I have discussed here and here many of the dangers that kids face when trying to navigate technology and the Internet and some ideas for parents on how to mitigate these risks. Parents have several choices available to them for parental controls on iOS devices and for this post, I tried several of the apps available. Apps such as OurPact install a management certificate on children’s iOS device and allow parents to make schedules and deny or grant screen time from a browser or their own iOS device, but I found OurPact and other apps to be unreliable and can easily stop working anytime Apple does an update. Another downside is that if a child’s iOS device is not online, a parent’s signal to grant or deny access cannot get to the device. Even during solid network connectivity, in my testing there were multiple times when a signal to disable an iPad never was received, leaving full access enabled. Apple is well known for not playing well with third party apps that try to manage the devices or do Mobile Device Management (MDM) functionality.
Instead of relying on an app that comes with a monthly subscription cost, I reviewed the built-in parental controls available on iOS version 11 and was pleasantly surprised by some upgrades in this area over previous iOS versions. The biggest downside to the built-in iOS parental controls is it does not allow parents to set a schedule for screen time. For example, parents cannot disable the device between 9:00 p.m. and 8:00 a.m. within the iOS parental controls. I restrict my kids screen time on all their devices by using a firewall at home that can apply certain access rules to each user. While this is extremely effective, I don’t expect most people reading this will have a firewall at home.
How to Enable Parental Controls
To enable iOS restrictions, navigate to Settings > General > Restrictions:
Once the Restrictions menu has been accessed, set a PIN to access Restrictions. Note – this PIN is different than the PIN the child uses to access the device and should be something they never know and is difficult to guess.
Next, begin selecting what the child will and will not be able to access. For example, web browsing can be completely disabled by turning off Safari, the camera can be disabled, the ability to install apps can be removed, etc. I highly recommend using Apple’s family features, which allows parents to share purchased apps, music, movies, books, and other contents with everyone in the family. It also requires children to obtain a parent’s permission when they attempt to purchase anything, whether it is an in-app purchase or a new app. Apple will send anyone listed as a parent on the account a message to all Apple devices simultaneously (e.g., iPhones, iPads, Macs, etc.) stating which child is requesting to purchase something, what it is, and how much it costs. Parents can allow or deny from their device and the child will immediately know the outcome. If the parent approves, the purchase will move forward. Read more about setting this up here.
After deciding what apps and features will be allowed, additional settings are below. Parents can select whether or not Siri will allow explicit language, if books can have explicit sexual content, what age range is acceptable for apps, TV shows, music, and movies, and additional important settings. See example below:
One of the nicest features in these parental controls is the ability to whitelist URLs that are safe for kids to navigate. I could do this with my firewall (which I do) or OpenDNS which I described here, but the best part of doing the whitelisting directly on the iOS device is it follows the child wherever they go. Once my child leaves my house and the protections of OpenDNS and our firewall, any rules specific to my home network are gone. If they connect to the Internet at a friend’s house or the library for example, they would have full access to the web. By enabling local parental controls like I am describing in this post, no matter where they connect, the rules still apply.
Sure, whitelisting URLs is a pain and takes time. Like anything else in cybersecurity though, there must be a balance between security and convenience. Once “Websites” is clicked within the Restrictions settings, the below becomes available. Simply type in the title of the website and the URL for each website that is allowable:
Below is a screenshot of one of my iPads and the URLs that I have specifically whitelisted. To add a new URL, simply click on the “Add a Website…” link at the bottom of the list.
To delete a website, simply slide the URL to the side and click delete:
When a user attempts to go to a URL that is not specifically whitelisted, they will receive the following error message. Another added benefit is if the child is attempting to go to a website that the parent actually wants to add, they can click the “Allow Website” link and enter in the restrictions PIN to add it to the whitelist:
After the restriction settings are completed, simply click the < General button at the top of the page and navigate back to settings. One word of caution though; when the “Disable Restrictions” button is clicked and restrictions are turned off, many of the configurations will be lost and have to be reconfigured if restrictions are turned back on.
Which Settings are Right for You?
Many of the settings are self-explanatory, but there are a few that are not that obvious. To try and help parents make the most secure choices, I have explained a few of them below:
- Location Services: This setting decides whether or not apps can use the GPS location of the iPad. If this is completely turned off, safety functionality such as Find my iPhone or family locator will not work. I recommend turning on location services for only critical apps, disabling it for others, and then selecting “Don’t Allow Changes” so kids can’t decide for themselves where location services can be used. I’ve mentioned here how GPS location services inside a photograph can be used by cyberstalkers.
- Contacts: By selecting “Don’t Allow Changes”, it prevents apps from making changes to their contacts. I have also added contacts for only those people that are acceptable to send my kids messages and they have been taught that if an email comes in that doesn’t have our names in the from line (e.g, Mom, Dad, Grandma, Grandpa) and our pictures, they know it did not come from us. Another option would be creating an email rule that only messages from trusted sources go to their inbox and anything else gets sent to another folder that they don’t see and a copy is sent to a parent’s inbox.
- Share My Location: I recommend selecting “Don’t Allow Changes.” This way, they can still share their location with parents if setup under “Location Services” but they cannot choose to share their location with someone new.
