Dear Apple Support,
I am reporting a critical issue affecting parental control apps like my app, Choreio, which is live on the App Store.
When Screen Time settings are configured to require a parent’s password for changes, parents must log in on their child’s device to make any adjustments. This restriction is expected to extend to apps using the Screen Time API, such as Choreio.
However, I’ve discovered a significant bug: children can bypass this restriction by simply toggling off Choreio in the Screen Time settings—without needing the parent’s password. This effectively disables the app and defeats its purpose as a parental control tool.
Please address this issue as soon as possible to ensure the intended functionality of parental controls. Let me know if you need any additional information to assist with resolving this.
Thank you for your attention to this matter.
Best regards, Jeff Houston
STEPS TO REPRODUCE Here are the steps to reproduce the issue clearly:
- Install Choreio from the App Store on the child’s phone.
- Enable parental controls in Screen Time and set it to require the parent’s password for any changes to Screen Time settings.
- Go to the Screen Time settings on the child’s phone.
- Observe that the child can simply toggle off Choreio, effectively deactivating the app, without needing the parent’s password.
Expected behavior: Toggling off Choreio should require the parent’s password, just like it does for other Screen Time settings.
Let me know if additional details are needed!
