I have discussed here and here many of the dangers that kids face when trying to navigate technology and the Internet and some ideas for parents on how to mitigate these risks. Parents have several choices available to them for parental controls on iOS devices and for this post, I tried several of the apps available. Apps such as OurPact install a management certificate on children’s iOS device and allow parents to make schedules and deny or grant screen time from a browser or their own iOS device, but I found OurPact and other apps to be unreliable and can easily stop working anytime Apple does an update. Another downside is that if a child’s iOS device is not online, a parent’s signal to grant or deny access cannot get to the device. Even during solid network connectivity, in my testing there were multiple times when a signal to disable an iPad never was received, leaving full access enabled. Apple is well known for not playing well with third party apps that try to manage the devices or do Mobile Device Management (MDM) functionality.
Instead of relying on an app that comes with a monthly subscription cost, I reviewed the built-in parental controls available on iOS version 11 and was pleasantly surprised by some upgrades in this area over previous iOS versions. The biggest downside to the built-in iOS parental controls is it does not allow parents to set a schedule for screen time. For example, parents cannot disable the device between 9:00 p.m. and 8:00 a.m. within the iOS parental controls. I restrict my kids screen time on all their devices by using a firewall at home that can apply certain access rules to each user. While this is extremely effective, I don’t expect most people reading this will have a firewall at home.
How to Enable Parental Controls
To enable iOS restrictions, navigate to Settings > General > Restrictions:
Once the Restrictions menu has been accessed, set a PIN to access Restrictions. Note – this PIN is different than the PIN the child uses to access the device and should be something they never know and is difficult to guess.
Next, begin selecting what the child will and will not be able to access. For example, web browsing can be completely disabled by turning off Safari, the camera can be disabled, the ability to install apps can be removed, etc. I highly recommend using Apple’s family features, which allows parents to share purchased apps, music, movies, books, and other contents with everyone in the family. It also requires children to obtain a parent’s permission when they attempt to purchase anything, whether it is an in-app purchase or a new app. Apple will send anyone listed as a parent on the account a message to all Apple devices simultaneously (e.g., iPhones, iPads, Macs, etc.) stating which child is requesting to purchase something, what it is, and how much it costs. Parents can allow or deny from their device and the child will immediately know the outcome. If the parent approves, the purchase will move forward. Read more about setting this up here.
After deciding what apps and features will be allowed, additional settings are below. Parents can select whether or not Siri will allow explicit language, if books can have explicit sexual content, what age range is acceptable for apps, TV shows, music, and movies, and additional important settings. See example below:
One of the nicest features in these parental controls is the ability to whitelist URLs that are safe for kids to navigate. I could do this with my firewall (which I do) or OpenDNS which I described here, but the best part of doing the whitelisting directly on the iOS device is it follows the child wherever they go. Once my child leaves my house and the protections of OpenDNS and our firewall, any rules specific to my home network are gone. If they connect to the Internet at a friend’s house or the library for example, they would have full access to the web. By enabling local parental controls like I am describing in this post, no matter where they connect, the rules still apply.
Sure, whitelisting URLs is a pain and takes time. Like anything else in cybersecurity though, there must be a balance between security and convenience. Once “Websites” is clicked within the Restrictions settings, the below becomes available. Simply type in the title of the website and the URL for each website that is allowable:
Below is a screenshot of one of my iPads and the URLs that I have specifically whitelisted. To add a new URL, simply click on the “Add a Website…” link at the bottom of the list.
To delete a website, simply slide the URL to the side and click delete:
When a user attempts to go to a URL that is not specifically whitelisted, they will receive the following error message. Another added benefit is if the child is attempting to go to a website that the parent actually wants to add, they can click the “Allow Website” link and enter in the restrictions PIN to add it to the whitelist:
After the restriction settings are completed, simply click the < General button at the top of the page and navigate back to settings. One word of caution though; when the “Disable Restrictions” button is clicked and restrictions are turned off, many of the configurations will be lost and have to be reconfigured if restrictions are turned back on.
Which Settings are Right for You?
Many of the settings are self-explanatory, but there are a few that are not that obvious. To try and help parents make the most secure choices, I have explained a few of them below:
- Location Services: This setting decides whether or not apps can use the GPS location of the iPad. If this is completely turned off, safety functionality such as Find my iPhone or family locator will not work. I recommend turning on location services for only critical apps, disabling it for others, and then selecting “Don’t Allow Changes” so kids can’t decide for themselves where location services can be used. I’ve mentioned here how GPS location services inside a photograph can be used by cyberstalkers.
- Contacts: By selecting “Don’t Allow Changes”, it prevents apps from making changes to their contacts. I have also added contacts for only those people that are acceptable to send my kids messages and they have been taught that if an email comes in that doesn’t have our names in the from line (e.g, Mom, Dad, Grandma, Grandpa) and our pictures, they know it did not come from us. Another option would be creating an email rule that only messages from trusted sources go to their inbox and anything else gets sent to another folder that they don’t see and a copy is sent to a parent’s inbox.
- Share My Location: I recommend selecting “Don’t Allow Changes.” This way, they can still share their location with parents if setup under “Location Services” but they cannot choose to share their location with someone new.
- Twitter, Facebook, Advertising, and Media Library: I recommend selecting “Don’t Allow Changes” to all of those. If a child does not have a Twitter or Facebook Account, then selecting this would prevent them from setting up an account on the device.
- Accounts: After setting up a child’s iCloud or other email account, I recommend selecting “Don’t Allow Changes” to prevent kids from adding other email accounts to the iPad without a parent’s knowledge.
- Game Center: I recommend turning off Multiplayer games, adding friends, and screen recording, mostly for all the reasons I discussed here.