Letter to users about Apple parental controls

Letter to users about Apple parental controls

It all started in 2015 when we became early innovators and offered parental control for Apple iOS devices using Apple’s own Mobile Device Management (MDM) frameworks. Boomerang Parental Control offered parents remote control of iOS device screen time, age and content restrictions, purchasing restrictions, safe browsing, and location tracking but our Apple app continued to be inferior to our Android app. The limitations were due to how iOS didn’t provide the flexibility for an approved third party app to control other areas of iOS for the purposes of security or parental controls. At this time, Apple’s own parental controls were very rudimentary. So after 2 years of user feedback and my own experience with what was possible on iOS vs Android, I thought it would be smart and strategic to email my thoughts, frustrations and user feedback to Tim Cook, CEO of Apple. Similar to Steve Jobs, Tim welcomes direct feedback to his work email (tcook@apple.com). My emails never bounced. The goal was to bring light to the limited parental controls built-in iOS and to also offer suggestions on how to improve things for both iOS and third party apps like Boomerang Parental Control.

Here are my three original emails that I shared in my Medium blog post.

The key points I made were: 

  1. Screen Time controls – device and app level
  2. Safe Browsing – the adult filter in iOS is OK but doesn’t handle the nuances of filtering inappropriate websites
  3. iOS onboarding for parental controls when first setting an iPhone/iPad
  4. Improved support for controls via Device Profile (MDM) for third parties like us

I never received a reply but maybe there’s an element of “watch what you wish for” in the following experience.

2018

In January 2018, a significant group of Apple investors went public with Apple’s lack of compelling parental controls. This started a public conversation about Apple improving this area in an upcoming iOS update. We thought “great, validation for what we’ve been building!”. Tim Cook then came out and mentioned how he didn’t want his own nephew on social media platforms and how he didn’t support overuse of technology. In a way admitting devices had addictive properties – what we knew already existed.

Fast forward to Apple’s annual Worldwide Developer Conference in June 2018, Apple formally announced its screen time features that would be built into their upcoming iOS update (iOS 12). Apple mainly added the same key features missing in iOS that I had shared in my emails to Tim. Apple did not provide any improvements to third party options to leverage these new controls. Most apps installed on iOS can integrate with app permissions (like Camera, Contacts, Location, etc).

In late July 2018, we pushed an app update for review to the App Store Review Team. This update brought new features to our Parent Mode and fixed a few bugs. Typically app approval came within a few days. When almost 2 weeks went by without any status updates, I started to get concerned. We finally received a message for the App Review team on Aug 12th which said that they needed more time to review our app. Here’s a timeline of the events starting with our app submissions on July 31st 2018.

TIMELINE OF KEY EVENTS – PART 1
July 31st 2018 – Our app update is submitted to Apple’s App Review team for review. It contained app limits for Android child devices from iOS Parent Mode and a few bug fixes.
August 12th 2018 – Message from Apple’s App Review team via their Resolution Centre – Your app, Boomerang Parental Control (1053543710), does not comply with one or more App Review Guidelines. The actual message simply said:

Picture1
Aug 16th, 2018 – I pushed a new app update that fixed a few bugs (we were not approved yet).
Aug 20th, 2018 – Another resolution Centre message from Apple’s App Review team. The message stated they wanted to talk. I called them back and the Apple representative was now starting that the use of Mobile Device Management was no longer being allowed. I requested more information where in the guidelines this was mentioned as there was none at the time except for a very vague statement about “App Performance”. We had a couple new bugs to fix so I published another update for review.
Aug 27th, 2018 – New Resolution Centre message “we continue to find that the app installs mobile device management (MDM) profiles for unapproved purposes, which is not allowed on the App Store. Specifically, your app blocks or restricts access to third-party apps using MDM.” I decided to file an appeal with the App Review Board.
Sept 3rd 2018 – Following my appeal, it was rejected and confirmed the original August 27th 2018 reason was still valid for rejection. The exact wording from this email was: 

Performance 2.5.1

Your app installs MDM profiles for parental control, which is not appropriate for the App Store. It would be appropriate to remove this feature from your app before resubmitting for review. 

