Screen time API can be disabled easily

We have developed a Parental/Self control app using Screen time API. We have used individual authentication to authorize the app, using the instructions here: https://developer.apple.com/documentation/familycontrols/authorizationcenter

The problem is , that individual auth can be disabled easily , by the following steps:

  • enter Settings app.
  • in Settings app, click on the Parental/Self control app.
  • click to disable screen time restriction.
  • show the device owner's face/fingerprint. (or pin code)

Why is that a problem:

Parental control apps, or self-control apps, are about giving control to the software, To make it hard for the user to disable the restrictions.

So using the flow I have introduced above, it's super-easy for a user to disable his Parental control restrictions, which misses the entire point of Parental/Self control idea.

Furthermore, not only the user have the means to unlock his screen time restrictions, he also MUST have the means to unlock it.

This makes Screen time (with individual auth) useless: I have a code ready to make a great parental control app for my clients, with amazing ideas, but I can't use the Screen time API unless this problem is fixed.

Why child-parent auth is not enough: My clients are grownups people between ages of 15-40, that are interested in self-control, so they don't have iCloud child accounts.

also, the child-parent auth solution forces my clients to give some control to other person, and my clients prefer their privacy. Some of them prefer self-control and not parental-control.

What I suggest as a solution:

1: Give more options to users how to disable the Screen time restrictions. including:

  • a second faceID / FingerPrint (that isn't the same as the one used to unlock the device)
  • a second pin password.
  • a string password

2: Give the users the option to choose to not have the device's owner Face/Finger/Pincode ID , as a method to disable the Screen time restrictions.

Post not yet marked as solved Up vote post of odd1add1 Down vote post of odd1add1
2.8k views
Posted by
odd1add1
Reply

  • Completely agree. This flaw has made the Freedom app pointless. If Apple were serious about addressing addiction issues, it would address this flaw.

    dtb69
Add a Comment

Replies

+1!

This is also huge issue with an app we are working on. We have restrictions in-app to prevent users from disabling shielding of apps (per their requests) but we cannot stop them going to Settings and just turning off the toggle for permissions which immediately disables all restrictions.

Posted by
nemecek_f
Post not yet marked as solved Up vote reply of nemecek_f Down vote reply of nemecek_f

  • Yeah, it's a major design flaw in Screen time API. which renders it useless to any user above age 13.

    odd1add1
Add a Comment

Well explained. I've been hoping Apple will resolve this for a while.

Currently a third party Screen Time restriction's app can be easily bypassed using the device Face ID in Settings. This means you can't impose restrictions on the user like you can with Apple's built in Screen Time functionality, where you can lock the restrictions behind a separate 'Screen Time Passcode'.

As you say, it would work well if you could set a different password (preferably supporting longer than 4 digit PINs or string passwords) that prevents you disabling the app's Screen Time access. And don't allow them to use the device Face ID to disable it. This password could be the existing Screen Time Passcode for consistency across the Screen Time settings.

Posted by
alexday
Post not yet marked as solved Up vote reply of alexday Down vote reply of alexday

  • What I find most strange in Apple is the contradiction in their behavior:

    on the one hand, they have a second password for Screen time - Which is good for self control. on the other hand, they don't have a second password for Screen time API - Which is bad for self control.

    on the one hand, they have individual Authentication - Which is good for self control. on the other hand, the individual Authentication can be removed in 10 seconds - Which is bad for self control.

    I don't get it.

    odd1add1
Add a Comment

I just discovered this issue with Freedom app. :/ I can simply toggle off the access to screen restrictions. They need to put that toggle behind the restrictions passcode.

Posted by
Eric44
Post not yet marked as solved Up vote reply of Eric44 Down vote reply of Eric44

  • I hope Freedom app developers try to talk to Apple about it.

    odd1add1
Add a Comment

+1 Similar thread here for .individual authorization:

Posted by
kgaidis
Post not yet marked as solved Up vote reply of kgaidis Down vote reply of kgaidis

  • Thanks for letting me know !

    odd1add1
Add a Comment

Hello, Unfortunately, with the new iOS 17 this problem is stil persistent.

Posted by
sadasdasrewrew
Up vote reply of sadasdasrewrew Down vote reply of sadasdasrewrew
Add a Comment