. within 15 minutes).

References

Privacy Policy | Security Notice | Accessibility Statement | Disclaimer | Send Feedback
Each organization is unique in its risk posture and cybersecurity needs. Mobile device users should consult with their organization’s security team before implementing mitigations or resolutions outlined on this website to avoid potential conflicts with their organization's processes or environments.