Apple’s guideline at the time said the following:

2.5.1 Apps may only use public APIs and must run on the currently shipping OS. Learn more about public APIs. Keep your apps up-to-date and make sure you phase out any deprecated features, frameworks or technologies that will no longer be supported in future versions of an OS. Apps should use APIs and frameworks for their intended purposes and indicate that integration in their app description. For example, the HomeKit framework should provide home automation services; and HealthKit should be used for health and fitness purposes and integrate with the Health app.

Firstly, this was the first mention of specific wording targeting the use of MDM profiles for parental control. We did not use any private APIs or any framework in unintended uses. So our internal conclusion at this time was simple: Apple wanted us out of the App Store and the timing was very suspect as iOS 12 with Screen Time controls was about to get released with the launch of their new iPhones.
Sept 4th 2018 – we started work on the necessary changes to remove the prompt for the Device Profile installation. We pushed the update to Apple’s App Review team.
Sept 5th, 2018 – Boomerang Parental Control is In Review
Sept 10th, 2018 – Rejected because they wanted additional information about our app in relation to: 

  1. Is the app still in use of an MDM profile? (at this time we no longer did)
  2. If not, how is it delivering device control such as hours of use and app specific restrictions?
  3. Your app uses the “prefs:root=” non-public URL scheme, which is a private entity (this is what all other apps were using to allow you the parent to get forwarded to iOS Settings to complete the installation of the Device Profile after the app was installed).

We still mentioned screen time features that parents can control Android devices when they set up their child’s iOS device. Apple didn’t like this as per this guideline: 

1.1.6 False information and features, including inaccurate device data or trick/joke functionality, such as fake location trackers. Stating that the app is “for entertainment purposes” won’t overcome this guideline. Apps that enable anonymous or prank phone calls or SMS/MMS messaging will be rejected.

We cannot mention Android in any of our App Store descriptions as it violates Apple’s metadata guidelines. 

Sept 12th 2018 – We continued making the required changes and pushed those final changes to review.
Sept 14th, 2018 – So about a month and a half later, our updated app was approved by Apple and ready to be released. This update removed all key features around app controls and device screen time schedules. Boomerang Parental Control at this time officially no longer provided app and screen time controls for iOS child devices. We continued to develop and improve our Parent Mode as a good percentage of our users are parents with iPhones and kids with Android devices.
Oct/Nov/Dec 2018 – Our app revenues declined, the user feedback was negative and yet many competitors still had their unchanged app with MDM still live on the App Store. 

In early December 2018, TechCrunch published an article which summarized the 2018 challenges for third party iOS parental control apps. The challenges also extended to digital wellbeing apps as well such as Moment and Space. Meanwhile, I was already in touch with a few iOS parental control competitors and they confirmed their experience with Apple matched ours.

2019

Fast forward to April 27th 2019, the New York Times published an article sharing Apple’s anti-competitive approach towards third party control apps. This one got Apple’s attention. Apple replied aggressively to this article in a press release stating several parental control apps “…put users’ privacy and security at risk.” They didn’t name names, and of the ones I was in touch with, none were a privacy or security risk. Apple’s reason? Apple stated “MDM gives a third party control and access over a device and its most sensitive information including user location, app use, email accounts, camera permissions, and browsing history.”. What wasn’t mentioned was, Boomerang Parental Control used a lighter version of the Device Profile Management and was only able to control things like age ratings and a few other app preferences like hiding Safari or the Camera/Facetime apps. Location tracking was done by proper requests via our app’s permission request (like all other apps). Apple further stated that “…this isn’t a matter of competition. It’s a matter of security.”. Which is also their opinion vs our experience. Apple in fact continued their privacy marketing after this following their billboard at CES 2019 about “what happens on your iPhone, stays on your iPhone” which is in fact false.

