iPhones for Explorers: Managing passwords

From a book chapter on managing Explorer passwords (credentials):

Every Explorer digital identity involves, at the least, a “name” for the Explorer and a password. Almost all involve an email address for communication, password resets and (alas) marketing. Most now require a mobile number.

Sometimes these things are called “credentials” but for simplicity I’ll refer to managing passwords. Just remember that there are “names” and other things that often go along with passwords.

These are the practices that I’ve followed for Explorer passwords used by iPhone Apps:

1. Every important digital identity needs a unique good-enough password. Reusing passwords is risky[1]. It should be something you can tap in by hand[2].

2. Use as few services as possible. Does your Explorer truly need yet another service and unique password? If an account is needed and the vendor offers “Sign in with Apple[3]” use that instead of creating a new password to store.

3. Explorers don’t need to know most passwords. You can’t be tricked into revealing a secret you don’t know, and iPhone apps will store the passwords most Explorer’s need.

4. Guides need a good way to manage passwords and other things associated with secure accounts.

That covers apps, but what about passwords for web sites? The good news is that these can mostly be avoided. Almost all web services worth having a password for also have an iOS app. If an Explorer does need web site credentials I recommend letting the iPhone take care of it. If iCloud Keychain is enabled (the default), then iOS includes an almost invisible password manager[4]. It records usernames and passwords entered for web sites and it will recall them as needed. If a new web site password is needed iOS will generate one and save it in the iOS password manager. You can read more about the iPhone’s built-in password manager in the security chapter of the iOS User Guide.

I think most Explorers will need less than a dozen important credentials stored for the services they personally use. In the next chapter I’ll talk about how a Guide can manage these.

- fn –

[1] For example, if you lose control of your iCloud password, and you reused that password with your bank, then you may lose your savings.
[2] I use StrongPassword.app on my Mac in “word” mode. You can also pick “randomly” from a dictionary and throw in some symbols and numbers. The strongest passwords are long random strings that are nearly impossible to type or tap.
[3] I don’t recommend using “Sign in with Facebook”, they are not a good partner for privacy or security. Sign in with Google is acceptable but of course it does require creating a Google account.
[4] The easiest way to see the interface is to say: “Hey Siri, show me my passwords”.

iPhones for all: Book chapter on configuring Explorer notifications

From the chapter on “Simplifying the iPhone”:

iPhone apps have many ways to get an Explorer’s attention. They can beep, flash[1], display red circles on icons, and show “banners”. Banners are text and images that can stay or fade, and they can appear over apps, on the notification screen, and on the lock screen.

Yes, that’s probably too many ways to get attention — and apps love attention. When many apps are installed they request every possible notification. It adds up to a clamor of distraction. Important notifications, like an incoming message or a Reminder notice, can be lost in the crowd.

Happily it’s not that hard to control distractions. Go to Settings:Notifications and turn “Show Previews” to Never (this will now be the default setting for every app).

Next, for every app listed in Settings:Notifications tap on the app name and toggle “Allow Notifications” to off.

Lastly scroll down to the bottom of Settings:Notifications and review “Government Alerts”. I recommend turning off the AMBER alerts for most Explorers. Emergency and Public Safety alerts[2] are rare, for some Explorers they are useful, for others they can be disabled.

Now you can relax and appreciate the peace and quiet for a moment.

Alas, we can’t do entirely without notifications. Exporers benefit from notifications from Reminders.app, Calendar.app,  FaceTime.app, Mail.app, and Messages.app among others. So for each of these you’ll turn Allow Notifications on and Notification Grouping to “Automatic” and Show Previews to “Never” (both should be default). 

Then, for each of these apps, turn everything off (No Lock Screen, No Notification Center[3]) except for what’s listed below:




Badges on.


Sounds and Badges on, Banners on and persistent.


Calendar is complicated!

For Invitations show Badges. For Upcoming Events Sounds on, Banners on and persistent. Everything else off!


Sounds and Badges on.


Sounds on.

[1] Flash notifications are enabled in accessibility and are designed for persons who do not hear well.

[2] Emergency alerts include tornado warnings, flash floods, and the like. Public Safety alerts are not well documented, I think they can be generated by police.

[3] Notification center is particularly confusing — for most Explorers keep it empty.

