If Facebook and TikTok can’t keep kids safe, maybe Apple can

What if the key to protecting kids online lies not in the hands of apps and websites, but device makers themselves?

A teenager playing on a tablet.

if Facebook can't solve the problem, it might be well past time to start thinking about who could.

Photo: SDI Productions via Getty Images

At a moment of almost frightening technological advancement, the tech industry's best defense against children accessing websites and apps that they legally shouldn't are pop-up windows asking for their birthdays. For any kid old enough to fib, cracking these remarkably flimsy age gates is so easy that, well, a child can do it.

Knowing this, tech platforms like Instagram and TikTok try to algorithmically divine which of their users are underage and boot them from their platforms by the millions, while simultaneously writing rules to make the stuff all other users see a little less awful. But, as recent reporting shows, those interventions have hardly solved the problem.

It's little wonder, then, that lawmakers looking for a fix are forever introducing bills to impose new requirements on social media companies and demanding the leaders of those companies testify before Congress. On Thursday, Facebook's head of global safety will do the honors.

But for all of the attention on what social media platforms can and should be doing, lawmakers in Washington, and indeed around the world, have devoted far less time to the role device and operating system makers — namely, Apple and Google — should play in keeping kids safe online.

Alex Stamos, director of the Stanford Internet Observatory and Facebook's former chief of security, called attention to this regulatory blind spot in a Twitter thread this week, following Instagram's announcement that it would pause development on a kid-friendly version of the app in the wake of heightened scrutiny about Instagram's impact on teens' mental health.

Kids, Stamos pointed out, are already using social media — and a lot of times, their parents are letting them. If lawmakers really wanted to keep kids off of those apps in a way that wasn't so easy to circumvent, they might be better served focusing on a different point in the tech stack.

"Require mobile devices (phones and tablets) sold in the US to include a flow, triggered during initial setup, that asks if the primary user is a child and stores their birthdate locally. The calculated age (rounded to year) should be provided via API to every app," Stamos suggested. If device makers required ages at setup, Stamos wrote, then app stores could use that likely more reliable information to filter out underage users, rather than relying on their own insufficient age gates.

Lawmakers could also require apps that allow kids on their platforms to publish "child safety plans" that vary based on how old the user is, Stamos added. A 6 year old, after all, needs different guardrails than a 16 year old. "We are way too early in the field to have a unified set of product features that work for everybody," he wrote, "but we can at least encourage thoughtful design."

It's a Twitter thought experiment that would obviously need some fleshing out to address complexities like what to do about devices that are shared among family members. But few proposals for fixing online platforms are without their complications. Stamos' plan is relatively modest as compared to, for example, lawmakers' frequent and sweeping suggestions that Section 230 be gutted or overturned.

The most shocking thing about this proposal is perhaps that it's not already a big part of the conversation about keeping kids safe on social media — or even part of the conversation at all. Instead, both existing laws like the decades-old Children's Online Privacy Protection Act, or COPPA, and more recent proposals like the KIDS Act, focus on securing kids' data, preventing harmful content from being shown to kids and limiting manipulative marketing practices. All the focus is on the online services themselves.

"What's in front of us can often suck up a lot of the air in the room, because it's so outrageous," Ariel Fox Johnson, senior counsel for global policy at Common Sense Media, said, explaining why so much regulatory focus falls on online platforms and not on hardware makers. Johnson said she's not aware of any bills that have been proposed in the U.S. that would require device makers to do more age-gating, though she said she "would be supportive of device makers and others giving that as an option."

It's not that device makers aren't trying to implement parental controls. Apple and Android both offer parents ways to restrict apps on a device, set time limits for apps and limit access to apps and other content based on their age ratings. But those settings aren't on by default and don't trigger age-appropriate experiences inside the apps themselves once launched. Access is either on or off, with no in-between.

