Frederik Riedel
I build apps.
Sep 14, 2024 3 min read

Apple’s Screen Time API has some major issues

I’m Frederik and I’m the developer of the “one sec” app – which helps users to spend less time on social media.

For that reason, I’m heavily making use of Apple’s Screen Time frameworks: DeviceActivity, ManagedSettings, FamilyControls.

As a developer, it’s not fun to work with these frameworks. While the original intentions of the API are great, many bugs exist that make my life hard. I try my best to work around all limitations, but unfortunately it’s not always possible.

In this blog post I’m summarizing some of the most prominent issues, hoping that my users get more understanding why features break sometimes.

How does the Screen Time API actually work

Apple’s approach to allow 3rd party apps manage screen time restrictions has a strong focus on privacy (which I like!): apps, such as one sec, don’t get any information on which target apps the user actually selects through FamilyActivitySelection, all information is hidden behind cryptographic tokens.

Application tokens look like this:

{
  "data": "AAAAAAAAAAAAAAAA0vp9A47itDEtRFJBo1qTIcnqhPUqGPgXo9lsfUwtJznfeI8C0/mKPRCpuJoazKFwo/RQg0gysx9Bpe/EId3yY7DeNlmHWM+fjpn9ZMsvPd6k76Mu3dmMv98QAKDKwNEKJv7aLjjfCnWVgP/8Y4SIe5RLjU8="
}

These app tokens can be used within SwiftUI Labels, to generate a user-facting display of the app’s name and icon, and they can be provided to a so-called ManagedSettingsStore which will shield the app with an overlay.

Problem 1: Random Tokens (FB14082790)

Now that you know about the tokens, I can introduce you to the first major issue we see with the API:

From time to time, and without consistency, Screen Time suddenly provides new, random, unknown tokens to my app in the ShieldConfigurationDataSource and ShieldActionDelegate:

It’s basically like: hey, the app with token mb1b5nBgxUGv… should be blocked, please provide the ShieldConfiguration to shield the app!

Or: Hey, the user has pressed on the “Intervention” button in the Shield for the app with token mb1b5nBgxUGv…. Do what should happen!

Problem is: my app has never heard about this particular token before.

So it does not know which group of tokens it belongs to, it cannot check which ManagedSettingsStore the app is actually blocked by – because in there, strangely the old tokens remain present.

So all in all, crucial context is missing: is this a Re-Interevntion? A Good Morning Countdown? A Block Session? A Block Schedule? A Focus Filter?

Screenshots of three different block shields of one sec There are many reasons why an app could be blocked by one sec – if a fresh, unknown token is provided to the Shield Confirguation Delegate there’s no way the code can determine the appropirate user interface.

…and it’s not only me, this issue has been reported as well by:

Scott Harvey, ScreenZen App: https://forums.developer.apple.com/forums/thread/756440
Thomas Maht, Jomo App: https://forums.developer.apple.com/forums/thread/758325
Peter Schaeffer, Opal App: https://forums.developer.apple.com/forums/thread/758325?answerId=793267022#793267022

Problem 2: Moving Tokens from one `ManagedSettingsStore` to Another (FB14237883)

Problem 3: Unable to Lock Access to Screen Time Permissions for 3rd Party Apps

Problem 4: Unable to Open Parent App (one sec) from Shield (FB15079668)

If you liked this article, you can follow me on Twitter and subscribe to my newsletter to stay up to date.

Real-Life M1 Pro Review from an App-Developer »