My daughter was given an iPad for educational games. Here's my attempt at locking down the device's privacy and security.
Scenario & Objectives
- Device for pre-elementary child
- Emphasis on security, privacy, and sensitive content protections
- Usability for Kiddo also critical
Physical Protections
- A case… because kids…
- Sliding webcam cover on the front facing camera. I like these because the red makes it clear when it is open vs. closed. https://www.amazon.com/gp/product/B08BZ5XC9W?psc=1
- Should be easy enough for Kiddo to figure out how to slide open when she needs it… and a chance to start teaching some basic OPSEC early.
- Note: We've already gone through one of these… I'll clean the screen really well before sticking the next one on, and we'll see if it actually stands up to preschool fingers over time.
- Sticky webcam cover for the rear facing camera. It's not a camera we plan to use, so a simple sticker, sandwiched underneath the case, makes for a no-fuss camera block. I can always remove it if we end up needing to use the camera, but it's not something Kiddo can knock off accidentally.
- I used these, because I have them: https://www.amazon.com/gp/product/B08HPVMQTH?psc=1
- Electrical tape, a sticker, or even a post-it note would work equally well — it's trapped under the iPad case, so it's not going anywhere.
Apple ID Setup
Since my primary devices are not Apple, this is the method I used.
- Create an Apple ID for the family, which I control. Store credentials in password manager.
- Use Apple ID that to set up the device.
If you live in the Apple ecosystem, there's a way to do this using Family Sharing that lets you create a child account and manage additional restrictions. Since this requires active use of an iPhone/iPad/Mac to manage (which I don't do), I didn't go down this route.
Initial Device Setup
- On initial setup, disable any tracking & analytics options as they are presented.
- Set a passcode. Minimum 6 digits. Store the passcode in password manager along with the Apple ID credentials.
- Later on, I will disable the passcode for this device based on the planned use case. For now I'm setting one because it enables a few extra config options.
- Connect to Wi-Fi.
- I found it helpful to install my password manager and set up my email on the device temporarily. These made some things easier when working with App Store and whatnot. (Note: at the end of setup, I log out of both before turning it over to the Kiddo.)
- Remove all apps.
- Everything that could be removed, I took off the device. (None of it will be used anyway.)
- Exceptions:
- Facetime. We may use it, and if not, I'll remove it down the road.
- (Possibly) Mail and password manager, if added per above.
- I moved all the remaining apps into a folder on the second "page" of the homescreen. This gives me a completely blank primary homescreen and an empty home row.
Settings Menus
- Apple ID:
- iCloud: Disable all apps using iCloud except for iCloud Backup.
- Find My: Find My iPad is on. Turn Share My Location off unless using Family Sharing, in which case leave it on and make sure location is shared with the primary account.
- Bluetooth: Off
- Notifications:
- Show Previews: Never
- Siri Suggestions: Everything off
- Notification Style: Off for basically everything. Exceptions for: Facetime, Find My, and the one educational app intentionally being installed later.
- Sounds:
- Reduce Loud Sounds: On at default level (85 decibels)
- For now I'm leaving keyboard clicks and lock sounds on… we'll see if I get annoyed by them 🙂
- Screen Time:
- The only feature I'm enabling right now is Content & Privacy.
- Unless you did the Family Sharing stuff above, set the device up as "My iPad" when prompted.
- Set a Screen Time passcode (stored in password manager).
- Enable Content & Privacy Restrictions toggle.
- iTunes & App Store Purchases: Allow all, but require passcode.
- Allowed Apps: Disable Siri, AirDrop, CarPlay
- Content Restrictions: Adjusted as appropriate. Most settings are disabled or set to "clean". In particular, Siri search is disabled and all Game Center stuff is disabled. I don't expect this stuff to get used anytime soon, but enabling anyway just in case.
- Note: If you plan to use apps like Netflix, then the 'age' content restriction setting for Apps should be '12+'.
- General:
- Software Updates: Should be set to automatically update by default. Confirm.
- AirPlay & Handoff: Disable
- Control Center: I left it on, included controls for Silent Mode, Guided Access, and Dark Mode.
- Display & Brightness: Automatic, so if it's ever getting used late on a road trip, it will darken at night.
