Set Up Your Child's First Smartphone (iPhone & Android)

Getting your kid their first smartphone is not one decision — it's about a dozen, made in the first hour, that decide how the next few years go. This guide walks the whole setup for both iPhone and Android as the software actually works in 2026, compares what each platform does well, and is honest about what neither one can do. No panic, no "the internet is dangerous" lecture. Just the steps, in order.

Why this guide is different in 2026

The first-phone playbook changed in the last year, on both sides:

• Apple (iOS 26) now applies age-appropriate protections automatically to teens 13–17 the moment an account is created — not just to formal under-13 Child Accounts. App Limits can finally be set to zero (a true block), in-app browsers are blocked during Downtime, and kids must get a parent's approval before adding a new contact.
• Google rebuilt Family Link in early 2025. The parent app now has separate "Screen time" and "Controls" tabs, School Time came to Android phones, and parents can pre-approve who their kid can call and text (on Android 14+). Pixel phones on Android 16 added a native Parental Controls page right in Settings.
• New state laws (Texas, Utah, Louisiana, rolling out through 2026) forced both app stores into new age-rating tiers and "age-signal" systems, so age-inappropriate apps now hide themselves from kids' accounts instead of just refusing to download.

If your last reference point was a guide written before 2025, the menus and the defaults have moved. This one matches what's on screen today.

The two decisions before you even open the box

1. Which account — and whose age is on it. The single most important setting on the whole phone is the birthdate on the account. On both platforms, the date of birth is what triggers every automatic protection. Put the real date in. An under-13 account unlocks the strongest defaults; a 13–17 account still gets meaningful protection in 2026, but you lose the hardest gates (like mandatory purchase approval).

2. Plan for the layers, not the toggle. No single control keeps a kid safe. The setup below builds four layers, and you want all four:

1. Account-level supervision — Apple Family Sharing / Google Family Link
2. OS-level lockdown — Screen Time / Family Link device controls
3. Network-level filtering — DNS at the router or on the device
4. The conversation — the only layer that scales as they get older

Skip any one and the other three have a hole next to them. Most "my controls didn't work" stories are really "I only built layer two."

iPhone: the setup, step by step (2026)

Apple's model is one system: a Child Account inside your Family Sharing group, managed by Screen Time, all behind one passcode you control from your own phone.

Create the account and family

1. On your iPhone: Settings → [your name] → Family → Add Member → Create Child Account.
2. Enter your child's real name and birthdate. Choose an @icloud.com address.
3. The birthdate sets the defaults. Under 13 turns on the full set automatically.

Set up Screen Time (do this from your phone, not theirs)

1. Settings → Screen Time → [child's name] under Family.
2. Set a Screen Time passcode that is not your device passcode and that your kid does not know. This locks every setting below.
3. Downtime — schedule the hours only calls and approved apps work (e.g. 9 PM–7 AM). On iOS 26 this finally blocks in-app browsers too.
4. App Limits — cap categories (Social, Games) or single apps. You can now set a limit to 0 to block an app outright.
5. Communication Limits / Safety — control who can contact them, and on iOS 26 require your approval before they add any new phone number.
6. Content & Privacy Restrictions — the big one:
   • iTunes & App Store Purchases → set Installing Apps and In-App Purchases to Don't Allow (or rely on Ask to Buy, on automatically for under-13).
   • Content Restrictions → set rating ceilings for Apps, Movies, TV, Books; set Web Content → Limit Adult Websites.
   • Allow Changes → Passcode Changes → Don't Allow — this is what stops a factory-reset bypass.

Communication Safety (nudity-blurring in Messages, AirDrop, FaceTime) is on by default for accounts under 18 and runs entirely on-device. For under-13s, the child needs your Screen Time passcode to view anything it flags. Confirm it's on under Screen Time → [child] → Communication Safety.

Do this tonight · 20 min — Create the Child Account, set a Screen Time passcode your kid doesn't know, and turn on Limit Adult Websites + Passcode Changes: Don't Allow. Everything else can be tuned over the week.

For the full menu-by-menu walkthrough, see our Apple Screen Time guide.

Android: the setup, step by step (2026)

Android's model is different: the controls live in a separate app on your phone — Google Family Link — linked to a Google Account you create for your child. It's more setup, but the cross-device management is excellent.

Create the account

1. Install Google Family Link on your phone.
2. Add a child → Create account for a child. Enter their details and a new Gmail address.
3. Google verifies you're the parent with a small, refunded card charge (~$0.30). Takes about 15 minutes.

Add it to the phone and pair

• On a new phone, sign in with the child's new supervised accountSupervised accountA child or teen account formally linked to a parent's account for oversight — Google Family Link, Instagram supervision, Microsoft Family Safety, and others. The parent gets controls and limited visibility; the child keeps using the platform normally. during first-time setup — Android detects it and walks you through pairing. On an existing phone, remove any prior adult account first.

Set the controls (Family Link app → your child)

• Screen time tab: daily limits (different for school days vs weekends), Downtime/bedtime, and School Time — a mode that shows only approved apps and silences notifications during school hours.
• Controls tab → Google Play: set app approval required (every install needs your tap), and a maturity ceiling (Everyone / 10+ / Teen / Mature 17+).
• Controls → Chrome: choose Try to block explicit sites or, for younger kids, Approved sites only.
• Controls → Search: SafeSearch is locked on for under-13s and can't be disabled by the kid.
• Controls → YouTube: pick a supervised level or route them to YouTube Kids; as of 2026 you can set the Shorts feed limit to zero.
• Location tab: turn on real-time location and place alertsPlace AlertsA Snapchat Family Center feature that notifies a parent when their teen arrives at or leaves up to three saved locations (home, school, gym). Both arrival and departure trigger an alert..