Meanwhile, a few conversations had already occurred with some of our competitors and we all wanted to bring clarity on Apple’s comments and awareness to the experience Apple provided to our group. This was not about user privacy/security. Our alignment resulted in the creation of a draft proposal written to provide requirements for an API (fancy techie term that really stands for allowing two pieces of software to communicate with each other). This would allow our apps to communicate with secure and approved methods (so removing the need for a Device Profile) – screentimeapi.com was created.

In May 2019, OurPact (one of our competitors also fighting the argument vs Apple), wrote a very detailed timeline of their own experience with Apple in this Medium post

On June 3rd 2019, at Apple’s WWDC, there were no announcements to improvements of any screen time feature updates in iOS13. By this time, the media had shared the New York Times article and various versions of it leading to WWDC. Thanks to the keen eye of one of our competitors, he noticed Apple had in fact made an update in their App Store guidelines mentioning “Mobile Device Management Apps that offer Mobile Device Management (MDM) services must request this capability from Apple. Such apps may only be offered by commercial enterprises (such as business organizations, educational institutions, or government agencies), and in limited cases, companies using MDM for parental control services.” This meant, the past year was pretty much a waste as Apple was not offering a new method but just allowing the previous approaches but with a screening process. In the meantime, The New York Times wrote a follow up article announcing this silent change. Also note, Apple didn’t make any changes in their technology to support their own claim about user privacy and security. They just added a new screening process.

TIMELINE OF KEY EVENTS – PART 2 

June 12th 2019 – I received a call from the App Review contact I had previously been in touch with. It was a proactive follow up asking if we were planning to re-submit our app. I obviously replied yes. There was a new process that now required a completed Mobile Device Management Capability form for app developers using a Device Profile. To my knowledge, only apps using MDM for parental controls had to do this. None of the enterprise MDM used in schools/businesses required this form.
July 11th 2019 – We push our app update that brings back MDM.
July 12th, 2019 – Boomerang Parental Control gets approved with MDM. We held off releasing as we wanted to now align the launch with back to school in August.
Aug 2st, 2019 – a message was received from the App Store Review team. I was away so didn’t get back to this message. A bit of phone tag occurred afterwards.
Aug 9th, 2019 – App Review team sends a message mentioning that our app is in violation and could get taken down from the app store in 90 days. I inform the representative that our app is in Pending Developer Release, was approved on July 12th and we are holding off releasing until back to school. Now the reason for Boomerang Parental Control’s violation this time was the MDM Approval form wasn’t approved as our app contained Google Analytics, an analytics platform that many apps on the App Store still use today for app crashes, screen usage and more. Apple has no alternative to this technology. Her claim was that Google Analytics could grab sensitive MDM information. This was false, our code didn’t have any such information being shared in our app or backend services with Google Analytics for MDM related purposes.
Aug 23rd, 2019 – we pushed an update that removes Google Analytics from our app. Got thanks by the App Review team and they would review as soon as possible.
Sept 5th 2019 – Got another call from the App Review team and now the violation was Google Firebase. The exact wording in the message was “Apps offering MDM services may not sell, use, or disclose to third parties any data for any purpose.” Also note that everytime we sent a new update, I had to redo the Mobile Device Management Capability form. Frustration level was increasing at this point.
Sept 6th, 2019 – I replied confirming what we used Google Firebase for: app crashes to monitor the health of our app (again Apple has no alternatives to this) and a database service for our Family Messenger feature that handles app approval/general family communication. I had also confirmed this with the support team at Google Firebase.
Sept 10th, 2019 – No answer so I followed up.
Sept 11th, 2019 – Received a voicemail… the App Review team was asking for additional clarity on Google Firebase.
Sept 12th, 2019 – I reiterated what was collected in the crash report via Google Firebase. I even reviewed the privacy policies and it clearly said no user data was being stored anywhere. I also went into further detail of what our Family Messenger feature leveraged in Google Firebase.
Sept 16th, 2019 – Still waiting for a reply… sent a follow up message. I also shared further details including recent negative user reviews, how their continual delays and unfair digging into our app vs others now had us miss our back to school launch and missed opportunity to increase our sales. This was officially hurting our business because of Apple’s processes. I requested an escalation to a Manager.
Sept 18th 2019 – I received a call from an App Review Manager. He shared that he had escalated us to the App Review Board.
Sept 27th 2019 – Finally heard back and the App Review Board rejected our appeal again. We had to completely remove the Analytical portion in our app. I reiterated our use of Google Firebase with our Family Messenger feature which was not an analytics service.
Oct 11th, 2019 – we pushed our app for review without the analytics.
Oct 21st, 2019 – Received App Review team message from the apologizing for the delay… 10 days and counting since submitting the update.
Oct 25th, 2019 – Boomerang Parental Control was now approved for release.

