Safeguarding children’s devices against Screen Time removal

Published Updated
Cover image for: Safeguarding children’s devices against Screen Time removal

The Washington Post wrote recently about vulnerabilities in Apple’s Screen Time mechanism, and how children are able to circumvent some of its restrictions. Susan Li of Fox News followed up on the story, looking at methods some teens use for recovery of their parents' codes.

Kids are outsmarting an army of engineers from Cupertino, Calif., home to Apple’s headquarters in Silicon Valley. And Apple, which introduced Screen Time a year ago in response to pressure to address phone overuse by kids, has been slow to make fixes to its software that would close these loopholes. It’s causing some parents to raise questions about Apple’s commitment to safeguarding children from harmful content and smartphone addiction.

Our experience is in helping people get easier access to their own data on their Apple devices, so some of the angles the WaPo examined are outside of the areas we typically look at it. It seems like there are some weaknesses in Screen Time, particularly with regard to the mechanism the article describes to circumvent restrictions on YouTube.

Reincubate has been at the forefront of recovery and reset of lost Screen Time passcodes (and the earlier restrictions passcode setting). Our R&D led us to release passcode recovery in early 2014, and we have updated it with every subsequent iOS update.

Doesn't this let kids bypass their parents' restrictions?

Whilst removing a Screen Time passcode is easy for an adult user with their own device, it doesn’t undermine parents who set passcodes to regulate their children’s behaviour.

There are a few reasons for this.

Firstly, the technique we use on iOS 13 disables Screen Time passcodes both when Screen Time has been set up individually on a device, and when Apple’s “Share across devices” option has been set, locking down all devices on an account. However, if the child’s device has been added to “Family Sharing” as Apple recommends, the technique won't work.

Even if the child’s device has been incorrectly set up and lacks “Family Sharing”, there is another factor that prevents this technique from working for children. To remove a passcode on iOS 13, Apple’s “Find My” functionality must be temporarily disabled. This is not possible without an iCloud password, which in many cases a child would not have. Similarly, to use the technique on iOS 12, a child would need know the backup password their phone had been configured with.

Finally, Screen Time removal in our product requires a paid license, and access to a credit card. It is expected most children are not freely able to make credit card purchases unmonitored online.

Why is it important to be able to reset a lost Screen Time passcode?

Screen Time isn’t specifically for children. In fact, many users use it to monitor and shape their time with apps.

As Canadian investor Andrew Wilkinson found, Apple cannot help with a lost Screen Time passcode other than to suggest a complete reset of one’s device, potentially having to starting again with no data.

With the release of macOS Catalina, the problem runs deeper: Screen Time is now integrated into Apple’s desktop products, and users who had lost passcodes on iOS and faced a minor irritation now face a greater one. The Screen Time passcode gets shared across a user’s devices, and now limits their use of their Macs.

Our software is able to remove this passcode and lift the restrictions without a user having to reset their devices or lose any data.

How can parents ensure the Screen Time mechanism isn’t undermined by their children?

Simply put, Apple’s recommendations for regulating children’s behaviour with Screen Time are effective in ensuring Screen Time isn't removed without a parent's involvement.

Parents seeking to use Screen Time effectively should configure the child’s device with “Family Sharing” (see Apple’s guidance here). Apple provide great support and guidance for this in store, by phone, and on Twitter.

Whilst the following steps are not strictly necessary to safeguard against the removal of Screen Time restrictions, we’d recommend parents also:

  • Set a backup password for the child’s device that is not known to the child. These can't easily be recovered, and they prevent use of any future backup-based Screen Time exploits that may be discovered. A password like this can be set with iTunes on Windows, with Finder on macOS, or with iPhone Backup Extractor. There is no cost to using any of these options.

  • Use a password manager such as 1Password to securely record any passwords they set.

  • Periodically check the Screen Time reports on their own iPhone, iPad or Mac. Were Screen Time to be disabled on a child's device, time "time-per-app" and usage reporting would be empty.

Reincubate is a values-based business, and we’ve been helping users safeguard and recover data on their iOS devices for over a decade. If you have thoughts on how we can make our products or site better for parents, we’d love to receive your feedback in the comments below, through Twitter, or by email.

About the author

Aidan Fitzpatrick founded Reincubate in 2008 after building the world's first iPhone data recovery tool, iPhone Backup Extractor. He's spoken at Google on entrepreneurship, and is a graduate of the Entrepreneurs' Organisation's Leadership Academy.

Reincubate's CEO at Buckingham Palace

Pictured above are members of Reincubate’s team meeting HM Queen Elizabeth Ⅱ at Buckingham Palace, after being awarded the UK’s highest business award for our work with Apple technology. Read our position on privacy, safety and security.

Can we improve this article?

We love hearing from users: why not drop us an email, leave a comment, or tweet @reincubate?

© 2008 - 2019 Reincubate Ltd. All rights reserved. Registered in England and Wales #5189175, VAT GB151788978. Reincubate® is a registered trademark. Privacy & terms. We recommend 2FA. Built with in London.