Mobile Threat Catalogue

Accidental In-App Purchase


Threat Category: In-app Purchases


Threat Description: Many apps offer in-app purchases. Depending on a user’s purchase settings, some of these purchases can be executed with one or two clicks, making accidental purchases probable.

Threat Origin

Not Applicable, See Exploit or CVE Examples

Exploit Examples

Not Applicable

CVE Examples

Not Applicable

Possible Countermeasures


If the use of enterprise apps that support in-app purchases is authorized, consider the use of EMM/MDM solutions that offer policy settings to require user authentication for each access to the native app store.

Mobile Device User

Configure settings for native app store purchases on the device so that each purchase requires successful authentication. Alternatively, only enable the bypassing of authentication for purchases during a limited period following a successful authentication to the app store (e.g. within 15 minutes).