The Anti-virus Times

Thursday, August 4, 2022

We try to protect children from various dangers: we do vaccinations, teach them to wash their hands before meals and to cross the road on green, and to not talk to strangers. But, at the same time, we can overlook other equally important issues. For example, information security and, in particular, the peculiarities of using smartphones. And that's a pity! Many parents give smartphones to their children to stay in touch with them. But smartphones don’t just bring practical benefits; they can also be potentially harmful. This Anti-virus Times issue is dedicated to International Children's Day. So, let's talk about how to make sure that the devices we consider to be a security tool don't compromise that security.

Getting started

A smartphone is a miniature computer in your pocket. And it is also a photo and video camera, a navigator, a notebook, and a calendar with a to-do list. Over time, it can accumulate considerable amounts of our personal information, including correspondence. Such a storehouse of knowledge about a person is tempting for many intruders. At the same time, any smartphone remains primarily a phone. First and foremost, it is needed for making calls and sending SMS messages. In addition, in the modern world, a smartphone serves as both a passport and a pass for many services—social networks, online banking, stores and even computer games.

And now let's imagine a few hypothetical situations that may happen with an unprotected children's smartphone. In the first situation, an attacker stealthily takes a device, freely opens the SMS correspondence, checks the call history, views photos and videos, and sends themselves the information they are interested in. In the second situation, an attacker decides to "make a joke" and uses a device that came into their hands by calling the emergency services on behalf of the child. In the third situation, one more wiseacre tries to hack a social-networking account, using the standard procedure for restoring access via a one-time code sent in an SMS. The prospects are not bright, are they?

What can be done to ensure that none of these or any other scenarios are carried out? First, a reliable "front door" needs to be installed on the smartphone to protect confidential data from outsiders and prevent its unauthorised use — the standard device lock option needs to be activated. This can be a regular password, an unlock pattern or user biometric identification—everything depends on the smartphone model and the age of the child. The younger the child, the easier the unlocking process should be. At the same time, even the weakest password will not allow the vast majority of foes to gain access to secrets stored on a device (although it is still better not to use obvious options like 1111 or 1234). This is a basic but effective solution that should not be ignored. The main thing is to make sure that the child will remember the code or an unlock pattern and, if necessary, will be able to enter it themselves (and will not change it without your consent). You can come up with a code combination together that will be easy for you and your child to remember.

For even more security, in the settings, you can disable the notification view showing the content of incoming messages when the screen is locked. In this case, no important information (including one-time passwords) will end up in the wrong hands. However, this option will not be convenient for many users.

Setting a password is only half the mission. The SIM card must also be protected. After all, even if the device gets blocked, a cybercriminal will be able to put it into another device. But if the SIM card is protected by a PIN code, a stranger will not be able to use it.

In touch

Nowadays, not only teenagers, but also elementary school students are increasingly using smartphones. Of course, both groups need it to communicate with their parents, but with age, other use cases are inevitably added to this. Just take, for example, searching for information on the Internet, watching videos, and interacting in instant messengers or mobile games. But cellular service providers’ standard tariffs are not always suitable for children — especially young children. Fortunately, most cellular service providers have special child tariff plans. Some of them include only basic functions, such as calls and SMS messages. Others add mobile Internet and other options. For example, unlimited access to junior books and movies, the ability to track the subscriber's location, blocking or restricting the purchase of paid content, protection against unwanted calls and spam, blocking dangerous Internet resources, restricting money transfers from a mobile account, and so on. Which tariff and options you choose depends on you and your child's current needs.

Everything's under control

Most current smartphone models run Android and iOS. To enjoy all their features, users need to register an account. Many of a device’s functions are linked to the account and with its help, you can control some of them. Moreover, users can take advantage of the parental control option. Thus, the next step in configuring the child's smartphone will be to create or configure an account and, specifically, parental control.

For many Android smartphones, the user account is a standard Google account. It can be for children and ordinary people (adults). For example, in Russia, according to the current rules, a child account is available for children no older than 13, and the parents are responsible for it. If a child is older, formally, they can already use a standard account, and on their own. However, in the second case, the mother and father still have the opportunity to control this account — with the consent of their child.

If a smartphone will be used by a child under the age of 13 who does not already have an account, create a new child account and link it to one of your own accounts. After that, you will be able to manage it via the family group. For example, you can limit the access time to programs and disable the option to install new ones, view where your child is and how they are using the device, and much more.

If a child is old enough, create a standard account or use an existing one. The process of linking it to your account, configuring it and managing it via the family group in this case is similar to the "child" option.

Parental control can be directly configured on your smartphone. To do this, open the system settings and select "Google" — "Parental Control". You may also need to install a special application.

You should keep in mind that on some Android device models, parental control functions may look different; they may be limited, or they may not be available at all. To find out whether they are available and, if so, to what extent, you should study the smartphone manual, contact the manufacturer for technical support, or find the relevant information on its official website.

The parental control configuration for Apple devices is generally similar to the one for Android devices. To get started, you'll need a standard Apple ID account that is linked to your device. With this account, basic parental control functions are available in the Screen Time parameter, which can be found in the list of system settings. Here you can limit a device’s usage time and certain of its functions, set application usage limits, configure privacy settings, and restrict access to unwanted content.

However, it is better to create a child account that can be controlled via the family’s access service for more configuration flexibility and for managing parental control functions. You can do this in the Screen Time menu that we already mentioned, or by opening your account menu and selecting the Family Access option. Just as in the case of the Google parental control for Android smartphones, on Apple devices a child account, for which parents are responsible, is available until the age of 13.

Regardless of the smartphone platform, make an effort to additionally enable two-factor authentication for your account. Also, if possible, create an account together with your child. This will be not only interesting, but also useful, as it will help you establish closer and more trustful contact with them. Discuss the possible restrictions on the device, explain why a particular service or function cannot be used yet or can be used but not always. Be sure to explain that you are enabling parental control not because you are mean, but to also protect your child from possible Internet dangers and reckless actions. For example, you can limit the use of social media apps from 11 p.m. to 6 a.m. so that your child can get enough sleep. Or you can limit the purchase of games so that they spend money carefully and focus on studying. If your child already has their own bank card or you gave them your own card, set an acceptable limit for the transactions they’ll be making with the card and enable transaction notifications. If you plan to use geolocation control, this should also be discussed to avoid potential conflicts. Try to come to an understanding on each of the restrictions so that your child not only understands their area of responsibility, but also does not react to such restrictions with hostility.

Additional steps

Even with all of its features, the standard parental control cannot provide a child with all-round security from Internet threats. In this regard, Android smartphones definitely enjoy the lead, as an anti-virus with its own parental control can be installed on them. It will protect against malware, help filter spam, and block dangerous sites that can “slip” through standard blocking. This feature is available in Dr.Web Security Space for Android.

Help your child install and configure the other programs they need. For example, software needed for studying and hobbies, an app with information about public transport schedules, and for emergencies — taxi apps. To the latter, you can link your own bank card, which will always have enough money for a ride.

It is equally as important to teach children information security rules. Tell them about existing threats, how to behave on the Internet, and what they should not publish there. We have already discussed these topics in our past publications, for example, in this one and this one.