Child spends over $800 on 'Roblox' using password reset bypass
A viral video on TikTok shows a mother in distress after her child spent over $800 on "Roblox," but it could have been prevented with Screen Time.
'Roblox' is a popular game on iPhone and iPad
"Roblox" is a very popular game that uses an in-game currency called Robux. It is an enticing, addicting game targeted at children willing to spend real money on cosmetics.
A TikTok influencer named Linzy Taylor shared a video describing her situation after her 10-year-old son had spent over $800 across eleven purchases inside "Roblox." The video has amassed 3.8 million views as of this article's publication.
Usually, stories like these involve the child using some form of deception to bypass a child lock or some lack of supervision from the parent. However, this time, all the child needed was their device passcode.
There was no Screen Time protection on the account, so the only protection the device had was the device passcode and Apple ID password. The child did not know their Apple ID password but had the passcode to access the device.
It isn't clear how he learned to do this, but it is an identical method used by thieves to steal iPhones and reset their Apple ID password.
Taylor's son was able to navigate to "Roblox" and initiate an in-app purchase. The device was set up to prompt for a password any time a purchase was initiated, so biometrics like Touch ID wouldn't work.
All the child needed to do was select "Forgot my password" and then enter his iPhone passcode. The password was reset to the one he chose, then he was free to make purchases.
By the time Taylor noticed the transactions piling up, it was too late. Her son had spent around $800 from her PayPal account that was linked for purchases.
AppleInsider reached out to the family and discussed the situation to ensure Screen Time was not enabled. Taylor admitted she had never heard of the feature and will gladly enable it to gain more control over her child's devices.
Screen Time is a versatile parental control tool
This is a common occurrence, as Apple does not actively advertise the feature. And she was right to believe a password would be enough.
Screen Time is a tool found within the Settings app, and it is indispensable to parents. App time limits can be set, purchases can be hidden behind a permission structure, and in this story's case, Apple ID passwords can be locked behind the Screen Time passcode.
If Screen Time was set up and the setting turned on, the Apple ID password could not be reset with only the device passcode.
We urge any parent to take a few minutes to set up Screen Time for their children. It isn't foolproof, as crafty kids have found ways to learn their parent's passcode to get by it, but it is an extra layer of protection.
View our guide on how to set up Screen Time and parental controls on iPhone and iPad.
Taylor has reached out to Apple for a refund, and it is pending.
Read on AppleInsider
'Roblox' is a popular game on iPhone and iPad
"Roblox" is a very popular game that uses an in-game currency called Robux. It is an enticing, addicting game targeted at children willing to spend real money on cosmetics.
A TikTok influencer named Linzy Taylor shared a video describing her situation after her 10-year-old son had spent over $800 across eleven purchases inside "Roblox." The video has amassed 3.8 million views as of this article's publication.
Usually, stories like these involve the child using some form of deception to bypass a child lock or some lack of supervision from the parent. However, this time, all the child needed was their device passcode.
There was no Screen Time protection on the account, so the only protection the device had was the device passcode and Apple ID password. The child did not know their Apple ID password but had the passcode to access the device.
It isn't clear how he learned to do this, but it is an identical method used by thieves to steal iPhones and reset their Apple ID password.
Taylor's son was able to navigate to "Roblox" and initiate an in-app purchase. The device was set up to prompt for a password any time a purchase was initiated, so biometrics like Touch ID wouldn't work.
All the child needed to do was select "Forgot my password" and then enter his iPhone passcode. The password was reset to the one he chose, then he was free to make purchases.
By the time Taylor noticed the transactions piling up, it was too late. Her son had spent around $800 from her PayPal account that was linked for purchases.
What went wrong
All of the tech-savvy people reading this article already know what happened -- there was no Screen Time passcode. This was a simple mistake to make as Taylor believed she had plenty of protection with just an Apple ID password.AppleInsider reached out to the family and discussed the situation to ensure Screen Time was not enabled. Taylor admitted she had never heard of the feature and will gladly enable it to gain more control over her child's devices.
Screen Time is a versatile parental control tool
This is a common occurrence, as Apple does not actively advertise the feature. And she was right to believe a password would be enough.
Screen Time is a tool found within the Settings app, and it is indispensable to parents. App time limits can be set, purchases can be hidden behind a permission structure, and in this story's case, Apple ID passwords can be locked behind the Screen Time passcode.
If Screen Time was set up and the setting turned on, the Apple ID password could not be reset with only the device passcode.
We urge any parent to take a few minutes to set up Screen Time for their children. It isn't foolproof, as crafty kids have found ways to learn their parent's passcode to get by it, but it is an extra layer of protection.
View our guide on how to set up Screen Time and parental controls on iPhone and iPad.
Taylor has reached out to Apple for a refund, and it is pending.
Read on AppleInsider
Comments
Maybe she can get sponsored by the Roblox people.
offset $800, maybe as measured against the owner's cell plan cost. Show the kid how the length of his punishment is calculated so he will have a solid grasp of how long it should take to spend that much money.
But if he is not getting any money, and his parents are not teaching him about the money, then he wouldn't even have a close understanding what 800 USD means (for his family).
This means, the parents are still responsible to explain the importance of money and how to treat them. So she should think not just about consequences for her child but for herself
Though we rarely think this way.
Take the responsibility. Own it.
Family Sharing and Screen Time set up are part of the set up flow when setting up a device for a child under 13 years old. The Parent can skip the process or more often in my experience Parents share their own AppleID or fib about their child's age when they set up the child's ID.
Apple Support Video