Tech Lockdown Tech Lockdown
Free Trial
Go back

Dashboard Beta Update - New Tools and Improvements (August 2024)

author
Ben
|
Updated August 23, 2024

The Tech Lockdown dashboard (Beta version) has been updated recently to add a few additional tools, improved device setup process, and a new premium guide.

Here is a summary of the new additions:

  1. New Mac Content Policy enforcer tool simplifies bypass prevention on Mac.
  2. New Supervised Config generator reliably enforces restrictions on iPhone and iPad devices.
  3. New Android device management guide that showcases a better device management alternative.

Content Policy Enforcer Tool for Mac

We've created a package for Mac that enforces the VPN connection to your Content Policy when the Cloudflare WARP application is used.

This tool prevents the Cloudflare WARP application from being stopped or deleted.

If the application is stopped, it is immediately restarted.

With this approach, you don't need to block activity monitor or enter commands into terminal to make the application harder to install. The Mac can be configured as normal without having to hack together bypass prevention features, like restricting access to entire parts of the system.

You can find this tool in the Tech Lockdown dashboard > Tools > select Mac in the carousel.

Reliably Enforce Restrictions with Supervised Configs

If you've followed our guide for setting up a supervised iPhone or iPad , you've unlocked the ability to install powerful config files on the device for better blocking and bypass prevention.

We've released our own supervised config generator that significantly simplifies this process and provides you with a simple dashboard to add these configs to your supervised device.

So why did we put effort into building this feature? I'll explain some of the areas we solved for and also the features we created:

Solving for App Blocker Gaps

The supervised config approach to app management is more reliable than what you can achieve with an App Blocker downloaded from the App Store. 

Third-party App Blockers use the Screen Time capability that Apple provides. Unfortunately, you can easily toggle off an App Blocker in Screen Time settings by revoking the app's permission. The only workaround for this is to lock the iPhone settings app , which is quite limiting. The settings app can't normally be blocked, so you have to hack together Apple Shortcuts with a third-party app blocker.

The supervised device app blocking approach solves for these weaknesses using enforced Config files and by not depending on Screen Time.

Solving for Screen Time Gaps

Apple Screen Time is one of the main ways to enforce certain restrictions on an iPhone or iPad, but supervised configs are more reliable.

There are some glaring weaknesses with Screen Time:

  1. Screen Time can be locked with a pin, but this pin is easy to remember. Also, if you are the owner of the device, you can easily use "forgot pin" to bypass the screen time lock. Screen Time isn't a great solution if you are an adult who is self-managing. 
  2. When preventing app install with Screen Time, the entire app store is disabled and existing apps cannot be updated. This means that screen time has to be unlocked, app store enabled again, run app updates, then lock screen time again. If you depend on another person to manage your screen time settings, this process is incredibly problematic. Supervised config files can block app install while still allowing existing apps to update. Config files can be enforced with your own Tech Lockdown profile locking.
  3. Screen Time doesn't provide app blocklists - you have to either limit all new app downloads or set low app time limits. In contrast, supervised configs can specify app blocklists and allowlists.

Solving for Enforcing a Content Filtering VPN

Another challenging area to solve for on iPhone and iPad devices is enforcing a content filtering VPN connection.

If you've downloaded a content filtering app, like the Cloudflare One app we use to establish the connection to the Tech Lockdown Content Policy, the app turns on a VPN connection.

There are several bypass methods that do not involve deleting the app, which have to be solved for in the following ways:

  1. Completely restricting access to device settings
  2. Preventing new apps from being installed

The new supervised config approach solves for this in a better way:

  1. Enforce the Cloudflare One VPN profile
  2. Prevent new VPN profiles from being added

Enforcing a Config

Config files on a supervised iPhone or iPad can be enforced so that the option to delete the config is not available.

When using your Tech Lockdown dashboard to add a config file, you can specify the prevent uninstall option (enabled by default):

In order to remove a config with uninstall prevented, you'll have to install the same config again with Uninstall Prevented de-selected.