Historic event: Google expands “accessibility” to include cognitive disability

I’ve never seen anything like this from Microsoft, Apple, or Google — until today …

Action Blocks: one tap to make technology more accessible

we’ve been experimenting with how the Assistant and Android can work together to reduce the complexity of these tasks for people with cognitive disabilities…

… Googler Lorenzo Caggioni used the Assistant to build a device called DIVA for his brother Giovanni, who is legally blind, deaf and has Down Syndrome. DIVA makes people with disabilities more autonomous, helping them interact with the Assistant in a nonverbal way. With DIVA, Giovanni can watch his favorite shows and listen to his music on his own. ..

… Action Blocks is the first of our many efforts to empower people with cognitive disabilities, help them gain independence, connect with loved ones and engage in the world as they are. 

The product is still in the testing phase, and if you’re the caregiver or family member of someone with a cognitive disability that could benefit, please join our trusted tester program. Follow us @googleaccess to learn more.

I’ve been making noises for years that smartphone accessibility should go beyond hearing and vision to cognitive disabilities. The silence has been complete. I thought action would require litigation or regulation.

I’m so pleased Google is taking this step. They went first. Nobody can take that one away! I am disappointed that Apple has done nothing. Maybe Google’s lead will move them. I have many many ideas Apple is free to use.

My book project is about iPhones, not Android phones, but if we were using Android phones I’d sign up for that tester program.

Managing web access on iOS for Explorers (and for younger children)

My current thoughts on managing web access on an iPhone. I wish Apple gave us better options, I haven’t heard of any improvements coming with iOS 13. I don’t mention third party solutions — I tested those extensively years ago and decided they weren’t worth pursuing. That’s not a fault of the vendors, Apple needs to do more.

When it comes to giving parents and Guides web management tools Apple has left room for improvement.

My first recommendation for managing web access on the iPhone is to disable it completely! This seems extreme, but in practice most of the things we do on our iPhones are better done using an App rather than using Safari. In addition Apple’s other solutions, like “Limit Adult Websites” don’t work reliably.

To disable web access I recommend two measures, though in theory either would suffice. From Settings:Screen Time tap on “Content & Privacy Restrictions”, then tap on “Allowed Apps[1]” and toggle Safari off. On the same settings screen find “Content Restrictions”, tap on “Web Content” and set it to “Allowed websites only”.

For most Explorers that will suffice. Some Explorers, however, will discover that installing Chrome, or any of dozens of App Store browsers designed to circumvent Screen Time, will defeat these restrictions.

If there truly is a need to maintain restrictions then the next step is to remove all alternative browsers and either turn off the App Store or set an Apps age limit of 12+ (see Managing app installs). This is extreme, but I haven’t found anything else that works and is practical to maintain.

If an Explorer makes developmentally appropriate web content choices, and is not particularly vulnerable to exploitation, another approach is to accept Apple’s default settings and use Screen Time reports to monitor web sites visited. This requries configuring Screen Time to show web sites. I have more on that below.

I’ve not discussed Apple’s option to “Limit Adult Websites”. There’s no documentation on how Apple does this and in my experience it’s not reliable. There’s one circumstance it which it may be useful though. If an Explorer has a problem with a particular web site, and just wants help avoiding it, you can enable this feature and then block a particular site (ex: reddit.com). It’s easy to work around this kind of block, so this is for a mature Explorer who wants help avoiding a particular site. You will find this setting under Content Restrictions:Web Content.


Managing the apps an Explorer can add to their iPhone

This is my understanding of the iOS 12 options a Family Organizer can use to manage what apps a family member under 18 [1] can install:

IOS app installation control

Disallow install: Screen Time:Content & Privacy Restrictions:iTunes & App Store Purchases
Set age limit: Screen Time:Content & Privacy Restrictions:Content Restrictions and tap on Apps
Ask to buy: Organizer Apple ID:Family Sharing. For each family member under 18 enable “Ask to Buy”.

For now Guides supporting an Explorer’s application use will usually want to enable “Ask to Buy”. It doesn’t help much with managing App installation, but it’s important for managing expenses.

If an age limit works for an Explorer that’s a relatively effective option.

If an Explorer needs at least one adult app, but needs to avoid some of them, you can’t use the age limit method. A Guide has to disallow app installation, which hides App Store.app completely. In this case an Explorer cannot browse the App Store. This is not a great solution.

