How is my child bypassing screentime limits?

Hello,

Being a child (above 13) myself with Screen Time too, I know exactly what method has been being used. After reading through each post in this thread carefully, I examined the possibilities of what exploit could have been used. Here's the thing: Your child is not using any exploit.

You mentioned that your child does not know the Screen Time passcode but does in fact know your iPhone password. When your child reaches downtime/their limit for the day, they are presented the option to Request Time. Your child can request time and a popup will appear on family organizers' devices. Now, when clicked, this notification will ask for your screen time passcode. However, if you simply hold down the notification, you get four options.

Don't Approve

Approve for 15 minutes

Approve for 1 Hour

Approve for all day

When your child clicks Approve All Day, it does not ask for a screen time passcode and gives access to the app(s) requested until 12am (Midnight).

My recommendation is to change your passcode immediately! This will most likely fix your problem.

My teen has admitted to getting around screen time and restricted contacts by turning his phone off. When the phone is powered back on, it gives him access to apps and phone numbers for a few moments (I haven't timed how long) before the regular parental control settings start working again.

I have the same issue, and I know how he does it. I have been requesting support for this problem for a long time but there seems to be no solution from Apple.

The method used is the following:

1. Click on change screentime code.
2. Click on I forgot the password.
3. When asked Appe ID you write it and then click on “forgot password”
4. Then you are asked the 6 digit code of the phone (!!!) and there you go, it allows you to change the Apple ID password, with which you are allowed to change the 4 digit screen time code.

Now the kid can do whatever he wants.

If he has the 6 digit code for unblocking the phone, then the screen time can be overriden in a matter of seconds.

At least this is the problem I have, I hope this can help.

Cheers

I’m not sure if you got anywhere with this. I realize it’s and older post. BUT I just found out from my own issues with my kid with this that they can use other apps like maps, Life360, watch, health, settings even! They go to the legal formats for the apps and click on the web browser link and then they are in to use the internet even if the internet is deleted from their phone. It’s very sneaky. I was able to delete everything but the settings app. I’ll just have to keep my eyes on it. Hope this helps someone

Momofabunch wrote:

My teen has admitted to getting around screen time and restricted contacts by turning his phone off. When the phone is powered back on, it gives him access to apps and phone numbers for a few moments (I haven't timed how long) before the regular parental control settings start working again.

Have you confirmed this?

It may also be that he knows your passcode and does not want to tell you. Even it it allowed access to an app for a few seconds it does not seem like it would be beneficial to restart your phone 30 times for just a minute of extra use.

Just a thought...I don't know that you mentioned it in what you've tried. Since these seem to be online apps (SnapChat and TikTok) that he wants to use, have you tried adding parental controls to the router/gateway to block all access to the internet from his specific device?

Hi Loren. Did you manage to figure this out? I seem to have the same problem with my 13yo. Thanks.

This is exactly it. Mine does the same thing, admitted to it and showed me. They get exactly one minute to do what ever they want every time they reboot their phones before screentime kicks back in. This is a crappy design.

So far I am kind of ok with it as its annoying to them, but I would rather they not be allowed to do this. Defeats the purpose of screen time all together.

I have yet to find a fix.

Huonghl24 wrote:

There is a trick which apple could not fix.

You can guess an unlimited amount of times if you go to settings > general > transfer or reset iPhone > erase all content and settings > continue > enter passcode for your iPhone > then it will ask you to enter your screentime passcode. You can guess an unlimited amount of times, and once you get it right, you will know because it will begin to erase your device, but you can cancel immediately.

You can start at 0000, then 0001, then 0002, etc. all the way up to 9999.

And at 5 seconds a guess, it would take 13.8 hours to get through all combinations. If your child is going to go to that length to disobey you, then you have bigger problems than a screen time limit. A smart phone may not be what they need.

SnowyGamer wrote:

If your son is over the age of 12 they can leave the family resetting all screen time setting temporarily and they reset back to normal the next day or at 1 minute pass midnight allowing him to reset the screen time and go on his favourite apps.

Not True! If Screen Time is turned on, they cannot leave the Family Sharing group unless it is done by the Family Organizer. This is stated clearly here:

Any family member age 13 or older* can remove themselves from a family group. If you have Screen Time turned on for your account, the family organizer must remove you.

Leave Family Sharing - Apple Support

They can leave the group if Screen Time is NOT turned on and locked with a Passcode. If they are able to leave the group, then they know the passcode that you are using. Change your Passcode and don't let them watch you enter it, and they will not be able to leave the group.

