Parental Controls
Why App-Based Parental Controls Fail (And What to Do Instead)
App-based parental controls are the obvious first choice for most parents. You install an app on your child’s phone, set some limits, and assume you are done. For young children, this works reasonably well. But as children get older and more technically curious, these tools fall apart - often in ways parents do not notice until much later.
The fundamental problem: one device, one app
Every app-based parental control product shares the same weakness: it only controls the device it is installed on.
Your child’s phone is protected. Their tablet is protected. But the games console? The smart TV? The school laptop they brought home? The old phone they dug out of a drawer? None of those are covered. And modern children move fluidly between devices in a way that makes single-device protection almost useless.
How children bypass them
Older children - from around age 11 or 12 - discover workarounds quickly, often from peers at school.
Uninstalling the app. Many parental control apps can be deleted with a few taps if the child knows the device passcode. Some apps make themselves harder to remove, but determined children find ways around this too.
Changing DNS settings. When a parental control app works by filtering DNS (the system that translates website names into addresses), changing the DNS server on the device bypasses it entirely. On most phones and computers, this takes about 30 seconds.
Using DNS-over-HTTPS. This is a more sophisticated technique that routes DNS requests through an encrypted channel, making them invisible to basic filtering tools. Browsers like Firefox and Chrome support it natively.
Factory resetting the device. On an iPhone or Android phone, a factory reset removes all parental control software. If a child knows this, the app is gone in minutes.
Using a VPN app. Virtual private networks encrypt all traffic and route it through a server in another location, bypassing most network-level and app-level filtering.
The surveillance trade-off
Some parental control products try to solve the bypass problem through more aggressive monitoring. They read messages, track location, take screenshots, and log every website visited. This data is uploaded to cloud servers where parents can review it.
This approach does work, in the sense that it is harder to bypass. But it comes with serious trade-offs.
First, children know they are being monitored, and this damages trust. Research consistently shows that children who feel surveilled by their parents are less likely to come to them with problems.
Second, all that data - your child’s messages, location history, and browsing behaviour - is stored on someone else’s server. You are trusting a company, often a small one with uncertain longevity, to handle deeply private information about your family.
Third, it is still device-specific. It does not protect the games console, the TV, or any other device in the home.
What network-level filtering does differently
Network-level filtering works at the point where all internet traffic enters your home, before it reaches any device. Instead of installing software on each device, the filter sits in the network itself.
This means:
- Every device is protected automatically, including games consoles, smart TVs, and any device a visitor brings onto your Wi-Fi
- Children cannot bypass it by uninstalling an app or factory resetting their phone
- No software needs to be installed on children’s devices at all
- Filtering happens locally in your home - no browsing data is sent to any cloud service
The trade-off is that network-level filtering does not provide message scanning or screenshot capture. But for most families, that is not a trade-off at all - it is a feature.
The MAC address difference
One further weakness of most filtering systems, including some network-level ones, is that they identify devices by IP address. IP addresses change. A child can release and renew their IP address, or set a static one, to confuse the filter.
The correct approach is to track devices by their hardware MAC address - a unique identifier built into the network chip of every device. Unlike an IP address, a MAC address cannot be changed through normal settings. It is the device’s permanent identity on the network.
What this means for parents
If your child is under ten, app-based controls are probably sufficient for now. But if you have older children, or if you want protection that covers your whole home rather than individual devices, network-level filtering is worth serious consideration.
The goal is not to spy on your children. It is to create healthy digital boundaries that protect them while respecting their privacy - and that actually work when put to the test.