Apple Promises to Fix Long-Ignored Parental Control Bug After Media Spotlight

[MacRumors]

Apple will finally address a Safari restriction workaround that has been around for years after the bug was highlighted by The Wall Street Journal's Joanna Stern. Kids who are restricted from viewing certain websites with the Screen Time feature are able to paste a string of characters in the address bar in Safari in order to get around parental controls.

In a report on Screen Time, Stern says that she was able to use a string of characters on her son's iPad, bypassing the restrictions that prevent access to websites with pornography, violent images, and more. She was able to get around Screen Time on devices running iOS and iPadOS 15, 16, and 17, as well as macOS Sonoma.

In a statement to Stern, Apple said that it is aware of an "issue with an underlying web technology protocol for developers, which allows a user to bypass web content restrictions." A fix is planned for "the next software update."

Security researchers that spoke to Stern said the bug was first reported to Apple in March of 2021, after it was found that inputting a string of characters would get around website restrictions implemented by parents and web blacklists on company devices. The hack worked to bypass restrictions on iPhones, iPads, and Macs.

Apple told the researchers that it was not a security issue, and instead directed them to submit a report using the Feedback tool. After the report was submitted, there was no word back from Apple. Attempting to resubmit the bug to Apple was met with no response.

Apple ignored the issue for three years until Stern was contacted and publicized the problem. It appears that the workaround was not well-known or widely exploited, as the two security researchers that discovered it never shared it.

In addition to promising a fix, Apple said that it is committed to improving the process that's used to receive and escalate bug reports.

Stern's report highlights several other bugs with Screen Time, including issues with app limits, Screen Time usage charts, notifications for more time, and Ask to Buy. Apple improved Screen Time with iOS 17.5, implementing fixes for app and device usage tracking, app limits, and time requests, but the company says there will be additional updates in upcoming software releases.

Article Link: Apple Promises to Fix Long-Ignored Parental Control Bug After Media Spotlight

 

[dk001]

This or something like it has made it’s way around my granddaughters high school as of a couple years back.
If there is a way around restrictions, kids now-a days pretty much have it.

 

[JPack]

I've always wondered how much dev resources Apple puts into Screen Time. There's clearly a conflict of interest. On one hand, Apple wants to tick the box and appease the media. But do they really care when more screen time means higher revenue?

 

[GtrDude]

Unfortunately that's what it takes for them to be even remotely interested.
Just a few hundred people complaining means nothing.
Same company that is constantly repeating how they listen to their users.

 

[yustas]

What is over/under on Apple breaking other things with this fix?

 

[TracesOfArsenic]

This had better not take away time from emoji development.

 

[tennisproha]

Screen Time has a ton more bugs that I've reported repeatedly for years. Every single one has yet to be fixed.

 

[Idgit]

Security researchers that spoke to Stern said the bug was first reported to Apple in March of 2021, after it was found that inputting a string of characters would get around website restrictions implemented by parents and web blacklists on company devices. The hack worked to bypass restrictions on iPhones, iPads, and Macs.

I thought customer security was of utmost importance to Craig Federighi and Apple. Maybe drop the yearly OS release schedule, Craig, and fix some damn bugs.

 

[yustas]

I've always wondered how much dev resources Apple puts into Screen Time.

Probably less than counting how many cores the iPad has.

 

[GeoStructural]

Another bug going on for at least 4 years now is in the Calendar app, it crashes when trying to create a new event. I have reported it at least 5 times since 2020 and they have never solved it.

I think it has to do with the permissions the app expects, I grant access to camera, location, microphone, etc. on a per-app basis, only if strictly necessary.

 

[jimbobb24]

One nice thing about (oh no I’m doing it) Steve Jobs was he seemed really concerned with helping parents help kids avoid inappropriate content. Apple has been sluggish on making it more robust. Why is there no way to remotely lock down a teens phones or remotely know what they have been using their phones for. Basic stuff in the modern age.