What we really need is an “Ask to install” in addition to “Ask to buy”, but what we have is Disallow install. I haven’t heard if iOS 13 is better.

– fn –

[1] At this time Guides of special needs adults need to set the adult’s Apple ID birthdate so their calculated age is 13-15 years old.

Letter to Senator Amy Klobuchar on Apple’s Screen Time failures

I wrote a few weeks ago that iOS 12 Screen Time bugs blocked book work. Today I returned to the fight and this time I found more reports on Apple Support and on Twitter. In one case a very tech savvy user fought their way up the tier of Apple phone support before they were dropped.

Maybe Apple will fix this is in iOS 13 — but I’ve not seen reports of any fixes. My guess is their original design needs to be redone. That’s expensive, and by and large the media and politicians have moved on. They may assume that Apple actually did provided an effective solution rather than an effective description.

That’s why I wrote this letter to the Senior Senator for Minnesota. Please consider writing a similar letter to your Representative or Senator.

Dear Senator Klobuchar,

I’m writing as a parent, a healthcare provider, and as someone with a special interest in using smartphone technology to enhance the independence of special needs children, teens and adults.

I’d like you and your staff to be aware that Apple is not living up to its promises to provide “Screen Time” tools to manage how smartphones are used and abused by vulnerable persons. The tools they provided in iOS 12 last year look good in demonstrations, but they have serious bugs. In testing I’ve done as part of a book project (smartphones for special needs independence – www.sphone4all.com) I’ve seen Screen Time simply stop working. I’ve seen this happen with non-test devices too. There are unanswered reports on this in Apple Support. Twitter has reports of users pursuing this high in Apple Support without a response.

There are many more things we need Apple to do beyond fixing their existing product. They should open the API to 3rd party products that can better serve vulnerable users of all ages. They need to redo some poor design decisions. But first they have to produce a working product.

I’m hoping that Congress won’t be fooled by Apple’s marketing. They have strong incentives to not provide a working solution that reduces device misuse. We will need to hold their feet to the fire for years to come. Thank you for your help with this!

Book hiatus: iOS 12 Screen Time is a mess.

I’ve spent about 8 weeks plugging away on one critical chapter in my iPhones for All book project on supporting independence for special needs adults. It’s a chapter on enabling safe use and it’s forced me to do a deep dive into what works and what doesn’t work with iOS 12 Screen Time.

Today I gave up. The proverbial last straw was when I used remote Screen Time to disabled “Store Purchases & Redownloads” and … nothing happened. It believe this worked before, but this time it had no effect.

I might have triggered the bug by toggling it on and off and exploring “Ask to Buy” behaviors or by switching “Content Restrictions”. I don’t know, and it doesn’t matter. It’s not the only bug I’ve run into, it’s just the latest one.

iOS 12 (remote) Screen Time is a mess. I’d read that it was a rush job. I’m sure it was. I think Apple bolted it on to their problematic Family Sharing infrastructure and discovered too late that the challenge was ten times bigger than they thought it was.

I don’t know if Apple will fix Screen Time in iOS 13. I’ve seen rumors that they might redo it, but I fear the problems are too deep to be fixed in a single release iterations. I also worry that the political pressure is off of Apple.

I’m going to focus on other parts of the book project and wait and see if iOS 13 is any better.

Apple “Ask to Buy” isn’t useful for managing app installation by children or Explorers

Apple’s Family Sharing has an “Ask to Buy” option for users (Explorers) under the age of 18 [1].

It seems like a good option for managing installation of apps and media. It isn’t. It’s only a good option for managing initial purchases. 

If an app or media has been previously purchased by a family member or by the Explorer, it can be downloaded without creating a request to the Family Organizer [2]. 

Incidentally, the way Family Sharing works family members over 18 can download without Ask to Buy and the Family Organizer will be charged for the app. Apple really doesn’t want adults using Family Sharing, including dependent adults.

– fn –

[1] Most of Apple’s parental control features only work when their Apple ID birthdate gives a calculated age of under 18. A birthdate over age 13 can be changed, a birthdate under 13 cannot be changed.

[2] If you try this by the way you’ll see a longstanding problem with family sharing by the way. There’s nothing in the initial display to show that a commercial app is free to download. A family member user only learns it’s free after they request it and are told it’s available for free.

