Stop Changes on iOS & Android Devices

Step 1: iOS - Enable Screen Time

Screen Time is a powerful built-in feature on iOS that lets you restrict what users can do on the device.

1. Open Settings on the iPhone or iPad
2. Tap Screen Time
3. If not already enabled, tap Turn On Screen Time
4. Tap Use Screen Time Passcode and set a passcode that only you know

Note: Make sure the Screen Time passcode is different from the device unlock passcode.

Step 2: iOS - Enable Content & Privacy Restrictions

With Screen Time enabled, configure Content & Privacy Restrictions to prevent changes to the DNS configuration:

1. Go to Settings > Screen Time > Content & Privacy Restrictions
2. Toggle Content & Privacy Restrictions on
3. Enter your Screen Time passcode when prompted

This gives you control over which settings and features can be modified on the device.

Step 3: iOS - Prevent App Deletion

If you are using the CleanBrowsing app on iOS, prevent it from being deleted:

1. Go to Settings > Screen Time > Content & Privacy Restrictions
2. Tap iTunes & App Store Purchases
3. Set Deleting Apps to Don't Allow

This prevents users from uninstalling the CleanBrowsing app or any other app on the device.

Note: Screen Time does not directly restrict access to the General Settings page, so users can still view Wi-Fi DNS settings. However, if you are using the CleanBrowsing app (which uses a VPN profile), preventing app deletion is the most effective approach.

Step 4: Android - Hide the Settings App

The simplest first step is to hide the Settings app icon from the home screen. This won't fully disable Settings, but it removes easy access and is a good first layer of protection.

On Samsung devices:

1. Open Settings > Home Screen Settings > Hide Apps
2. Select the Settings app and tap Done

On other Android devices: Most manufacturers offer similar functionality. Look for Home Screen Settings or App Visibility options in your device settings or launcher preferences.

Note: Hiding the app icon does not disable Settings entirely — it can still be accessed through the notification shade or other entry points. Combine this with an AppLocker (Step 5) for stronger protection.

Step 5: Android - Use an AppLocker

An AppLocker lets you password-protect specific apps, including the Settings app itself. This prevents users from opening Settings to change DNS, Wi-Fi, or VPN configurations.

There are several AppLocker tools available on the Google Play Store. One option is AppLocker Pro, which lets you lock specific apps behind a PIN or pattern:

1. Install AppLocker Pro from the Google Play Store
2. Create a new blocklist or lock list
3. Search for and add Android System Settings (or "Settings") to the list
4. Set a passcode or PIN that only you know
5. Activate the block

When choosing an AppLocker, look for one that:

• Supports locking system apps (not just third-party apps)
• Has its own uninstall protection (Device Administrator or similar)
• Cannot be easily bypassed by clearing app data

Tip: Have another person set the AppLocker passcode so you aren't tempted to bypass it yourself. Most AppLocker tools also let you lock the Google Play Store to prevent installation of VPN or browser apps that could circumvent filtering.

Step 6: Android - Restrict App Installation

Even with Settings locked, users can bypass DNS filtering by installing VPN apps or alternative browsers. Lock down app installation as well:

1. In your AppLocker, add the Google Play Store to the lock list
2. Disable Install from Unknown Sources in device settings (do this before locking Settings)
3. If using the CleanBrowsing app, enable Device Administrator privileges for it — this prevents uninstallation without first revoking admin access

If you are using the CleanBrowsing app, also make sure you have set the in-app passcode (see Android setup guide).

Note: Quick-settings tiles in the notification shade (Wi-Fi, Bluetooth, Airplane mode) can still be accessed without opening the full Settings app. An MDM solution (Step 7) is the only way to fully restrict those.

Step 7: Android - MDM / Kiosk Mode (Advanced)

For the strongest Android lockdown, use a Mobile Device Manager (MDM) to put the device into Kiosk Mode. This is the only method that fully controls which apps are visible and prevents access to quick-settings toggles.

With an MDM in Kiosk Mode you can:

• Hide system apps including Settings entirely
• Whitelist only approved applications
• Lock down network and VPN settings at the OS level
• Prevent users from accessing quick-settings tiles

Consumer-friendly MDM options:

• Google Family Link: Free and built into Android. Lets you manage apps, screen time, and some device settings for child accounts. Does not offer full Kiosk Mode but provides meaningful restrictions.
• Bark, Qustodio, or similar parental control MDMs: Offer varying levels of device management beyond just content filtering.

Note: To recover access after enabling Kiosk Mode, you will need to unassign or remove the MDM profile from the management console. Always make sure you have admin access to the MDM dashboard before locking down a device.

Step 8: Additional Protection Options

For the strongest overall protection, layer multiple approaches together:

• Router-level DNS: Configure CleanBrowsing DNS on your home router for network-wide filtering that applies regardless of individual device settings.
• CleanBrowsing App PIN: Both the iOS and Android CleanBrowsing apps support setting a separate PIN to prevent changes to filter settings.
• Firewall rules: Block outbound DNS traffic (port 53 and DoH/DoT ports) to all servers except CleanBrowsing resolvers. See our firewall bypass prevention guide.

Tip: For the strongest protection, combine device-level restrictions with router-level DNS filtering. This way, even if a user manages to change settings on their device, the network-wide filter will still apply when they are on your home network.