How secure is your child's Android device?

by Screen Time Team on 16/02/2016

Pros & Cons
There wasn’t a perfect solution but we weighed up the pros & cons and decided on the best course of action for Screen Time and the parents we help. In the end we decided to re-release the version of Screen Time that was originally on the Play Store, but we had to make a change and remove the password protection on uninstallation.
The settings of Screen Time are still password protected but inquisitive kids could work out a way to uninstall the app without having the password. For some parents this isn’t a big concern but we always want to make Screen Time as secure as possible to give everyone peace of mind.
So you can still get a version of Screen Time that has password protected uninstallation, and it’s available from our own servers here. We also message parents if it looks like Screen Time has been removed or is able to be uninstalled to let them know about the more secure version.
unknow sources settings

One of the things that you need to do to install the version of Screen Time that has password protection for uninstalling is to enable a setting within Android called Unknown Sources. This allows you to install apps on the device that aren’t on the Play Store. Some see this as a security risk but for others it’s no big deal. Either way it’s important to understand what that feature does so we’re going to take a look at it in more depth.

Leaving Unknown Sources enabled

If, after you’ve read the rest of this article, you’re still not sure about having Unknown Sources enabled. You can play it safe and disable Unknown Sources straight after you’ve installed Screen Time. The only downside to this is that you won’t receive automatic updates. Instead you’ll need to periodically enable Unknown Sources to download the updated version of Screen Time.

Into the Unknown

There has always been a lot of misleading information on digital security, very little of this information is based on data and most times arguments boil down to the more security the better, without looking at the likelihood. Yes, the chances of having an accident are less if you don’t ever go outside, but does that mean you should be a hermit?

“less than an estimated 0.001% of app installations on Android are able to evade the system’s multi-layered defenses and cause harm to users.”

Android Security chief Adrian Ludwig

Firstly leaving Unknown sources disabled is only a benefit to security if it remains disabled. Many kids already know about side loading apps and installing apps from other stores (they often try this trying to get around Screen Time), so there’s a chance that they will enable unknown sources themselves. Most importantly though, Unknown Sources is just a step in Android’s multi layered security.

Apart from Unknown Sources

  • The user needs to confirm the installation.
  • Google’s “Verify Apps” security feature, which checks the app against its own database of malware before it can be installed
  • If the app looks like it is a problem then a warning is shown on screen.
  • Then, if the app looks like it could be a problem, the app is sandboxed and restricted to the permissions granted to it, and Android’s own security checks again whenever the app runs.
  • This helps create a fence around that app and prevent it from doing much damage if that’s its intent.

Android takes their security seriously, as they have too with kids and adults spending so much time on mobile devices, and they are pretty confident in the defenses they have in place. But we talked earlier about risk being a combination of what could happen and the likelihood, so what are the chances that an app gets through those defenses?

Who to trust?

Android are very confident about their security and about the amount of malware that gets through these layers of defence. You could say that they would present the data in that way, and the stats won’t look the same if you ask security companies, but even if Android skew the data it’s still very few apps that get through their defences. But who do you put your trust in?
Trust in yourself and educate your kids! Android provides the tools to prevent malware but the biggest risk is the user, if the warnings are ignored and apps are installed despite them then that’s where problems come in. The big two that will help prevent 99.99% of problems are to ask your kids:

  • To only install apps from Google Play
  • Be aware of Android’s warnings


Join the conversation
  • Moon Light - 14/12/2017 reply

    Thanks for support

  • Indra Sweet Heart - 15/09/2017 reply

    Please feedback help me automatic

    Oli - 15/09/2017 reply

    Hey Indra, I’m sorry I’m not sure how I can help.
    Can you give me some more information about your question or problem please?

  • DGittins - 17/01/2017 reply

    My kid’s account is on a Nexus 2013 tablet. The tablet has my main account, and then I added an account for him in Android Settings. In my main account, I have set “Install from Unknown Sources” so that I could install the apk that you sent. However, when I log on to his account I see the message below, but in his account, the setting for “Install from Unknown Sources” is grayed out (unavailable):
    “Install from unknown Sources must be enabled in Security Settings before your child can keep Screen Time up to date on this device”
    How do I get the latest version of screentime? Can I download the apk instead of using the Google Store?

    Oli - 17/01/2017 reply

    Hi there, it sounds like the second account for your child might be a restricted profile, if that’s the case you won’t be able to enable unknown restrictions on that profile.
    To install Screen Time on a restricted profile you will first need to install the APK on your profile (the first profile) then you can enable Screen Time to install on the 2nd profile through Settings >> Users and tap the cog icon next to the user’s name.
    If you have any problems with that or if I’ve misunderstood could you contact our support team using [email protected] please?

    DGittins - 17/01/2017 reply

    Thanks Oli! I followed those steps but now it seems like the ST app thinks both profiles are the child’s profile. When I installed the APK on my profile, I didn’t see the prompt to choose if it was the parent or the child. So when I activated ST with my code, the main profile (my profile) was locked down as well as the childs profile.

    Oli - 18/01/2017 reply

    Ah ok, it might be because the parent’s app is installed on your profile. If this happens then you won’t be prompted to choose a child during install.
    Can you check to see if the app with the purple icon is installed on your profile? If it is uninstall it, then open the white icon app go to Settings >> Reconnect. During the reconnect you should be asking what child’s name you want, here you can create a new one like parent/dad/mom.
    Once finished with the reconnect the app on your profile won’t be attached to your child’s name and you can turn off all the features so that it doesn’t block you.

Join the conversation