We have developed a Parental/Self control app using Screen time API. We have used individual authentication to authorize the app, using the instructions here: https://developer.apple.com/documentation/familycontrols/authorizationcenter
The problem is , that individual auth can be disabled easily , by the following steps:
- enter Settings app.
- in Settings app, click on the Parental/Self control app.
- click to disable screen time restriction.
- show the device owner's face/fingerprint. (or pin code)
Why is that a problem:
Parental control apps, or self-control apps, are about giving control to the software, To make it hard for the user to disable the restrictions.
So using the flow I have introduced above, it's super-easy for a user to disable his Parental control restrictions, which misses the entire point of Parental/Self control idea.
Furthermore, not only the user have the means to unlock his screen time restrictions, he also MUST have the means to unlock it.
This makes Screen time (with individual auth) useless: I have a code ready to make a great parental control app for my clients, with amazing ideas, but I can't use the Screen time API unless this problem is fixed.
Why child-parent auth is not enough: My clients are grownups people between ages of 15-40, that are interested in self-control, so they don't have iCloud child accounts.
also, the child-parent auth solution forces my clients to give some control to other person, and my clients prefer their privacy. Some of them prefer self-control and not parental-control.
What I suggest as a solution:
1: Give more options to users how to disable the Screen time restrictions. including:
- a second faceID / FingerPrint (that isn't the same as the one used to unlock the device)
- a second pin password.
- a string password
2: Give the users the option to choose to not have the device's owner Face/Finger/Pincode ID , as a method to disable the Screen time restrictions.