Education
Recently the Online Safety Act (OSA) has come into force, now regardless of your opinion on this, I wanted to look at some things that exist today when considering children’s mobile phone access.
When you setup an iPhone or Android phone for use by a child, you have to complete KYC with Apple and Google using an adult account which is verified by credit card/debit card.
So to get an account as a child you need the parent to set this up, link the account to the parents account and pass an element of KYC/verification including a 0 fee payment check.
What we found during recent testing is that Safe Search is enforced by default on children’s <13yo accounts. However we found that a some things that were a bit surprising.
On an iPhone the experience was fairly child friendly, using major search engines:
- Yahoo
- Duck Duck Go
- Bing
We were unable to get access to p0rnograpic images. We didn’t stumble accidentally across any p0rn. We could visit gambling sites, and Andrew Tate content, I guess people only care about the children to a certain point! However, when we tested with Android devices…. the story was quite different when using Yahoo and Duck Duck Go!
[edit] – just reconfigured a firewall and just tested yandex from a kids iPhone account and that does not check for safe search (first test the firewall was blocking it… good firewall, bad for testing!)
On both of these the image search when using Chrome on android did not respect/enforce the safe search settings. The child account was able to simply turn safe search off when searching for images:
This seems like a broken implementation from Yahoo and Duck Duck Go!
Also people seem to think that on a children’s profile in private mode exists (it’s disabled on both the iPhone and Android). I found lots of people who provided suggestions for bypasses were all operating from the idea the child profile is the same as an adults, it is NOT!
App Stores, see but do not touch!
Another finding is that the App Stores will happily show a <13yo 13+ aged apps! You can’t install them but you can see the store front content. Why they ‘need’ to be able to do this, seems like an oversight to me!
I also found there’s apps for 4yo+ to turn a phone into a constantly vibrating mode…. I can’t imagine what that is for! But seriously… if everything is about ‘making children safer’ then I’d be looking at that kind of app.
There’s also a range of creepy AI girlfriend apps etc. perhaps that’s another blog for another day.
Updated Test Results
I’ve been testing more:
| Adult Content Search | Iphone | Android |
| Blocks | Blocks | |
| Bing | Blocks | Blocks |
| Yahoo | Blocks | Ignores |
| DuckDuckGo | Blocks | Ignores |
| Yandex | Ignores | Ignores |
| Brave Search | Ignores | Ignores |
This is based on testing devices after the OSA has been ‘enforced’ – There’s clearly a lot more search engines online so I’ll try and test more as I go! They key point is still:
The ‘technical measures’ imposed by the OSA can easily be bypassed at a conceptual level, let alone at a practical level.
The areas of risk online are vast, however it seems very odd to me that as an industry/society we haven’t tried to tackle the areas of search engines, app stores and then content moderation of apps like SnapChat, before we asked everyone to process/collect data like passports and photos/images of adults and children in the name of ‘safety’.
There’s other areas as well that appear to be abused by predators online may include:
- Roblox
- Discord
People have made videos about this:
There’s another video here:
There is an article here from the Guardian:
You can see some of the measures Roblox take here:
https://en.help.roblox.com/hc/en-us/articles/203313120-Safety-Features-Chat-Privacy-Filtering
I can see here this issue is complex! (see the videos and go and search/read the Roblox terms and conditions etc.)
Summary
In doing some quick research I found:
- Lots of people seem to not have used children’s profile (assumption based on the suggestions people were giving)
- The OSA control date past, kids can find p0rn images on Yahoo and Duck Duck go in seconds on an android device (not iPhone, my first testing was on iPhone so I was very confused because even determined I could not get any p0rn!)
- The App Stores restrict installs but happily show kids the front of house adult app views
Given how much time and effort is spent on ‘thinking of the children’ I’m amazed these issues even exist today. It makes you wonder how much testing has been done and if people are focusing on the right issues! Oh and also, there’s a really simple config standards change that could be made so that kids profiles send an HTTP header or specific user agent string to identify them as kids so sites could have simply checked for this header and blocked access! but you know, why do that when you can collect kids, names, addresses, dob, photos, videos and gps coordinates! I’m sure no one will ever breach a site or IDP… oh wait… that happens all the time!)
These issues could be addressed, I’m skeptical as to whether they will be!
