Parental Lock DNS on Mobile Devices
How can we (EASILY for the end user) extend the family’s filtering settings to any Android or iPhone device used by members of the household? Could we have an Android/iPhone app that automatically keeps the mobile device’s DNS set to the appropriate server and notify’s the account holder (parent) via email if the DNS has been changed or no report from the app has been received in recent past (indicating it was uninstalled to Johnny could look at porn over LTE connection). Is there any way to alert parent to the fact that the DNS was changed on a mobile device for even 5 minutes, or just enough time for the kid to circumvent the filtering? Is there a 3rd party app for Android or iOS that allows a parent to set a unique passcode that enforces our DNS on the device (i.e. our DNS cannot be disabled by the child).
From development team:
I was specifically answering the mobile support item, here’s the text of my comment:
For Android this is very easy and already done. It’s how I use filtering myself (on my Google Pixel). For iPhone it’s a little more complicated.
Either way, I’m going to ramble on and on below, so the quick summary is Android is 100% fine with mobile. iPhones are a mixed bag and currently I have no real support for them outside of when they’re on WiFi.
The longer version:
First, Android. As of Android version 9 and above, there’s a “Private DNS” setting where you put your DNS over TLS custom URL (in your account info this is the stuff in the first box, in your case it’s “username.freefiltering.org”), and you get all the FreeFiltering services phone-wide, regardless of whether you’re on WiFi or mobile. In the US, roughly 60% of Android users have version 9 or higher, and that percentage is only going up. Fun fact: When Google added the Private DNS feature to Android in 2018, that’s what got me building FreeFiltering. It was a great way to block ads, etc., without having to install anything. For the stragglers that are on older versions of Android, I actually have an app. For that you use your custom DNS over HTTPS URL (in your case that’d be “username.FreeFiltering.org/dns-query”), and again you get all FreeFiltering services.
As a side note, this is why I have multiple ways of using FreeFiltering. The standard DNS method is what you’re doing, but DNS over TLS and DNS over HTTPS are brand new encrypted DNS protocols, and different operating systems/devices support both, or one of them, or none. This is going to get confusing… So as I said above, newer Android versions support DNS over TLS. Older versions have to use my app and DNS over HTTPS to get the same coverage. Firefox and Chrome, on desktops and mobile, both let you set a DNS over HTTPS server in their settings. Windows 10 is currently supporting DNS over HTTPS in the early beta releases. And who knows what Apple is doing. But I expect them to add support for one of the new protocols both in iOS for mobile and macOS for desktop soon because at this point they’re the only ones that don’t support it.
Apple. Developing for Apple is a NIGHTMARE. That, combined with my expectation that they’ll be adding built-in support for one of the new encrypted protocols, is why I haven’t worked on writing an app for them. If/when they get built-in support, any app I might’ve written would’ve been made unnecessary anyway.
If I’m a parent with a teenage kid who has a phone with data plan, I’d want an app that can force the OS to use my DNS settings, and force DNS settings back to my settings if my kid tries to manually change them himself. I’d also want to be notified if there is an attempted change of DNS.
So it sounds like it would be pretty easy to do this with most Android devices & potentially Apple will probably add support for one of the new encrypted protocols soon?
Let’s suppose that Apple introduces this with the next iOS. Many Apple users will not update their iOS for a LONG time (my wife for example.) Is it still conceivable that an app for iOS could be built that forces the IOS device to use specified DNS IPv4 or whatever new encrypted protocol they might roll out? You might want to check out an iOS app called DNScloak. Could it be used to force iOS devices to use specific DNS settings?