Previous efforts by device makers to institute more controls haven't been without controversy. When Apple launched Screen Time in 2019 and began kicking other parental control apps out of its store for alleged privacy violations, those apps accused the tech giant of anticompetitive behavior, and eventually Apple backed down from the crackdown.

Apple also pumped the brakes on a more recent plan to curb child exploitation by alerting parents of kids under 13 when their children were about to send or receive images Apple's algorithms determined to be sexually explicit. That plan prompted an immediate outcry from activists who said Apple's proposal would put vulnerable kids, particularly LGBTQ+ youths, at unnecessary risk. Within weeks, Apple said it would delay the plan in order to "collect input and make improvements."

Still, while people objected to the notion that Apple might inadvertently endanger kids by ratting them out to abusive adults, the concern largely had nothing to do with Apple knowing which of their users are kids in the first place. And that's where a proposal like the one Stamos floated begins.

Apple declined to comment on Stamos' idea, but pointed Protocol to its existing parental controls in Screen Time and the fact that, in the U.S., users have to be 13 to create an Apple ID.

Facebook has previously said it wants to work with "operating system (OS) providers, internet browsers and other providers" on ways they can share information with apps about users' ages, without violating their privacy. "While it's ultimately up to individual apps and websites to enforce their age policies and comply with their legal obligations, collaboration with OS providers, internet browsers and others would be a helpful addition to those efforts," a July blog post read.

None of this is to say that putting limits on online platforms themselves isn't an important part of any solution. The FTC is reportedly considering proposing a new online privacy rule, in lieu of federal privacy legislation that has still failed to materialize despite years of debate.

Advocacy groups like Common Sense are pushing for laws that would require platforms to more clearly identify advertisements and limit ad targeting, all interventions Johnson said could curb some of the more manipulative aspects of social media — not just for kids, but for everyone.

That's another often-overlooked aspect of the debate around child safety online, said Evan Greer, director of digital rights advocacy group Fight for the Future. "It may be convenient or enticing for lawmakers to pass legislation that they can say is protecting kids," Greer said. "It would be better if they would pass legislation that protects everyone, and helps build a more open, democratic and safe world for our kids to grow up in."

Prioritizing kids' safety shouldn't preclude kids' participation in social media entirely, Greer added. Despite the well-documented dark side of kids' experiences online, young people have also used social networks to build important social movements like the March for Our Lives. And for LGBTQ+ youths feeling isolated or depressed, Greer added, social media can be "a lifeline."

"We should be fighting for a world where young people are safe online, but also a world where young people can harness the power of the internet to fight for a better world," Greer said.

Facebook has sought to frame its now-paused Instagram for kids product as exactly that: an age-appropriate alternative to its main app that still offers kids the upside of social media. But given the company's track record — and its obvious self-interest in hooking another generation of users — both lawmakers and children's advocacy groups are understandably wary of letting Facebook build its own fix.

"To the extent we're going to trust a company to make a compelling and healthy and safe kids' product, Facebook would not be the first company on our list and could easily be one of the last," Johnson said.

Of course, if Facebook can't solve the problem, it might be well-past time to start thinking about who could.

This story has been updated to include Facebook's comment.



Thousands of U.S. businesses sold more than $50 billion worth of their products to Chinese consumers with Alibaba last year. Alibaba provides the tools and infrastructure that U.S. businesses need to build their brands in China and reach local consumers.



It's OK to cry at work

Our comfort with crying at work has changed drastically over the past couple years. But experts said the hard part is helping workers get through the underlying mental health challenges.

Tech workers and workplace mental health experts said discussing emotions at work has become less taboo over the past couple years, but we’re still a ways away from completely normalizing the conversation — and adjusting policies accordingly.

Photo: Teerasak Ainkeaw / EyeEm via Getty Images

Everyone seems to be ugly crying on the internet these days. A new Snapchat filter makes people look like they’re breaking down on television, crying at celebratory occasions or crying when it sounds like they’re laughing. But one of the ways it's been used is weirdly cathartic: the workplace.

