Monday, September 20, 2010

Apple's iPhone parental controls are completely broken

I've ranted about how crappy OS X Parental Controls are, but I thought iOS did better.


My son specializes in hacking iOS. It's not hard. Even #@$@ has an $@$# embedded webkit browser function. Disabling Safari doesn't disable embedded WebKit access, and it's evidently extremely easy to incorporate WebKit into an app. So app developers do it -- because they can.

What the heck is wrong with Cupertino and parental controls? Is it the (bottled) water?

Update 10/2/2010: Martin in comments suggested a brilliant idea Apple could implement now. They could say that any app with unrestricted embedded webkit access gets an NC17+ rating. I'm sure PublicRadio and WolframAlpha would close their backdoors immediately.

Of course there are lots of things Apple could do in software, but that would take at least 6-12 months to do if it's not already done. I like Martin's suggestion.


Martin said...

AFAIK should apps with web access be rated 17+ in the App Store.

JGF said...

Martin, that's brilliant. If Apple did that Wolfram Alpha and would drop the embedded webkit immediately.

These apps get very little added value from the feature.

I suggested your proposal to whoever reads

Unknown said...
This comment has been removed by the author.
Unknown said...
This comment has been removed by the author.
JGF said...

I think we'd need to get a US senator interested. I really miss Tipper Gore!

Unknown said...
This comment has been removed by the author.
Phillip said...

I am so glad others have noticed this and are concerned about it too. iDevices are only increasing in popularity and are finding their way into more hands as gifts, learning tools provided by school systems, etc.

Regarding Martin's brilliant idea, I came across a small facebook community of parents who are equally concerned and aware of the embedded browser issue:

This site also has a growing community of parents concerned about apps on their children's iOS devices. It gives a brief profile of each app installed and sends that info to the parent's email within hours after installation, but doesn't warn them about embedded browsers (yet):

Some thoughts:
1) Perhaps if more parents knew about the issue, they would become more interested in mobilizing to demand that Apple deliver on their promise of effective parental restrictions and controls? Axel Janssen suggested a petition - I would be interested in collaborating to write one and/or sign it if one were already written.

2) Reaching out to developers and their customers who produce safe, alternative browsers to Safari (net nanny, Mobicip, k9, Covenant Eyes, etc.) While they have good products, they ultimately fail because of apps with embedded browsers. This is a HUGE hole in their promise of a safer web experience, because they rely on enabling Apple's well intentioned - though woefully inadequate - parental controls.
But all of you already knew that. I assume many more don't.

John Gordon said...

I cannot say why this old post has suddenly received such excellent comments, but I am happy to at last see some attention to one of my many rants on the topic. I only stopped when it seemed nobody noticed or cared. I guess it just took time.

In a better world we've be able to sue Apple for false advertising, but I doubt that's feasible.

I'll join and lend my encouragement there.

There are so many, many ways Apple could fix this. They could, for example, implement a global setting that would direct all embedded webkit calls to a page that said - webkit disabled. This would incent app vendors to handle webkit disabling elegantly.

It is possible that the code around webkit embedding is particularly ugly. Maybe the only person who understood it has left Apple. If so, I can suggest places to spend .01% of their 50 billion dollar cash reserve.

Good job Alex and Phillip.