IDOR in family pairing API

An Insecure Direct Object Reference (IDOR) vulnerability was found on a Family Pairing endpoint via the 'user_id' post field, which could have resulted in the ability to turn off the screen time management settings for arbitrary accounts, or the ability for a family member to remove their own account restrictions. We thank @ahmedna126 for reporting this to our team.