A bug that lets users circumvent Apple's Screen Time parental controls, and corporate web blacklists, was discovered in 2020, but Apple has refused to fix it — until now.
This is not the same Screen Time bug that meant children could use their iPhone or iPad for longer than their parents set. Apple acknowledged that problem in 2023, and it's mostly been fixed.
What definitely has not been fixed — but reportedly will be in the next update to iOS — is a way to circumvent restrictions on what websites children can access through Safari. According to The Wall Street Journal, researchers spotted in 2020 that it was possible to prefix the address of a blocked site with a certain sequence of characters, and gain access.
That sequence of characters has not been revealed. The original researchers say the same sequence also defeats corporate web blacklisting on phones, plus device management apps on computers.
Vienna-based security researcher Andreas Jagersberger and colleague Ro Achterberg, tested their discovery and then reported it to Apple's security team in March 2021. Apple reportedly claimed that it wasn't a security issue per se, and asked them to file a general report via the company's feedback tool.
That feedback was ignored, so in August 2021, the two again reported it as a security issue. This time Apple specifically stated that "we do not see any actual security implications."
"They rejected without knowing implications or severity or anything," said Achterberg, "which is frustrating to us."
Overall, the two spent three years filing reports with Apple, and at one point including a suggested fix. After failing to get Apple to respond, they contacted Joanna Stern of the Wall Street Journal.
She confirmed the bug, contacted Apple, and received a more promising response.
"[Apple is] aware of an issue with an underlying web technology protocol for developers, which allows for a user to bypass web content restrictions," said a spokesperson for the company. "[A] fix has been planned for the next software update."
A separate Apple spokesperson repeated the earlier claim that this does not constitute a security vulnerability, but rather was a software issue. The distinction is important to Apple — only people discovering security vulnerabilities are eligible for a reward from Apple's controversial bounty program.
Not Screen Time's only failing
Alongside this bug, Stern took the opportunity to ask Apple about multiple other issues she's found with Screen Time. They include how she may or may not get the request to approve more YouTube time for her son, and she may or may not be asked to approve an app download.
Apple says that problems regarding usage tracking and app limits were addressed over the last several software updates, and in particular iOS 17.5.
"We take reports of issues regarding Screen Time very seriously and have been consistently making improvements to ensure users have the best experience," said the Apple spokeswoman. "Our work is not done and we will continue to make updates in upcoming software releases."
Apple is expected to announce iOS 18 at WWDC on June 10, 2024.
5 Comments
It's a very simple appending, and when I asked my grandson if he was aware of it, he answered, "Everyone knows; it's not new."
Huh.
Any updates and improvements are welcome!
I use Screen Time to manage devices for our 4 kids and it's HORRIBLE. App limits constantly disappear. Apps are locked when they shouldn't be. Apps added to the "Always Allowed" disappear constantly. "Block at Downtime" turns itself off multiple times per week. It is non-stop frustration. Add in a couple of Apple Watches and laptops and it only gets worse.
How about making it so those of us who think 'screen time' is silly and do not want it on our devices can delete the entire app.
I have 2 kids and I have been dealing with this bug for a few years now. My kids hate me every time "App Limits" reset back to the restricted list I once set when my kids we little and I limited their screen time severely. Apple apps and devices have had many bugs in the past and most of them are fixed quite quickly. Except this one. This just proves that Apple can care less about families with kids. Mr. Cook, do you know how this feels? Your kids barking at you several times a day every time YOUR APPLICATION resets due to a your bug? Do you really want people to stop using Apple devices so that they can manage their kid's screen time? By the way, Google Family Link works great. It always has. Do you not care because Family Screen Time does not generate any money for you?