Post

Replies

Boosts

Views

Activity

Reply to Screen time bypass
This remains a problem as of Oct 2022. Apparently, Apple does not consider this an issue and replies with something along the lines of "Screentime is not meant to be ironclad" or so. There is also the problem that whitelisting "x.com" also whitelists "x.y.com". For example, "apple.com" or "iCloud.com" is always whitelisted. This allows you to access "apple.muut.com" which can then be used to redirect you to any website that can be accessed with the above "p.pdf". iCloud also lets you redirect using Notes. Now, even if you remove Safari or block browser downloads (or even restrict apps with in-app browsers) you can simply go to the browser in Passwords (which cannot be removed) and access any of these sites (which include Twitter and Reddit). I do wish Apple would fix this issue. I can't imagine it is very complicated fix.
Oct ’22
Reply to Screen time bypass
Apple is not going to fix this. But for those who have an issue with this, it can be patched with Apple Configurator (you can block apple.com and icloud.com using Apple Configurator and you definitely should since many apps that cannot be erased will open apple.com and allow you to navigate to other websites). Now that Apple has patched the issue with the Passwords Browser, it is possible to whitelist websites without this becoming too much of an issue, so long as you have a restricted browser as well (keep in mind that allowing food.com will also allow any site such as food.x.com). Prosurf is one example of such a browser. Individually blocking specific websites will also disable this PDF loophole. There are far too many websites with which this loophole works, however, so if you really want your phone to be ironclad, you need to disable the ability to open safari, in-app or otherwise (which means deleting any apps which you can type urls and open in-app safari browsers). That means disabling safari Another issue is that DOCM files can serve as browsers in their own right. Meaning that people could send themselves DOCM files with urls in hypertext and open links even without safari active. A way to prevent this is to download a browser which you can set as your "default browser" and also can be password protected to disable use. An example of this would be iCabMobile (make sure to disable the kiosk browser). This loophole also makes it so that you need to disable app deletion. Unfortunately, you can also access videos from Messages or Apple Notes, regardless of restrictions. Which means that if you simply remember a URL, you can access the video by sharing the URL via Messages or Apple Notes. Apple Configurator can patch this too, but disabling Messages would rather defeat the purpose of the phone itself. But it is an option. Apple Configurator could force all traffic in the phone through a third party network that you could then filter, but this would affect apps as well. It's also worth noting that you could potentially open a URL with Safari View Controller in an app via the given app's custom URL scheme. That said, the only app in which I have successfully done so is Apple News (so disable that one too).
Apr ’23
Reply to Screen time bypass
No problem. I very much wish I had someone to tell me all this years before. Apple Configurator is an app that can only be downloaded on MacOS, which means that you need a Mac in order for this to work. If you have a friend with a Mac, you can ask them to let you borrow it. Otherwise, you can buy one (at Costco for example) and then return it according to their policy. Another avenue that I considered but didn't explore is using third party mobile device management (MDM) solutions through companies like Jamf. Truthfully, I configured a practically ironclad phone without it, but from what I understand, these MDM solutions allow you to micromanage your device to a pretty crazy degree and would allow you to make changes remotely. But again, I didn't pursue it once I configured my phone correctly so I might be wrong about this.
Jun ’23