This is where profile locking comes in: if your Tech Lockdown profile is locked, you'll be prompted to unlock your profile in order to de-select this option. 

Config Presets

We provide downloadable presets with recommended configurations that allow you to better enforce a Content Policy and control how the device is used.

One of the advantages of using our presets is that you can prevent them from being uninstalled, gating the ability to uninstall the config behind our  profile locking feature .

Here are the presets we make available:

Prevent Deleting Apps

Apps that already exist on the device will be enforced to prevent uninstallation.

Prevent New Apps

Disable the ability to add new apps to the device from the App Store or from the web. Existing apps can still be updated.

Restrict New VPNs

Prevent a user from bypassing a Content Policy by adding a conflicting VPN connection that overrides the Cloudflare Zero Trust VPN connection.

Enable Built-in Adult Content Filter

Forcing on the built-in adult content filter will add an additional layer of content filtering alongside your Content Policy. It will also disable Safari private browsing, which can sometimes conflict with the Content Policy.

Prevent Turning Off WiFi

If your home router points to a Content Policy to filter online content, you can force an iPhone to always connect to WiFi instead of switching to 4G/5G internet. This is ideal when combined with a WiFi config that auto-connects to your Home WiFi.

Enforce Cloudflare VPN

This removes the option to delete a currently active VPN connection in the iPhone's settings. Deleting a VPN connection is one way to bypass a Content Policy, so this can be used to prevent that. When combined with the Prevent Creating VPNs config, bypass prevention using conflicting VPN apps is effectively prevented.

Complete App Management with Native App Blocking

We've talked about blocking apps on an iPhone using the Tech Lockdown Content Policy, allowing you to break the app by preventing it from accessing the internet. While this is a powerful approach since it also applies to the browser-version of the app, it can be limiting if you want to prevent an app from being installed in the first place or block an app that doesn't depend on the internet to work properly.

Now you can block apps natively (prevent them from being opened or installed) using your Tech Lockdown dashboard.

You can search for App Store apps and add them to a blocklist.

There's also an App Allowlist section, which allows you to specify a default-deny approach to app blocking: only approved apps will be accessible on the device and all others will be blocked by default.

This approach is useful if you want to create a dumb iPhone . You can add a timer to this Allowlist to create a temporary dumb-phone: the allowlist will automatically delete itself and revert to allowing all apps after the specified timer.

There are a few use-cases for this:

  1. Only allow certain productive apps while studying for a test or focusing on work. Add a timer of 8, 24, or 48 hours or another time period.
  2. Fast from addictive apps on your phone for the next week. Simply add a timer of 168 hours to enable this restrictive Allowlist mode for an entire week.

New Android Device Management Guide

We've released a new premium guide for our customers who use Android devices that provides an alternative device management path: configure a Device Management App instead of using a Mobile Device Manager. 

This new Device Management App approach is a better alternative to Mobile Device Management if you are an adult self-managing your own blocking system, but parents might still consider using the current MDM approach.

Enforce a specific VPN connection

If you are using the Tech Lockdown Content Policy, you probably installed the Cloudflare One app, which adds a VPN connection that keeps the internet connection filtered even when roaming away from home.

You can use device management to prevent overriding this VPN connection (like by a conflicting app or manual VPN settings changes).

Enforce Specific Apps

You can reliably enforce (protect) a content filtering app, like the Cloudflare One app we recommend to our customers. 

Simpler Setup and Management

Compared to the existing mobile device management solution we recommend; this setup process is much faster and easier. Also, this device management app is installed and enforced on the android device that it is managing. This makes it easy to add to your restrictions or make necessary changes if needed (but locked behind the app's self-restriciton features). 

Self-restriction Features

The device management app is designed with personal self-management in mind (you want to prevent yourself from bypassing self-imposed restrictions). For example, it allows you to use a time-delay locking feature, which is perfect if you are self-managing your own blocking setup.

Open chat