Privacy audit: the 20-minute quarterly routine
What to check, what to change, and what to do together with your kid.
The quarterly 20-minute audit
- Photos. Review whether location is embedded. iOS: Settings › Privacy › Location Services › Camera › Never (or While Using). Android: Camera app › Settings › Location tags › off.
- App permissions. Which apps have camera, mic, contacts, location? Revoke what isn’t needed. iOS: Settings › Privacy. Android: Settings › Privacy › Permission manager.
- Social media followers. Who follows your kid? Any accounts they can’t identify? Remove.
- Tagged photos. On Instagram, TikTok, and Snap — who tags your kid? Review tags.
- Search your kid’s name. Use your kid’s first + last name in a private browser. What comes up? Any old accounts, abandoned profiles, posts?
- Email breaches. Check your kid’s email at haveibeenpwned.com. Change passwords on any breached accounts.
- Password reuse. The single biggest account-hijack risk. Get your kid on a password manager.
- Two-step verification. Verify 2SV is on for all accounts that matter (Google, Apple, Instagram, TikTok, Snap, Roblox).
- Device installed apps. Any apps you don’t recognize? Look them up.
- Browser extensions. Review every extension on every browser.
What to change after the audit
- Revoke unused app permissions.
- Remove stale social-media followers.
- Delete abandoned accounts (old Roblox accounts, abandoned Instagram accounts).
- Force a password reset on any reused password.
- Add 2SV anywhere missing.
Do it together
For teens: make the audit a joint activity, not a surprise inspection. It teaches hygiene and models the habit they’ll need as adults.