The quarterly 20-minute audit

  1. Photos. Review whether location is embedded. iOS: Settings › Privacy › Location Services › Camera › Never (or While Using). Android: Camera app › Settings › Location tags › off.
  2. App permissions. Which apps have camera, mic, contacts, location? Revoke what isn’t needed. iOS: Settings › Privacy. Android: Settings › Privacy › Permission manager.
  3. Social media followers. Who follows your kid? Any accounts they can’t identify? Remove.
  4. Tagged photos. On Instagram, TikTok, and Snap — who tags your kid? Review tags.
  5. Search your kid’s name. Use your kid’s first + last name in a private browser. What comes up? Any old accounts, abandoned profiles, posts?
  6. Email breaches. Check your kid’s email at haveibeenpwned.com. Change passwords on any breached accounts.
  7. Password reuse. The single biggest account-hijack risk. Get your kid on a password manager.
  8. Two-step verification. Verify 2SV is on for all accounts that matter (Google, Apple, Instagram, TikTok, Snap, Roblox).
  9. Device installed apps. Any apps you don’t recognize? Look them up.
  10. Browser extensions. Review every extension on every browser.

What to change after the audit

  • Revoke unused app permissions.
  • Remove stale social-media followers.
  • Delete abandoned accounts (old Roblox accounts, abandoned Instagram accounts).
  • Force a password reset on any reused password.
  • Add 2SV anywhere missing.

Do it together

For teens: make the audit a joint activity, not a surprise inspection. It teaches hygiene and models the habit they’ll need as adults.