In one video, a creator posted a video of their co-worker merely sitting at a desk, presumably giggling or smiling, but the Snapchat tool gave them a pained look on their face. The video was captioned: “When you still have two hours left of your working day.” Another video showed someone asking their co-workers if they enjoy their job. Everyone said yes, but the filter indicated otherwise.

Keep Reading Show less
Sarah Roach

Sarah Roach is a news writer at Protocol (@sarahroach_) and contributes to Source Code. She is a recent graduate of George Washington University, where she studied journalism and mass communication and criminal justice. She previously worked for two years as editor in chief of her school's independent newspaper, The GW Hatchet.

Sponsored Content

Foursquare data story: leveraging location data for site selection

We take a closer look at points of interest and foot traffic patterns to demonstrate how location data can be leveraged to inform better site selecti­on strategies.

Imagine: You’re the leader of a real estate team at a restaurant brand looking to open a new location in Manhattan. You have two options you’re evaluating: one site in SoHo, and another site in the Flatiron neighborhood. Which do you choose?

Keep Reading Show less

Arm’s new CEO is planning the IPO it sought to avoid last year

Arm CEO Rene Haas told Protocol that Arm will be fine as a standalone company, as it focuses on efficient computing and giving customers a more finished product than a basic chip core design.

Rene Haas is taking Arm on a fresh trajectory.

Photo: Arm

The new path for Arm is beginning to come into focus.

Weeks after Nvidia’s $40 bid to acquire Arm from SoftBank collapsed, the appointment of Rene Haas to replace longtime chief executive Simon Segars has set the business on a fresh trajectory. Haas appears determined to shake up the company, with plans to lay off as much as 15% of the staff ahead of plans to take the company public once again by the end of March next year.

Keep Reading Show less
Max A. Cherney

Max A. Cherney is a senior reporter at Protocol covering the semiconductor industry. He has worked for Barron's magazine as a Technology Reporter, and its sister site MarketWatch. He is based in San Francisco.


The great onshoring: Inside the transcontinental chip race

The second annual Trade and Technology Council emphasized the centrality of semiconductor onshoring to U.S.-EU military objectives.

For chip manufacturers, free-flowing subsidies for now might come at the cost of a potential overcapacity problem in the longer term.

Illustration: Christopher T. Fong/Protocol

The prospect of global conflict permeated the room at this year’s Trade and Technology Council, which concluded in France earlier this week. The second annual gathering of U.S. and EU officials yielded a joint statement that mentioned some form of “Russia” or “Ukraine” more frequently than “technology,” “regulation,” “investment,” “security” or “competition.”

The conflict in Ukraine, having already escalated into a U.S. proxy war, seemingly convinced the EU to fall in line with the American tech policy agenda.

Keep Reading Show less
Hirsh Chitkara

Hirsh Chitkara ( @HirshChitkara) is a reporter at Protocol focused on the intersection of politics, technology and society. Before joining Protocol, he helped write a daily newsletter at Insider that covered all things Big Tech. He's based in New York and can be reached at hchitkara@protocol.com.


2- and 3-wheelers dominate oil displacement by EVs

Increasingly widespread EV adoption is starting to displace the use of oil, but there's still a lot of work to do.

More electric mopeds on the road could be an oil demand game-changer.

Photo: Humphrey Muleba/Unsplash

Electric vehicles are starting to make a serious dent in oil use.

Last year, EVs displaced roughly 1.5 million barrels per day, according to a new analysis from BloombergNEF. That is more than double the share EVs displaced in 2015. The majority of the displacement is coming from an unlikely source.

Keep Reading Show less
Lisa Martine Jenkins

Lisa Martine Jenkins is a senior reporter at Protocol covering climate. Lisa previously wrote for Morning Consult, Chemical Watch and the Associated Press. Lisa is currently based in Brooklyn, and is originally from the Bay Area. Find her on Twitter ( @l_m_j_) or reach out via email (ljenkins@protocol.com).

Latest Stories