Hmmmmmm decisions decisions decisions. I look at it this way, both are wrong and at fault.
If a corporation forces you to have a CC on file at all times and then allows a 30 minute window of massive funds spending, then they own some responsibility in all of this. Companies want income this is an easy way of doing it, and by placing the info in the EULA as a default action is just a "F U" consumer, we'll do what we want because we've got you addicted to our product. A CYA would be a user setting that is either device wide or insist on the App developers to add a Selectable Option: Must Use Password for every purchase? If yes, then the password must be entered for every freaking purchase, otherwise default to system settings of 30 minute window.
WTF parents. How the hell can you blame a kid for their continuous purchases. Every parent knows that if a kid wants something they will get it. If you give a child a cookie, they always want more, and if you don't hide the cookies and the child knows how to get to them, the child will get them and consume them until they puke and will still continue eating them. How the heck is a cool application that allows you to make a purchase which enhances the game any different. Why is it the big corporations fault for you handing over your phone with either the password already entered for a purchase or telling your kid what the password is? You refuse to engage with your kids, but rather prefer to entertain them with devices that are TIED TO YOUR CREDIT CARD. Quit your bitching, take responsibility for your children's actions, and Parent Your F'ing Kids,