- Twitter, Facebook, Advertising, and Media Library: I recommend selecting “Don’t Allow Changes” to all of those. If a child does not have a Twitter or Facebook Account, then selecting this would prevent them from setting up an account on the device.
- Accounts: After setting up a child’s iCloud or other email account, I recommend selecting “Don’t Allow Changes” to prevent kids from adding other email accounts to the iPad without a parent’s knowledge.
- Game Center: I recommend turning off Multiplayer games, adding friends, and screen recording, mostly for all the reasons I discussed here.
Worse of all, there are tons of web post, youTube videos to teach kids how to bypass/disable any kind of parent control.
This is certainly not just a parents’ issue. I used to have all the controls on my son’s devices. But, I end up being “fully” involved with his daily school activities, turning on blah, blah web sites for instruction and classwork/homework, allowing for certain apps used in classroom or homework, giving permission for camera for school projects, etc. It is very problematic because teachers and peers put pressure on my child !! There should be a law that school requires only parent controlled devices in school.
Hi, Josh. I appreciate the time and attention you have put into this. It is so vital that as parents we do all that we can to help keep our children safe. I am having a little hiccup with one of the restrictions and I’m hoping you can help.
You: “Contacts: I set my kids up with contacts of family only and then selected “Don’t Allow Changes” so they cannot add people to their contacts.”
Me: I’ve gone to restrictions and made the appropriate selection. However, I’m on my child’s device and am able to add contacts with no problems. What am I doing wrong or missing?
Thank you in advance for any assistance you can offer.
Hi, Michele. Thanks for the comment and I’m glad you found the post helpful. I did some testing and you’re right, there is no way to lock down the contacts anymore; I will update my post accordingly. The option to lock down contacts is now designed to prevent any other apps from adding/changing contacts, which is still a good thing to prevent, but doesn’t help to stop kids from talking to other people. I have told my kids they are not allowed to communicate with anyone who is not in their contacts and if anyone else tries to contact them, they need to let a parent know. You could always create an email rule that only allows messages from certain email address to land in their inbox and anything else gets sent to another folder and a copy is sent to your email too. If you are worried about them getting a SMS message from someone they don’t know, you can always disable SMS completely.
Let me know if you have any other questions!
Any idea how to restrict access to Device Management on an iPhone? We use OurPact, but he can remove it, which defeats the purpose. Disclaimer: if he actually decided to remove it, he would no longer have a phone. I just want to know if it’s possible to restrict that. Thanks!!
I love the disclaimer and completely agree 🙂 Yes, you can actually enable parental controls on the device and set a PIN. By enabling parental controls you have the option of turning off certain apps and also not allowing a person without the parental control PIN from installing or uninstalling apps. This is what I do with my kids – I disable apps like YouTube, don’t let them add or remove apps, and also control what websites they can even visit by creating a whitelist of sites. Go to Settings > General > Restrictions > Enable Restrictions. You can then add a PIN and turn off the ability to delete apps (and whatever other settings you want to set). Good luck!
Hi Josh, I have just stumbled across your site. Thank you for all of the detailed info! I had downloaded the Our Pact app for our daughters phone and have since deleted it as I didn’t want to pay the premium price for the things I wanted it to do. My problem I’m having now is that her Find my iPhone feature is now not working. Is there something within her phone that was turned off by the app? It appears that the location services is on so we aren’t sure what’s going on. Thank you!
Julie
Hi Julie, you are very welcome and I’m glad it was helpful. Our Pact may very well have turned that function off and there is a separate place to turn it back on beyond location services. Try this: Go to Settings > Accounts & Passwords > iCloud. Now scroll down to Find My iPhone and turn it on. That should do it! Josh
That was it! Thank you!! 🙂
Great! You are very welcome.
Although we are tech savvy parents, this is an arena we are finding we have no practice in and need explicit instruction as we navigate this new territory. Thank you SO MUCH for this detailed article. It will give us a good springboard. We have a great kid and are hoping to help him develop mature device using habits as well as giving him some gradually increasing boundaries. Again- many thanks!
Crystal, thank you so much for taking the time to comment, I really appreciate it. Sounds like you are doing all the right things!
The iOS restrictions do not allow you to monitor or disallow apps, specific apps, from being downloaded. I would like to block specific apps, how can I do that?
The best way to do that is to setup family sharing with your iTunes account. Login to your iTunes account, or if you have a Mac go into preferences and iCloud and then click “Manage Family.” Then you can add parent’s and children’s Apple accounts and on the child’s account make sure the “Parent/Guardian” is set to “no” and “Ask to Buy” is set to “On.” On their iOS device, enable restrictions so they cannot install apps on their own. Now, when they try to download an app, it will send you and anyone else listed as a parent/guardian an alert (iOS push alert and email) asking for permission for that user to download an app. You can allow or deny and it will also tell you what the app is. My recommendation would be to review the child’s device first, get rid of any apps you don’t want on the device, then make sure their Apple ID is linked to your family sharing plan. Then enable restrictions on the iOS device with a PIN that only you know and they will not be able to install anything without your explicit permission. Hope this helps and let me know if you have any other questions.
Josh
Very nicely prepared detailed steps, thank you, it will be helpful for many parents..
You are very welcome, thanks for the comment.
Thanks for posting this step by step guide with screenshots. Really made my life easy.
You are very welcome, I’m glad you found it helpful.