iOS13

With the fall 2019 release of iOS 13, Apple silently changed MDM policies again, resulting in even less available functionality for parental control apps. We can no longer block Safari and the App Store since Apple now requires devices set up in “Supervised Mode” which is normally used by companies, government and schools for advanced mobile device management. These were two key apps we blocked when the schedule was up, when parents timed out their kids’ iOS devices or when parents wanted our SPIN Safe Browser as the only browser on their child’s iPhones.

So it’s early 2020 and we still have parents that:

  1. are not aware that iOS now includes screen time features – it’s buried in iOS Settings > Screen Time. 
  2. are mixed – parents use Android and kids use iPhones/iPads
  3. are asking us why we cannot offer our Android feature set for iOS devices (hopefully I answered why above).

Apple has shown that they will change their minds if there is negative press about them. These are some of the reasons why we continue to recommend Android devices for your kids first smartphone (and you can still control them from your iPhone!). I thank you for sharing this post with your social media networks – certainly many other parents would benefit from knowing this.

Any way you slice it, Apple continues to be anti-competitive.

Thanks you for reading, for listening and for sharing. 🙏

P.S. The most memorable quote from a customer that switched his kids to Android: “Well, it’s like going out and buying a suit to match your tie, but it’s worth it.”

JP

Dad, Cyber Safety Influencer, Product Evangelist, Avid Cyclist, Hobbyist Musician. Battling the constant love/hate with tech.

This entry has 25 replies

  1. Carl Britton says:

    This is the reason I will never purchase an Apple device. They may have improved some of the screen time features but with my son going to high school later this year, I want the ability to see what texts he is sending and receiving. There is so much online bullying in high schools and if there are problems we need to know. Apple should be praising and supporting your app, not making it difficult. Continue the fab work!

    • Thanks for the comment and support Carl. The real trigger for me was reading how many 100% iOS users that tested our app didn’t know Apple had screen time controls.

  2. Concerned Parent says:

    It’s one thing to cut out 3rd parties, but Apple’s native controls don’t even come close! Is there a way to side-load on apple via iTunes maybe? If there is (which I doubt) maybe that is worth considering?

    • iOS sideload at best maybe possible with jailbreak devices. The challenge is Apple’s control also extends to the user of their MDM Device Profile for control of iOS devices so if word got out about this we could get our service cut. Not optimal. Android allows sideloading and has proper security user warnings too in the recent versions making the process to install from a trusted source like us totally fine.

  3. MB says:

    I am a parent with an iPhone and I extensively researched parental controls before getting my child his first phone. He was able to game 4 apps before I found this one. He learned he could turn the phone on in safe mode and access YouTube any time. I chose android because there were more control options. I will be disappointed if you can’t keep the iPhone parent app but maybe you could create a browser app that I could put a shortcut to on my phone. I’ve had parents ask me what we use and I tell them sorry I can not help you if your child has an iPhone. I can see you’ve had a frustrating time with Apple and I appreciate all the work you’ve put in. I hope you can keep the Android product even if you can’t support the apple child product because I NEED this for 4 more years!

    • Thanks for sharing your story and your support.

