technology lawyer

Legal risks in the in-app purchase model

HomePrivate: BlogTechnology lawInternet lawLegal risks in the in-app purchase model

by

reviewed by

Malcolm Burrows

In the post smart phone environment, software developers and publishers are increasingly providing end users (Users) with the opportunity to make micro-transactions (In-App Purchases) within their software (App). Under this business model, the publisher or developer offers their App, or at least a limited version of it, to consumers at no upfront cost. Users then may have the opportunity to make In-App Purchases using real world currency, such as:

  • a one off fee to access an advertisement free version of the App;
  • access to additional content within the App;
  • a digital currency for use within the App; or
  • consumable items such as extra lives or turns in games.

The In-App Purchase model has proven successful for many publishers, but as with all business models, it comes with its fair share of legal risk.

Contractual obligations

To distribute any App on the iStore or Google Play platforms there are certain terms that developers must include in the end user licence agreement (EULA).

Requirements for distribution on the iStore

Interestingly, the Apple “Minimum Terms of Developer’s End-User License Agreement” do not contain any specific requirements relating to In App Purchases.

However, the “App Store Review Guidelines” state that any App will be rejected from distribution on the iStore if it promotes In-App Purchases:

  • that unlock or enable additional features or functionality with mechanisms other than the iStore;
  • that utilise a system other than the In-App Purchase API to make In-App Purchases;
  • for physical goods or services used outside of the App; or
  • for goods or services to be used in a different App to that within which the In-App Purchase is made,

More information about the additional EULA requirements for distribution on the iStore is available in the following article:

Requirements for distribution on Google Play

The Google Play “Developer Distribution Agreement” requires that Google is authorised to refund all In-App Purchases within forty eight (48) hours of purchase.

Further restrictions are imposed under the “Google Play Developer Programme Policies”, under which all In-App Purchases, subject to certain exemptions, must be made using the Google Play In-App Billing method.

Legal risks inherent in In-App Purchases

Just like any other consumer goods sold within Australia, Apps and In-App Purchases are governed by the Australian Consumer Law.

A major risk for Apps with In-App Purchases is users, particularly children, making In-App Purchases accidentally, or without the knowledge that they are making an In-App Purchase for real world money.

Other risks relate to the:

  • capacity to bind persons who make In-App Purchases;
  • real world value, or lack thereof, of In-App Purchases;
  • nature of the In-App Purchase, that is whether or not there is a proprietary right of ownership, or merely a licence to use;
  • availability of refunds for In-App Purchases; and
  • effects that termination of the users licence to use the App, or their account (if any) has on their In-App Purchases.

Minimising legal risks

Apart from making it very clear when a user is about to make an In-App Purchase using real world currency, the best way to limit the exposure to the risks inherent in In-App Purchases is to adopt a bespoke end user licence agreement (EULA) and that reflects the practices adopted in the App.

A bespoke end user licence agreement will provide App developers and publishers with the best protection against both the risks relating to In-App Purchases:

  • of a general nature identified above; and
  • that are specific to the particular App.

Developers or publishers who are considering implementing In-App Purchases should consult with a qualified lawyer. Consultation with a professional will assist developers to formulate a EULA which is compliant with the requirements of the intended distribution platforms and the Australian Consumer Law.  Mitigating the risk that developers are exposed to in publishing their App could mean the difference between failure and a commercial success.

Links and further references

Legislation

Competition and Consumer Act 2010 (Cth) (Schedule 2 – The Australian Consumer Law)

Further information about technology law

If you require further information concerning your App or implementing In-App Purchases, contact us for a confidential and obligation-free discussion:

Disclaimer

This article contains general commentary only. You should not rely on the commentary as legal advice. Specific legal advice should be obtained to ascertain how the law applies to your particular circumstances.


Related insights about technology law

  • Online Safety – is your online business a DIS or a RES?

    Online Safety – is your online business a DIS or a RES?

    Whether your online business has to comply with the obligations contained in the Online Safety Act 2021 (Cth) (OSA), and related standards and industry codes will largely depend on how your business is classified because of the functionality it provides to end users in Australia.

    Read more …

  • Federal Government releases report into age verification trials

    Federal Government releases report into age verification trials

    On 31 August 2025, the Australian Government published the Final Report (Report) on the Age Assurance Technology Trial (Trial).  Conducted by the independent Age Check Certification Scheme (ACCS), the Trial offers insights into the technical feasibility, privacy implications, and operational deployment capabilities of various age assurance technologies.  While the Report explicitly states it is neutral…

    Read more …

  • Australians soon facing age checks when viewing adult websites

    Australians soon facing age checks when viewing adult websites

    On 9 September 2025, the eSafety Commissioner, Mrs Julie Inman Grant (Commissioner), registered six (6) new codes (New Codes) under the Online Safety Act 2021(Cth) (Online Safety Act) aimed at protecting children from the “clear and present” dangers of harmful AI chatbots and other online adult content.  On 9 March 2026, these New Codes will…

    Read more …

  • Explaining Australia’s Media Bargaining Code

    Explaining Australia’s Media Bargaining Code

    The News Media Bargaining Code (NMBC) is quickly moving through Parliament and looks likely to become law. It requires digital platforms, such as Facebook and Google, to negotiate remuneration with News Companies for providing their media services. Non-compliance could result in hefty civil penalties.

    Read more …

  • Marketplace terms and conditions – legal issues

    Marketplace terms and conditions – legal issues

    This article explores essential terms and considerations for building marketplace terms and conditions, including establishing the position of the platform operator, user accounts, payment options, intellectual property, disclaimers, liability, indemnities, and the Australian Consumer Law.

    Read more …

  • New safety standards proposed for online platforms

    New safety standards proposed for online platforms

    The Australian Government has proposed an Online Safety Act that could significantly change the way businesses manage user-generated content online. Find out how this proposed Act could affect your business and how you can prepare for it.

    Read more …

  • Abhorrent violent content prohibited

    Abhorrent violent content prohibited

    Organizations hosting abhorrent violent material, such as terrorism, murder, torture, rape and kidnapping, now face hefty fines under the Criminal Code Amendment Act 2019 (Cth), up to 50,000 penalty units or 10% of annual turnover.

    Read more …

  • EU General Data Protection Regulations (GDPR) – How to comply

    EU General Data Protection Regulations (GDPR) – How to comply

    The General Data Protection Regulation (GDPR) applies to Australian entities processing personal data of European Union (EU) citizens/residents. It outlines principles, notification obligations, penalties for non-compliance, and requirements for cross-border data transfers.

    Read more …

  • Legal challenges arising from data loss

    Legal challenges arising from data loss

    Organisations must protect confidential data from external and internal threats. Learn steps to secure data, potential data breach implications, and how a data breach notification bill may require affected entities to notify consumers.

    Read more …

Send this to a friend