Apple this week rolled out new parental control features as part of iOS 13.3, but one of the most touted, Communication Limits, is easily defeated thanks to what appears to be a bug related to iCloud syncing.
The feature is two-pronged and blocks incoming and outgoing communications from anyone not in an iPhone's Contacts list, while restricting users — kids — from adding contacts without first entering a security PIN. When enabled, Communication Limits prevents children from talking to non-vetted contacts.
A bug, however, renders those protections largely useless.
To demonstrate the flaw, CNBC tapped on an incoming text from an unknown number. As designed, a full-screen "Restricted Contact" pane appeared, but the page was easily bypassed by tapping on an "Add Contact" option. Adding the new contact to iPhone's Contacts list enabled unfettered access to the number.
CNBC found the above methods do not work when Downtime is enabled.
Apple in a statement said it is working on a fix, but failed to offer a timeline for release. In the meantime, parents can avoid the bug by changing an iPhone's default contacts syncing service to iCloud.