  4. Carl Britton says:

    Hi Justin. There are thousands of parents like me who appreciate the work you are doing trying to keep our children safe online.
    The screen time function is OK…if all you want to do if restrict time or apps. But most parents want to see what their children are up to and Apple doesn’t go far enough with screen time. I’d want to see what they are searching, who they are communicating with etc. This is what Boomerang offers on Android but with Apple being less than helpful some of these very important features are missing on iOS. Unfortunately it’s too late for us as our son already has an Apple device and I am concerned we won’t be able to monitor things when he goes to high school. We’re hoping things will change before our daughter goes to high school but if not, she’ll have an Android device!

  5. Joel Ivey says:

    So just curious, on an Android I can monitor the actual texting going to and from, and deleting prohibited? That’s the big gaping hole I’ve encountered with iOS.

    • Hi Joel – since Android 5, we can no longer actually delete any offending text messages. We will notify parents when bad words and flagged numbers are detected. You can receive these notifications via your group email and our Parent Mode on Android/iOS. Today, you can monitor iMessages with this tip https://useboomerang.com/2019/05/10/monitor-imessages-free2019/ but no notifications for bad words and requires your kid to not change their iCloud password.

  6. Barb Sanders says:

    I love both Spin and Boomerang. They bring me peace of mind. My family and I have only ever had Android devices and now I am even more thankful as I read the headaches for those who own Apple.
    Thank you Justin and your team.
    Keep up the great work !!

    • Thanks so much for your support and comment. ♥️🙏

  7. Stephanie Wendler says:

    I am with Barb! I am so very thankful for your app and that we have always been android users. We have been struggling with our son since he was 11 and another child introduced him to pornography. We had to remove all access to unsupervised technology for almost a year. Unfortunately the damage was done. We reintroduced the internet/phone freedom with typical controls provided through the phone and computer at about about 13. He is now 14 and we have discovered he has a real addiction. Without your app, I’m afraid I would not be able to allow him a phone at all. Your app allows him the ability to text with friends, play games and look like a normal kid. My being able to see everything that goes on gives me the piece of mind I need. We still have to prevent him from free internet access, but at least it isn’t making him feel like a deprived outcast, as he would feel if he couldn’t have a phone, like all of the other kids. The hard work, dedication and detail you have put into your app has literally saved my son. I can’t imagine sending him to high school with the ability to use the internet unsupervised. There is so much proof how pornography can alter a growing and developing mind. Thank you, Thank you, Thank you, from the bottom of my heart!!!!

    • Thanks so much for sharing your story with us and the world Stephanie. We focus too much on how much screen time and bad apps but ubiquitous unfiltered pornography access on any device should be where we start.

  8. Christi Walker Alston says:

    I switched my sons phone from android to Apple and didn’t know the same features were not available for Apple. I was very disappointed when I learned this as I basically have no way to see texts and receive notifications. If I would have known this I never would have purchased an Apple phone for him. I loved Boomerang when he was using an android phone.

    • Thanks very much for your comment and support. 🙏

    • Jennifer says:

      We were the same way. Had heard of the screen time offers thru Apple, but they in no way compare to boomerang and are not user friendly. I basically just set their phones to cut off at midnight and haven’t really tried to use their apps control. Don’t leave android- LOL.

  9. Gerald L Story says:

    When my girls needed new phones we got them some cheap iphones to replace their android phones. What a huge mistake that was. We figured out too late what Apple did to your IOS version and Apples “Screen Time” is so not what your product does. The control over what my child can do and what I can monitor is just not there in Apples world. I miss your product so much. I hope they break those iPhones soon.

    • Thanks for sharing your story with us Gerald. We would welcome you back with open arms!

  10. Taryn Johnson says:

    Hello! We live in a split household and my son has an Android phone on his dads plan, but at our home we have apple devices. I just purchased the app and downloaded on both my phone and his. How does it work when the parent has iOS and the child has android?

    • Hi Taryn, great question. The good news is in your scenario, we still provide the best combination. Our challenge is control iOS child mode devices. We may have a couple of minor cosmetic changes between our Parent Mode on Android vs iOS but overall, core functions are all there to control Android child devices.

      • Taryn Johnson says:

        Great, this is really good to know, thank you!! So far loving the app!

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>