Changing Screen Time Passcode does not protect apps with Screen Time enabled

Hello, The purpose of "Screen Time Passcode" under Settings/Screen Time is to protect Screen Time preferences and it is asked every time the user updates Downtime, App Limits, Content & Privacy Restrictions and so on.

But the private passcode is not requested if the user disables Screen Time for a particular app (only Face ID or phone passcode is requested, but not the private Screen Time passcode).

I think this is a mistake, I think the purpose of a private Screen Time passcode is to protect all settings, including apps that use this API, right? Is there any solution to this?

Thank you.

Post not yet marked as solved Up vote post of sadasdasrewrew Down vote post of sadasdasrewrew
2.2k views
Posted by
sadasdasrewrew
Reply
Add a Comment

Replies

I have the exact same question. The correct passcode to ask for when authorizing an app to manage the Screen Time settings should be the Screen Time passcode, not the device passcode or Face ID.

The reason is pretty simple. If you want to use Screen Time for your own device, you need a way to lock the Screen Time settings with a passcode that you don't have memorized. You can write it down, or give it to a friend, so you yourself won't easily be able to change the Screen Time settings (for example, when a time limit is used up).

The same goes for locking an app that manages Screen Time settings for you using the new requestAuthorization(for: .individual) API. There ought to be a passcode, separate from the device passcode or Face ID, for locking in one of these apps that uses the new API. It would make the most sense for that to simply be the Screen Time passcode.

Posted by
djbutler
Post not yet marked as solved Up vote reply of djbutler Down vote reply of djbutler
Add a Comment

Hi all,

I agree this seems like an oversight. Whoever is the user of the device will have access to the device passcode / face ID. Therefore, being able to turn off the app's Screen Time Access will be possible to whoever is using the device, rendering the restrictions useless. Therefore, I agree it should be the screen time passcode that is used to allow apps to manage restrictions or to remove those restrictions.

Have there been any updates on this issue? It's a shame because it means the new individual authorisation functionality with the Screen Time API is fundamentally flawed.

Thanks!

Posted by
alexanderdeveloper
Post not yet marked as solved Up vote reply of alexanderdeveloper Down vote reply of alexanderdeveloper

  • I think if disable screen time can require iCloud password would be great.

    iret
Add a Comment

+1 please create the ability to to restrict the user from disabling Screen Time access (ex. via ManagedSettings)

Posted by
kgaidis
Up vote reply of kgaidis Down vote reply of kgaidis
Add a Comment

Hello, Unfortunately, with the new iOS 17 this problem is stil persistent.

Posted by
sadasdasrewrew
Up vote reply of sadasdasrewrew Down vote reply of sadasdasrewrew
Add a Comment