Learn how to prevent users from changing DNS filtering settings on mobile devices. This guide covers Screen Time restrictions on iOS and parental control options on Android to lock down your CleanBrowsing configuration.
Screen Time is a powerful built-in feature on iOS that lets you restrict what users can do on the device.
Note: Make sure the Screen Time passcode is different from the device unlock passcode.
With Screen Time enabled, configure Content & Privacy Restrictions to prevent changes to the DNS configuration:
This gives you control over which settings and features can be modified on the device.
If you are using the CleanBrowsing app on iOS, prevent it from being deleted:
This prevents users from uninstalling the CleanBrowsing app or any other app on the device.
Note: Screen Time does not directly restrict access to the General Settings page, so users can still view Wi-Fi DNS settings. However, if you are using the CleanBrowsing app (which uses a VPN profile), preventing app deletion is the most effective approach.
On Android, you can use an app lock tool to restrict access to the device Settings, preventing changes to DNS configuration.
A recommended option is AI Lock (available on Google Play Store), which allows you to:
To prevent users from installing apps that could bypass DNS filtering (such as VPN apps or alternative browsers):
If you are using the CleanBrowsing app, also make sure you have set the in-app passcode (see Android setup guide).
For more advanced device management, consider these additional options:
Tip: For the strongest protection, combine device-level restrictions with router-level DNS filtering. This way, even if a user manages to change settings on their device, the network-wide filter will still apply when they are on your home network.