Managing iOS web restrictions – the web problem and the Chrome problem

[Special thanks to one of my Explorers for teaching me about this.]

After quite a bit of experimentation I’m sort of satisfied with a fairly simple approach to managing iOS Screen Time for everything except the web.

I start by defining all the apps that always available: email, iMessage, Calendar, Find Friends, Music and so on. It’s a list of useful but kind of boring apps that Explorers can have available anytime.

Next I set an overall daily limit for use of all apps. Lastly I set Downtime for work on day breaks. It’s not a perfect solution [1] but it covers the bases for all but the web.

The web is another story. Apple isn’t much help here and I’m not sure anything works that well. I am coming around to the idea of blocking all web access for younger or more vulnerable Explorers. To do this you have to do two things:

  1. Toggle Safari off in Content & Privacy Restrictions:Allowed Apps
  2. Set Web Content to Allowed Websites Only and delete the items on the Allowed Site list.

The second measure blocks Chrome use and I believe it will block many embedded browsers as well. 

Blocking all web access has less impact now than it would have had five years ago. A lot of functionality has moved from the web to apps.

If you want to allow web access things get complicated. Apple’s iOS 12 Web Content restrictions work for both Safari and Chrome [2], but the “Limit Adult Websites” doesn’t work very well [3], and there’s no longer a way for an Explorer to request adding a blocked site to the “Allowed Websites” list. (In prior versions of iOS an Explorer could remotely request additions. I miss that feature.)

The best I’ve been able to do with Apple’s iOS 12.2 tech is to:

  1. Set Web Content to Allowed Websites Only.
  2. If Chrome or other browser is installed set App Limit on Chrome to 1 min (we want a 0 min limit, but that’s not available). Alternatively, if you have limitations on app installation, remove Chrome and don’t authorize reinstallation.
  3. Set App Limit on problem websites to 1 min.

How do you set App Limits on individual apps or websites?

Well, thanks to Apple’s famous focus on user experience and intuitive user interfaces that’s really easy …

Hah, hah. Just kidding. It’s insanely obscure.

From a Guide’s iPhone go to the Explorer’s Screen Time settings. Enable “include website data”.  Now tap on the Report of time used. Yeah, tap on the Report of hours and minutes.

You’ll now see the Secret Power User Screen Time Controls (SPUSCTC). Look at Most Used. You can toggle between Apps & Websites and Categories. From Apps & Websites you can see individual sites visited in Safari, not in Chrome or other browsers, just Safari.  You can tap on an App like Chrome.app, or an individual web site, and set a limit. You can’t set a limit of 0 minutes (that would be nice), but you can choose 1 minute.

If you do this regularly for a few weeks you may be able to manage high risk web activities for a vulnerable Explore. Or you may find you just need to turn the web off.

You have to block Chrome by preventing installation or limiting use to “1 minute” because these site specific restrictions only work for Safari [4]. An Explorer who installs Chrome can bypass them all. 

PS. Dear Apple, I’d be willing to redesign your Screen Time app for very modest fee. I swear you don’t need to add a lot of new features or do anything hard.

– fn –

[1] We’d be better off if Apple added an Apple Limit Category of “All but always allowed”. That would significantly improve Screen Time use. Define always allowed, then set a time cap for everything else. I’d rather listening to music didn’t count against the time cap.

[2] You may need to toggle airplane mode on a Guide’s iPhone to see the effect of changes. Otherwise they take a while to show up.

[3] Pornhub and other well known sites are blocked, but it’s not hard to find a universe of unblocked adult sites.

NYT on Apple’s Screen Time failures and the assault on third party alternatives

The New York Times has a pretty good article on the existential crisis facing vendors who have tried to provide parental control (parenting support) services for iOS devices:

Apple Cracks Down on Apps That Fight iPhone Addiction – The New York Times, Jack Nicas, April 27, 2019
… Over the past year, Apple has removed or restricted at least 11 of the 17 most downloaded screen-time and parental-control apps, according to an analysis by The New York Times and Sensor Tower, an app-data firm. Apple has also clamped down on a number of lesser-known apps.

In some cases, Apple forced companies to remove features that allowed parents to control their children’s devices or that blocked children’s access to certain apps and adult content. In other cases, it simply pulled the apps from its App Store…. 

