Parental Controls
How Children Bypass Parental Controls - And How to Stop Them
Most parental control tools are defeated by motivated teenagers within a few days of installation. This is not a flaw in any particular product - it is a structural weakness in how most parental controls are designed.
Understanding the common bypass techniques helps parents choose tools that actually work.
Uninstalling the app
The simplest bypass. If a parental control app can be removed from a device, a child who knows the device passcode will eventually remove it. Some apps protect themselves against this by requiring a parent password to uninstall - but many do not, and even those that do can be defeated by a factory reset.
What stops it: Network-level filtering does not live on the device. There is nothing to uninstall.
Changing DNS settings
Many parental control tools work by filtering DNS - the system that translates website names like “facebook.com” into the IP addresses servers actually use. If a child changes their DNS server to one that does not filter (such as 8.8.8.8 or 1.1.1.1), the filter is bypassed entirely.
On most phones, this takes about 30 seconds. On most computers, it takes less than a minute.
What stops it: Network-level filtering that controls all DNS traffic at the router, regardless of what DNS server a device tries to use.
DNS-over-HTTPS (DoH)
A more sophisticated technique. DNS-over-HTTPS routes DNS requests through an encrypted HTTPS connection, making them indistinguishable from normal web traffic. Standard DNS filtering tools cannot see inside these requests.
Browsers like Chrome and Firefox support DoH natively and some enable it by default.
What stops it: Blocking outbound connections to known DoH providers at the network level. This requires the filtering device to maintain a list of DoH server addresses and block TCP port 443 traffic to them.
Using a VPN app
A VPN encrypts all traffic from the device and routes it through a server elsewhere. This bypasses both DNS filtering and most content filtering entirely.
VPN apps are free, easy to install, and widely known among older teenagers.
What stops it: Blocking VPN protocols at the network level is difficult - the most effective approach is to block DNS resolution for VPN provider domains before the VPN can connect. A determined user with technical knowledge can still work around this, but it raises the barrier significantly.
Changing IP address
Some filtering systems identify devices by their IP address. Releasing and renewing a DHCP lease, or setting a static IP address, gives a device a different IP - potentially bypassing rules tied to the old address.
What stops it: Identifying devices by hardware MAC address instead of IP address. A MAC address is built into the network chip of every device and cannot be changed through normal settings.
Factory resetting the device
The nuclear option. A factory reset removes all apps, including parental control software, and returns the device to its out-of-box state.
This destroys the child’s data too - so most children will not do this lightly - but some will.
What stops it: Network-level filtering. The device returns from a factory reset to find the same network-level controls in place, unaffected by what happened to the device.
What this means for parents
No filtering system is unbreakable by a sufficiently determined and technically capable user. The goal is not a perfect barrier - it is a meaningful one that requires more effort than most children will invest.
The most resilient approach combines network-level filtering (which cannot be bypassed by anything done to the device), MAC address identification (which cannot be bypassed by changing IP settings), and blocking of the most common bypass techniques (DoH, known VPN providers, QUIC protocol).
This is the approach Bastet Home takes.