Kids Can Bypass Communication Limit Feature On iOS 13.3
If you have children that own Apple devices, be aware that the latest update for iOS 13.3 included a feature called Communications Limits.
It is designed to allow parents to set up parental controls to keep their kids from speaking to, texting with, or Facetiming with anyone who's not already in their contacts list.
It's a small but important feature addition. Hackers, scammers, bullies, or strangers can easily get phone numbers belonging to children. Even worse, they can then harass or threaten them in a variety of ways.
Unfortunately, there were problems with the implementation of the feature. For one thing, a bug in the code allowed kids to add a new number to the address book contacts list and use that as a springboard for bypassing the restrictions imposed by the software.
The bug was discovered by staffers at CNBC who were able to show that the feature worked fine on devices backed by iCloud, but not other services like Google's Gmail.
Todd Haselton of CNBC had this to say about the discovery:
"A child should not be able to add the contact to the iPhone's address book without their parent entering their PIN first if the feature is working properly."
That's a succinct description of both the problem and its solution. Right now, Apple is scrambling to generate a fix. Although the company hasn't said as much, there's a very good chance that by the next patching cycle, the company will have a fix in hand.
If you were counting on the feature, one thing you can do until the fix is ready is to make use of the Downtime feature. That allows users to restrict access to apps according to a predefined schedule. It's not perfect, but it will get the job done in the short term.