Apple's new Communication Limits parental control feature bypassed by bug
Apple this week rolled out new parental control features as part of iOS 13.3, but one of the most touted, Communication Limits, is easily defeated thanks to what appears to be a bug related to iCloud syncing.
Accessing Communication Limits in iOS 13.3.
Communication Limits debuted with iOS 13.3 on Tuesday and allows parents greater control over who their children talk to, text with or FaceTime.
The feature is two-pronged and blocks incoming and outgoing communications from anyone not in an iPhone's Contacts list, while restricting users -- kids -- from adding contacts without first entering a security PIN. When enabled, Communication Limits prevents children from talking to non-vetted contacts.
A bug, however, renders those protections largely useless.
Discovered by CNBC, Communication Limits can be bypassed if an iPhone's contacts are not synced with iCloud by default.
To demonstrate the flaw, CNBC tapped on an incoming text from an unknown number. As designed, a full-screen "Restricted Contact" pane appeared, but the page was easily bypassed by tapping on an "Add Contact" option. Adding the new contact to iPhone's Contacts list enabled unfettered access to the number.
Children can also use Siri on Apple Watch to text or call any number, even those not in the Contacts list of a paired iPhone.
CNBC found the above methods do not work when Downtime is enabled.
Apple in a statement said it is working on a fix, but failed to offer a timeline for release. In the meantime, parents can avoid the bug by changing an iPhone's default contacts syncing service to iCloud.
Accessing Communication Limits in iOS 13.3.
Communication Limits debuted with iOS 13.3 on Tuesday and allows parents greater control over who their children talk to, text with or FaceTime.
The feature is two-pronged and blocks incoming and outgoing communications from anyone not in an iPhone's Contacts list, while restricting users -- kids -- from adding contacts without first entering a security PIN. When enabled, Communication Limits prevents children from talking to non-vetted contacts.
A bug, however, renders those protections largely useless.
Discovered by CNBC, Communication Limits can be bypassed if an iPhone's contacts are not synced with iCloud by default.
To demonstrate the flaw, CNBC tapped on an incoming text from an unknown number. As designed, a full-screen "Restricted Contact" pane appeared, but the page was easily bypassed by tapping on an "Add Contact" option. Adding the new contact to iPhone's Contacts list enabled unfettered access to the number.
Children can also use Siri on Apple Watch to text or call any number, even those not in the Contacts list of a paired iPhone.
CNBC found the above methods do not work when Downtime is enabled.
Apple in a statement said it is working on a fix, but failed to offer a timeline for release. In the meantime, parents can avoid the bug by changing an iPhone's default contacts syncing service to iCloud.
Comments
Last I checked (prior to 13.3), in my case, App Limits didn’t provide enough specificity to be useful. So Downtime was always enabled. And even then, Siri is still a problem because it is exempt — the young adult with autism living in my household will still stay up half the night talking to Siri even though Siri is cut off from most apps during Downtime. So I still have to go in and take the devices away. I guess it’s a safety feature, but it would be nice if there were a way to opt out of it.
You can try Google's Family Link for yourself and see.
https://apps.apple.com/us/app/google-family-link-for-parents/id1150085200
Bonus: If one of your young family members uses a cheap ol' Android (hey maybe they regularly ruin/lose phones, don't judge) Mom and Dad can still include them in Family Link. It's cross platform.
We also have General > Date & Time > Set Automatically turned on. It and Time Zone are greyed out and can't be changed with Account Changes not allowed.
Of course, maybe that isn't an option for you and your teenager for some reason, but for us it works fine. I guess if your child doesn't have their own Apple ID that is part of your Family (if they are under 18 you have a lot of control -- the options for a person over 17 used to be limited -- not sure now -- but I know you can use the above restrictions, because I use them for an autistic 21 year-old) then you can't do this.