It’s simple he reset the screen time password but I can’t tell you how as many teenagers want their freedom so you can at least reason with him and adjust the time limit given to him

Gillo45 wrote:

This is true as my son uses this method to get round his restriction. Help!

Again, parental controls are doomed to fail against any suitably inclined kid. Prisons fail at this.

And yes, there are absolutely places and things around that parents do not wish to have discussions about, and will wish to block, but that doesn’t make those conversations any less avoidable nor will it make efforts to avoid those conversations any more effective.

You might run parallel Wi-Fi or shut off the Wi-Fi on a schedule, but even that won't keep a suitably motivated kid isolated from their interests.

Kids can bypass all of this, and on an allowance-scale budget.

If your child trusts you—kids have agency—ask them how they’re bypassing the blocks, and why, and maybe they’ll tell you.

Technology can’t solve people problems.

Mazaresbern wrote:

1. I have the same issue, and I know how he does it. I have been requesting support for this problem for a long time but there seems to be no solution from Apple.

The method used is the following:

Click on change screentime code.

2. Click on I forgot the password.

3. When asked Appe ID you write it and then click on “forgot password”

4. Then you are asked the 6 digit code of the phone (!!!) and there you go, it allows you to change the Apple ID password, with which you are allowed to change the 4 digit screen time code.

Now the kid can do whatever he wants.

If he has the 6 digit code for unblocking the phone, then the screen time can be overriden in a matter of seconds.

At least this is the problem I have, I hope this can help.

Cheers

When setting the ScreenTime passcode, you can optionally associate the ScreenTime passcode with an AppleID account. Choose an AppleID that is not the child's AppleID (e.g., you own AppleID - the password for which should be known only to you).

Alternatively, when setting the ScreenTime Passcode, you can skip associating the ScreenTime Passcode with an AppleID altogether. This will prevent reset of an unknown ScreenTime Passcode - but consider that a subsequently forgotten ScreenTime Passcode will entail complete reset of the iPad and starting again afresh; in this situation you will not be able to restore data from an iCloud or iTunes backup - as to do so you would also restore the unknown ScreenTime Passcode.

Loren Ryter wrote:

Good idea. Not very practical for me (already have like 5 SSIDs on one router, and want to keep kid on same LAN anyway), but possible.

Five SSIDs on one router is unusual. Typical is at most two (guest, staff).

Three SSIDs is about the most I’ve ever met on one Access Point (AP) or one Wi-Fi router, and that was ugly. Here, that trio would probably be “Guest”, “Kid”, and “Parents”.

I typically recommend APs or mesh networks and careful Wi-Fi frequency coordination, rather than adding (often warring) Wi-Fi routers and adding SSIDs to manage added coverage, if that was the motivation leading to five SSIDs active here.

I get they can be bypassed, but it shouldn't be such a mystery how he's doing it. I'm pretty technically inclined and can't figure out the exploit. AFAIK any method that could involve a small budget is something like a jailbreak -- running software tethered to a computer -- and most likely can only be meant to circumvent the passcode security for the parental controls. It would be at the level of a boot injection, and I see nothing amiss in the boot sequence or any other obvious sign of such a hack. Furthermore, it would need to work by allowing him to change the screentime settings, which he's not doing.

That’s far more work than the easiest of the allowance-budget bypasses. Again, parental controls is doomed to fail, against any suitably inclined kid. Prisons fail at this. And yes, there are absolutely places and things around that parents do not want to have discussions about, and will wish to block, but that doesn’t make those conversations any less avoidable nor these blocks any more effective. Technology can’t solve people problems, IT sales reps’ claims aside.

IMO someone needs to keep an up-to-date list of exploits that a) parents can take further measures to block or otherwise handle, or b) apple can address.

Yes, and the folks maintaining that list are liars, scammers, cheats, and crooks, or those selling snake-oil and “magical” solutions, or those that wish to harvest data and metadata from you and your children, or those seeking to advertise to the children, or combinations. I manage more complex and more capable networking gear than most or the folks around here have access to, and all of what I have (including 802.1X RADIUS authentication, and redundant local DNS servers) can still be entirely bypassed by a kid on an allowance-scale budget.

And yes, the Kid-SSID will fail against even a mildly determined adversary with an allowance, too.

This is an exceedingly hard problem. Unsolvable, without (generally illegal) communications jamming.

Again, prisons fail at this.