Manufacturer matters. On Samsung, Family Link covers the Google Play side, but Samsung's own Galaxy Store and Samsung Internet browser are separate — restrict those in Samsung's settings too, and disable Secure Folder (an encrypted space Family Link can't see). On Pixel (Android 16), there's now a native Parental Controls page in Settings → Parental controls as a simpler single-device option.

Do this tonight · 25 min — Create the supervised account, set Google Play to "approval required," lock SafeSearch, and set a bedtime Downtime. Tune app limits over the week.

For the full walkthrough, see our Google Family Link guide.

iPhone vs Android: what each does better

Both get you to a safe baseline. They're not identical.

	iPhone (iOS 26)	Android (Family Link, 2026)
Where controls live	Built into Settings → Screen Time; manage from your phone	Separate Family Link app on your phone
Setup friction	Lower — one account, one passcode	Higher — create Google account + card verification
App install gate	Ask to Buy (automatic under-13)	Approval required per install
Web filtering	Safari "Limit Adult Websites" (imperfect; see below)	Chrome filter or approved-sites-only
Communication safety	Nudity-blurring on by default, on-device	Sensitive-content warnings in Google Messages
School-hours mode	No first-party equivalent	School Time (a genuine advantage)
Cross-device view	Strong within Apple devices	Strong; works across more device types
Biggest weak spot	iOS 26 private-browsing regression (below)	Sideloading + second-account bypass

The honest summary: iPhone is easier to set up well and harder for a kid to fully escape; Android gives you more granular control and School Time, but has more side doors a determined kid can find. Neither is "the safe choice" — the setup is what makes it safe.

Layer 3: filter at the network, not just the phone

Both platforms' web filters are domain-based and imperfect, and both can be sidestepped by a different browser or an in-app browser. The fix is to filter one level up — at DNS, so it applies to every app and browser on the device (and the whole house). A free, family-grade DNS resolver blocks adult and malware domains network-wide in about ten minutes.

See our guides on blocking adult content with DNS at your router and NextDNS for families. This is the layer most parents skip and the one that quietly covers the gaps in layers one and two.

Common bypasses, ranked by how often kids actually use them

1. A second, unsupervised account. The most common. A kid signs into a personal Gmail/Apple ID the controls don't know about. Counter: on Android, allow only supervised accounts and check Settings → Accounts; on iOS, never share your Apple ID password (it can reset the Screen Time passcode).
2. Factory reset. Wipes the phone and all controls. Counter: iOS — set Passcode Changes to Don't Allow; Android — enable Factory Reset Protection so the device demands the original Google login after a wipe.
3. Sideloading / a different browser (Android). Installing an APK or Firefox to dodge Chrome's filter. Counter: keep Chrome on approved-sites-only, leave app approval on, and check that "install unknown apps" is off.
4. Private/Incognito browsing. On iOS 26 there's a known regression where "Limit Adult Websites" no longer blocks Safari private tabs — use Only Approved Websites or DNS filtering to close it.
5. VPN apps to tunnel around DNS filters, and vault apps disguised as calculators to hide content. Counter: block VPN installs, and learn to spot vault apps.

Our bypass-prevention checklist and the VPN and vault-app guides cover these in depth — worth a read once the basics are set.

What neither phone can do (the honest fence)

• Neither filters inside an app. Screen Time and Family Link gate the app store and the browser, but once an app is installed they can't see or filter what's in its feed. A 13+ social app can still surface adult content algorithmically.
• Controls update roughly once a day. Neither gives true real-time monitoring on its own.
• The 13th birthday changes the math. On Google, your teen gets emailed the option to take over their account (you must approve removing supervision, but they'll know they can ask). On Apple, more freedom unlocks automatically. Plan for it before it arrives.
• Another device is a clean escape. None of this applies on a friend's phone, a school laptop, or a games console you didn't lock down.

The operational rhythm

• First week: check the Screen Time / Family Link activity report daily. You're learning what "normal" looks like and catching anything you over- or under-restricted.
• First month: move to a weekly glance. Approve or deny app requests as they come. Adjust limits to reality, not the ideal.
• Ongoing: a monthly two-minute check — new apps, time trends, any new accounts on the device. Re-verify the birthdate-driven settings after any big OS update, since defaults occasionally reset.

What to actually talk to your teen about

The settings buy you time; the conversation is what lasts. Keep it short and repeat it:

• "If anything online makes you uncomfortable, you can show me and you won't lose the phone." (Removing the fear of confiscation is what gets them to tell you.)
• "Anyone who asks you to move to a different app, keep a secret, or send a photo is a red flag — every time."
• "These controls aren't because I don't trust you. They're training wheels. They come off as you show me you don't need them."

Bottom line

A safe first phone isn't a brand or a single magic toggle — it's four layers set up in the first hour and a conversation you keep having. iPhone is the faster path to a solid baseline; Android gives you more control and School Time if you'll do the extra setup. Either way, the birthdate, the locked passcode, network-level DNS filtering, and the talk are what carry the weight.

Three things to do tonight:

1. Create the supervised account with the real birthdate, and set a controls passcode your kid does not know.
2. Turn on web filtering (Limit Adult Websites / Chrome filter) and set Passcode Changes/Factory Reset Protection so the controls can't be wiped.
3. Set one DNS filter for the whole house, and have the 30-second "you can always show me" conversation.