…. On Thursday, two of the most popular parental-control apps, Kidslox and Qustodio, filed a complaint with the European Union’s competition office. Kidslox said business had plummeted since Apple forced changes to its app that made it less useful than Apple’s tool.

Apple also faces an antitrust complaint in Russia from Kaspersky Lab …  which said Apple had forced it to remove key features from its parental-control app. The company is exploring a similar complaint in Europe, a Kaspersky spokeswoman said.

… In early 2018, two prominent Wall Street investors urged Apple to address concerns that people were becoming addicted to their smartphones. In June, the company announced plans for tools to help iPhone owners track and limit their and their children’s phone use. It began offering the tools in September, tucked into the phone’s settings menu.

Shortly after announcing its new tools, Apple began purging apps that offered similar services.

Apple told the companies that their apps violated App Store rules, like enabling one iPhone to control another, although it had allowed such practices for years and had approved hundreds of versions of their apps.

Apple allows corporations to use such software to control employees’ phones. But last year, the company stopped apps from using the software to enable parents to control their children’s devices. The Apple spokeswoman said Apple had blocked the practice because app makers could gain access to too much information on the children’s devices. [jf: I think this means ability to access protected data that can be misused by vendors, such as Contacts.]

Unlike apps such as OurPact, Apple’s tools don’t allow parents to schedule different times throughout a day when an app is blocked — for school or family dinner. And Apple’s tool blocks adult content only on its Safari web browser and some apps, not on other browsers or many popular apps, like Twitter, YouTube and Instagram…

Apple’s tool has another shortcoming: It requires the whole family to own iPhones. Many apps removed by Apple allowed parents with iPhones to control their children’s Android devices.

Apple has also limited the options for adults who want to fight their own phone addiction. In August, it abruptly pulled down the Freedom app, which allowed users to temporarily disable certain apps and websites. Mr. Stutzman, Freedom’s chief executive, said that to return to iPhones, he was forced to stop blocking apps and to block sites only on Apple’s Safari browser.

Apple’s tool now appears to be one of the few ways to disable apps, if not the only one. Yet when a user hits an app’s time limit on Apple’s tool, it provides a single option: “Ignore Limit.” [jf: This is not quite correct, but I understand why they got his wrong.]

The app makers said they were most frustrated by the process of meeting Apple’s sudden demands. In many cases, Apple alerted them that their apps would be removed — and their businesses crippled — via a short note, according to correspondence viewed by The Times.

When app makers asked for more information, responses were often perfunctory and slow in coming…

I give the NY Times a lot of credit for tackling this topic. Mr Nicas probably needed a stiff drink after finishing this. It’s a complex problem.

On the one hand, Apple is right. I spent quite a bit of time testing Qustodio and it’s competitors prior to the release of enhanced Screen Time. None of them were acceptable. They all had business model issues or were easy to bypass, or didn’t quite work, or had weird side effects. I can believe they all broke App Store rules and that good devs would have known that.

On the other hand … Apple tolerated these apps. Then Apple both abruptly enforced rules and added new ones (allegedly blocking use of corporate MDM). Apple also shipped a half-built solution that has big bugs (if you enroll a device in remote Screen Time you can never truly remove it), almost non-existent documentation (especially for remote Screen Time), works only within the iOS ecosystem (no web interface), is both very complex and also insufficient, requires complex side-effect rich family sharing that ends abruptly at age 18, and is understood by almost nobody. Did I mention the #$! bugs?

Oh, yeah, and Apple’s new Screen Time is really lousy at managing web sites and the Safari app. It’s a significant regression from iOS 11 Restrictions. (My guess is that Apple figures the web is dead, so not worth worrying about.)

So there are sins on both sides, but as the best outside judge anyone is going to get I rule against Apple. They made a good initial effort on Screen Time but then they stopped work. They aren’t fixing their bugs. They haven’t provided a toolkit outside vendors can use to provide features Apple doesn’t provide. They have been as brutal to these vendors as they’ve been to all but the big and powerful. The one thing Apple has succeeded at is ending the external pressure they were getting.

I’d love to see Congress put some pressure on Apple. They need to finish the work they started, then they need to refine it and provide an API vendors can use to support unique needs, such as extended support for special needs adult. I’m available to testify!