- Home Screen:
- App Icons: Bigger
- Multitasking: Off
- Show Suggested…: Off
- Accessibility:
- Guided Access: On
- Set a Guided Access Passcode (& save in password manager)
- Wallpaper: Choose something fun. Enable Dark Appearance Dims Wallpaper.
- Touch ID & Passcode:
- Touch ID: In this case, I'm not enabling Touch ID.
- Allow Access When Locked: Disable all
- Privacy:
- Location Services:
- Enable location services (required for Find My to work).
- Location Alerts — leave on
- Share My Location — Already configured in Apple ID above.
- In terms of Apps that can access device location: App Store never. Camera never. Siri never. System Services– only Find My iPad and Setting Time Zone. Do enable the toggle at the very bottom labeled "Status Bar Icon."
- Tracking: Disable
- Analytics & Improvements: These should already be disabled. Confirm.
- Apple Advertising: Disable personalized ads.
- Location Services:
- App Store:
- Automatic Downloads: Up to you. At least do App Updates.
- Video Autoplay: Off
- In App Ratings: Off
- Wallet & Apple Pay: Disable
- iMessage: Off
- Safari:
- Siri off
- Search engine: DuckDuckGo. All other search settings off.
- General settings: All off except 'Block Pop-ups'.
- Privacy & Security settings: 'Prevent Cross-Site Scripting' and 'Fraudulent Website Warnings' on, others off.
- Photos:
- Siri & Search: Disable all
- Everything else: Off
- Game Center: Off
Additional Protection: Blocking Trackers and Malware
Lockdown Privacy App
-
Install an app from the App Store called Lockdown Privacy and enable the firewall feature. (Free)
Lockdown blocks trackers and badware in all your apps, blocking an estimated 100 million trackers per month for over 300,000 people.
FIREWALL — Blocks Hidden Trackers: The world's first on-device, open source blocker that stops ads, trackers, and badware in all your apps.
— FIREWALL FEATURES —
- Simple, one-tap to get protected against thousands of trackers for most users
- Fully customizable blocking for advanced users: block any domain / service
- Works for all apps, not just the browser
- Useful preconfigured block lists that are updated every week
- Blocking works "on-device" meaning it does all of its blocking without sending all your data to a third party server, unlike other blocking apps
Additional Apps
Install any additional apps at this point.
Log Out of Email and Password Manager
Completely log out of both. Not just 'disable' or 'lock'. It may be useful for administrative purposes over time to have the apps on the device, but I definitely don't want to leave them connected to any accounts.
Disable Passcode
I am consciously not setting a passcode or TouchID for the device for long-term use. My threat model here doesn't really include malicious physical manipulation. The device is for a pre-elementary Kiddo, will live in our home 99% of the time, and adults will maintain positive control whenever traveling. Additionally, there's no sensitive info on it so if it does get lost or stolen somehow, I'm not worried about the contents.
Since I enabled a passcode during initial setup, now is the time to disable it. Settings > Touch ID & Passcode > Turn Passcode Off.
Advanced Stuff
You can probably stop here. The ideas below are not for the faint of heart, and probably totally unnecessary for most people's threat models. I haven't done any of this yet, but may down the road… mostly just for the experience. Because I am a security geek.
Configuration Profiles
- Use Apple Configurator to set up a configuration management profile according to the latest Center for Internet Security (CIS) Benchmark for Apple iOS.
DNS Filtering and Protection — Check out NextDNS, AdGuard
Lockdown firewall is a set-it-and-forget-it option for blocking trackers and malware, but it doesn't provide content filtering through DNS management. Even though this device will spend 99% of the time on my home network, where I already do DNS management, it would be ideal to also use a protective default DNS service that will block malware and adult content even when the device is off-network.
Level One Option: Managed DNS App
- Both NextDNS and AdGuard offer the ability to manage web content filtering through DNS in addition to blocking trackers and malware. They cost a few bucks a month (NextDNS has a limited free tier) and require a little more intentional effort. But if you want to go a step beyond the Lockdown firewall, these are probably good options. (I have not played with either, but NextDNS is on my list of things to experiment with. (It's a long list…)