 

[StuBeck]

This is pretty embarrassing if accurate.

 

[Jxdawg]

Not the children!!!!

On a serious note, screen time still has yet to be fixed in many other ways. For instance, on our iPad if the screen time settings are changed, our 12 mini’s screen time settings are turned off. Baffling really. Only way to fix is turn off screen time and turn it back on.

 

[CrysisDeu]

This had better not take away time from emoji development.

I would imagine each emoji takes a few months of dev time

 

[subjonas]

I've always wondered how much dev resources Apple puts into Screen Time. There's clearly a conflict of interest. On one hand, Apple wants to tick the box and appease the media. But do they really care when more screen time means higher revenue?

I don’t think the conflict of interest is clear because I don’t know that there is strong correlation between customer time spent on device and Apple’s revenue. Unlike if their business model was advertising, once a customer pays for an iPhone or a month’s subscription of ATV+, it shouldn’t matter to Apple how much time a customer spends on that device/service, as long as whatever time that is spent on it is seen as valuable, in order to motivate the next purchase. And it’s even possible that limiting the time allowed on a device/service can drive up the preciousness/value of that device/service.

That said, they also probably don’t have much financial motivation to invest resources into Screen Time.

 

[smythey]

Running to the press never works

 

[Wizec]

There’s a crazy simple way for kids to get around web browser restrictions.

All they have to do is type in any of many well known proxy IP addresses and surf away. I can’t seem to find a way to block IPs. I have my kids’ screen time setting on “Allowed Websites Only” super frustrating 😞

 

[scrapesleon]

Need to put more bugs under spotlight that Apple keeps ignoring

 

[ellpee]

Nobody likes a snitch. Ridiculous to automatically think kids are looking for porn and not something more intellectually stimulating.

 

[subjonas]

One nice thing about (oh no I’m doing it) Steve Jobs was he seemed really concerned with helping parents help kids avoid inappropriate content. Apple has been sluggish on making it more robust. Why is there no way to remotely lock down a teens phones or remotely know what they have been using their phones for. Basic stuff in the modern age.

There’s probably a balance of how much power Apple wants to give parents over their kids. Too much parental control over kids can be seen as oppressive or maybe even abusive. Of course it differs from culture to culture.

 

[0339327]

Not the children!!!!

On a serious note, screen time still has yet to be fixed in many other ways. For instance, on our iPad if the screen time settings are changed, our 12 mini’s screen time settings are turned off. Baffling really. Only way to fix is turn off screen time and turn it back on.

I found the fix for this…

which has been an issue for years and that Apple has failed to address on numerous occasions.

The problem comes where you are controlling screen time from a device that has a different iOS than a child’s device. In that case, screen time just turns itself off.

I have resolved this issue permanently by switching my children’s phones to android. I suggest you do the same.

 

[goonie4life9]

Not to worry, everyone, for the official Apple Support script is out:

1. This is not a known issue.
2. Restart your device.
3. If that doesn’t resolve the issue, force restart your device.
4. If that doesn’t resolve the issue, erase your device and set it up as new using a computer. If you don’t have a computer, ask a friend because no further troubleshooting will be provided unless you do this.
5. If that doesn’t resolve the issue, you’ll need to do an RTA to Engineering. After 48 hr, Engineering will reply that this is a known issue, keep your device up to date, not further troubleshooting will be provided, and no further comment will be made.

 

[6787872]

ios/mac osx is the new windows ME

 

[Moof1904]

I dream of the day when Craig Federighi is sent packing.

 

[IllegitimateValor]

Tim Cook, while you’re here: Please add at least time remaining warnings so my poor child stops being cut off without any clue they’re about to run out of time. I’m sure tens of thousands of meltdowns could be thwarted per year. Their Nintendo Switch gives them time remaining warnings hourly, half-hourly, and every minute during the last 5 minutes.