Stop Unwanted Changes on Mobile Devices
One of the biggest challenges parents face when configuring and hardening their kids devices is restricting their ability to remove applications and configurations. It’s further complicated because technology providers, like Google and Apple, approach parental control as an afterthought in many instances, which inevitably introduce new ways that can be used to bypass the controls you deploy.
To help, here is a guide that will help you be more thoughtful as you think about ways to ensure you provide your kids the safe browsing experiences they deserve.
Things to Consider When Hardening Child Devices
First, the most common thing that parents typically don’t understand is a basic principle in security known as “least privileged.”
This principle speaks to giving someone only the access they require, when they require it, and only for as long as they require it. It alludes to “permissions” or the rights a user has on whatever machine they are using.
This matters because as a parent you have to remember that if you give your child administrative permission on their machine, essentially giving them the keys to the kingdom, they can almost do whatever they want. There are, however, ways to put some controls even on administrative accounts.
Second, kids often know the pins you use. Maybe you shared it one day when you didn’t want to get off the couch, or when you were busy and wanted them to go away. It happens, this means if you use the same pin / passcode / passphrase to harden and prevent administrative changes they will surely undo it.
These are the two common misunderstandings, and misconfigurations, we see with the parents that try to harden their child’s device.
How to Harden Devices – Android and iOS
Hardening to prevent what should be administrative rights is a bit different depending on what device you’re working with.
Google Android
On Android, we recommend the AI Lock: Hide and Lock any App. This application gives you the ability to finely tune the features a user can access.
For instance, you can restrict the users ability to access / manipulate the Settings page on the device, or restrict their ability to Install or Uninstall applications. Extremely powerful when you’re deploying an app like CleanBrowsing to force their content filtering.
Apple iOS
The iOS is a bit different.
You control what a user can do by using the Screen Time option. You find this inside settings, and you have to configure it on each device, unless your kid is under 13 and you add them as a child to your device.
Screen Time is an extremely powerful feature, it allows you to control a lot of things. The most important being the ability to Install / Uninstall applications. It’s biggest shortcoming is that it doesn’t restrict access to the “General Settings” page.
To restrict the users ability to uninstall you have to navigate to General Settings > Screen Time > Content & Privacy Restrictions.
Enable the Content & Privacy Restrictions option.
Once enabled, you will go to iTunes & App Store purchases. There you will see the option to allow or disallow the ability to make purchases, delete apps, etc..For more tips, be sure to also visit our Definitive guide for child proofing your iPhone or iPad, it speaks to some of the same concepts addressed here but also speaks to other things you should consider when hardening your devices.
Consumer MDM Option
Another option that would give consumer advanced controls would be GetPlucky, which goes by Andoff on the Android PlayStore. This tool gives you an experience like what enterprises offer with Mobile Device Management (MDM) solutions.
Proactive Parenting is Required
If you deploy these techniques on your child’s respective device you should dramatically curve their ability to undo your changes. They aren’t fail-proof, but highly effective.
Parenting requires you to be proactive, and these tips will help you do exactly that, and they work well with the CleanBrowsing content filtering solution.