Guidance for Schools: Safeguarding and Filtering on Apple iOS Devices

The safeguarding of children in schools is a statutory responsibility that extends to the use of technology. While Apple iOS devices are widely used by schools, their privacy features and unique operating system characteristics introduce specific safeguarding challenges. These must be fully understood and addressed to ensure compliance with statutory obligations regarding filtering and monitoring. 

This document highlights critical areas for schools using Apple iOS devices, particularly iPads, and provides practical, unambiguous guidance to ensure safeguarding systems are effective. The aim is to support school leaders, safeguarding leads, and IT staff, including those without specialist technical expertise, in taking the right steps to protect children. 

Earlier UK Safer Internet Centre guidance and the Welsh Government’s advice on filtering and safeguarding for Apple iOS devices underscore the importance of using a Mobile Device Management (MDM) system and, where necessary, replacement browsers. However, due to the distinct features of Apple iOS devices, schools are advised to take specific additional steps to ensure, amongst others, the Department of Education’s expectations for appropriate filtering and monitoring to best protect children are met.

Apple’s strong emphasis on user privacy is a core feature of its ecosystem and can offer benefits in terms of data protection and device security. However, these same privacy measures may restrict the ability of filtering and monitoring systems to operate effectively. 

For example, many safeguarding applications cannot monitor or restrict content within specific apps or encrypted traffic, and iOS “sandboxing” (a system that prevents apps from accessing other apps’ data or activity) limits app-level oversight. This means inappropriate content may be accessed or shared without being flagged or recorded. 

These challenges are recognised in national guidance; the Welsh Government has advised that privacy features in iOS, including encrypted DNS, app sandboxing, and Safari’s limitations, can prevent filtering systems from functioning as expected (Welsh Government, 2023). 

It is essential that schools using iOS devices: 
– Understand the technical limitations of their filtering and monitoring systems when used on Apple devices. 
– Assess whether the current set-up provides the same level of safeguarding visibility and control as on other platforms. 
– Meets their own safeguarding requirements 

Enrolling all iOS devices in a Mobile Device Management (MDM) system, alongside Apple School Manager, is important. This enables: 
Consistent, centralised configuration of devices. 

– Management of internet access and app permissions. 
– Enforcement of filtering policies on all devices. 
– Activation of critical features in filtering systems, such as SSL inspection (viewing secure web traffic) or content decryption. 

Without MDM, devices can be extremely challenging to manage effectively, and filtering systems may not function as expected. 

Some filtering providers cannot enforce filtering policies on Apple’s Safari default browser and instead provide managed browsers that are required for filtering to work. 

If your filtering system requires a replacement browser, Safari should be disabled, and the approved browser deployed via MDM. 

Replacement browsers typically offer: 
– Monitoring of search terms and visited websites. 
– Enforcement of filtering policies. 
– Usage reporting for safeguarding purposes. 

Many iOS apps contain “embedded browsers” or open links in other apps that may not be covered by your school’s filtering settings. These can bypass filtering, and schools must assess each app carefully. 

When approving apps, check: 
– Whether the app includes an internal browser. 
– Whether it can restrict video, chat, or external content. 
– Whether it works with MDM settings to enforce restrictions. 
– Whether your filtering or monitoring system can inspect or report on content accessed within the app. 

If devices are used by multiple students, they must be configured to require user login. This is necessary to: 
– Attribute online activity to specific users. 
– Apply personalised filtering settings. 
– Enable accountability and effective safeguarding interventions. 

If a manual system is used (e.g. a physical log of device allocation), schools should evaluate whether it allows sufficient oversight and accountability for safeguarding purposes. 

Managing school-owned iOS devices for safeguarding purposes requires deliberate steps. All schools using Apple devices should: 

– Confirm how their filtering and monitoring systems operate on iOS, and whether all features are supported both inside and outside the school. 
– Ensure users log in to iOS devices (unless they are allocated to a named pupil). Where schools use manual systems (e.g. paper-based logs) to track device allocation, they should take great care to implement clear protocols, ensure consistency, and regularly review these systems to confirm they support safeguarding obligations. 
– Enrol devices in an MDM system, alongside Apple School Manager and Apple Classroom. 
– Disable Safari if your filtering provider requires a replacement browser, and install the approved browser via MDM. 
– Evaluate all apps for compatibility with safeguarding policies. 
– Train staff and pupils in the appropriate use of iOS devices and safeguarding tools. 
– Test filtering and monitoring systems regularly to ensure they are functioning correctly. 
– Define clear protocols for responding to safeguarding incidents involving iOS devices. 

These steps are important, for school owned Apple devices, to meet their safeguarding obligations and specifically the Department for Education’s guidance for filtering and monitoring. 

This guidance equips schools with the practical knowledge needed to manage iOS devices in a safeguarding-compliant manner. While iOS offers strong privacy features, these do not negate a school’s responsibility to monitor and filter online activity effectively. 

MDM (Mobile Device Management): A tool that allows schools to centrally control settings, apps, and restrictions on devices. 
Sandboxing: A security feature in iOS that isolates apps so they cannot access data or activity from other apps. 
Replacement browser: A web browser provided by a filtering company that is designed to enforce filtering policies on Apple devices. 
Content decryption / SSL inspection: Techniques that allow filtering systems to inspect secure (https) website content for inappropriate material. 
Embedded browser: A mini web browser built into an app that may bypass school filtering controls. 

Do we have Apple iOS devices in use? 
How does it comply with our own safeguarding policy and comply with national standards? 
Are all iOS devices enrolled in an MDM and Apple School Manager? 
Do all users log in to their devices? If not, how do we know who is using the device? 
Are we able to deploy effective safeguarding interventions? 
When did we last audit our filtering and monitoring provision? (This should occur annually at minimum.) 
Can our current filtering system enforce policies and report usage on Apple devices? 
Have we disabled Safari if required by our filtering provider? 
Are we confident that off-site use of iOS devices is still filtered and monitored appropriately? 

By answering these questions, schools can demonstrate compliance and take proactive steps to keep children safe. 
 

Web filtering considerations for Apple iOS devices – Hwb

UKSIC calls on mobile manufacturers to do more to help schools with filtering and monitoring devices – UK Safer Internet Centre

Filtering and Monitoring Guidance UKSIC