Will Your Phone Allow You to Read This Article?

How old are you? Sorry to ask such a personal question but I need to check you are old enough to read this article. I can’t remember the last time I was asked if I was old enough for anything, so it was a shock when I was asked last week. But not by a person, by my phone, just after it automatically installed the Apple iOS 26.4 update. It was more than asking, it needed verification: ID, credit cards, the usual list. Why? We all know why, don’t we? Or do we?

Let’s start with what is and is not changing. The most recent iOS update on iPhones and iPads in the UK asks the owner to log in to their Apple account (which means they identify themselves), then “Confirm You are 18+”. It explains why: “to change content restrictions”, so it complies with GDPR (you must plainly state your purpose for requesting personal data) and you cannot just self-certify an affirmative answer, you need to offer what in digital ID circles is known as a verifiable credential: your Apple account, a credit card or government issued ID card. This looks like a requirement from the UK Online Safety Act which requires “highly effective” age verification. You do get the option to not confirm (again keeping it GDPR compliant) in which case you will find in your phone’s settings that the content and privacy restrictions that default to OFF are instead now ON and the web content setting has been set to “Limit Adult Websites”. If you try to change that you will be prompted again to confirm your age. Choosing to not confirm your age and not being able to do so for whatever reason end up with the same status: you cannot access ‘adult’ content on the web. There ain’t no way round it other than verifying your 18+ status. Forget VPNs and forget “privacy preserving” browsers such as DuckDuckGo, Brave or even Tor.

What is going on? Clearly there is a political aspect to this but as this is an article from your IT correspondent let’s start with the tech. How can it affect all browsers, especially ones not supplied by Apple? Despite appearances to the contrary, there are only really three web browsers: Blink with 70% market share which you may know better as Chrome, Edge, Opera or Brave; Gecko from Mozilla in the form of Firefox and finally WebKit, presented as Safari. But on Apple mobile devices outside the EU, Apple mandates all browsers to use their WebKit WKWebView API for rendering and JavaScript. That means Chrome, Firefox, DuckDuckGo even Tor on your iPhone render web pages just the same as Safari under the covers. That gives Apple mobile devices a unique pinch point where all web content can be filtered and the 26.4 update uses it. This pinch point is only on Apple mobile devices, so not in its desktops and of course not in the non-Apple Android, Windows or Linux eco systems.

Back on the iPhone, although we are being asked to confirm our 18-plus status for the phone’s content filters, the filters are not new. They have been part of iOS for years supporting the claim that the device is family friendly and can be made compliant as a device used inside corporations. They allow the parent or company administrator to determine what can and cannot be purchased in the app store and whether to allow access to explicit media in formats such as podcasts, TV shows, eBooks and web content. How any of those categories are determined and who determines them has always been somewhat vague and opaque. When it comes to the web, access is either “unrestricted”, “limit adult websites” or “only approved websites”. Prior to iOS 26.4, unless your parents or employer got to the phone first, these filters started in the off position. After iOS 26.4 they are still off except for the web content filter. That is now on until you can confirm your 18-plus status. To be clear, it does not apply to other content types accessed through apps other than web browsers. However Apple defines what “explicit” means and whoever categorises the content, you can listen to explicit podcasts, buy explicit apps, listen to and read explicit books without proving your age. But you cannot browse “adult” websites without confirming your age. I don’t know if that continues if you take the device outside the UK.

So much for the tech. Why is Apple doing this? Or perhaps we should ask why now? After all, Apple made an anti-pornography stance part of its launch of the iPad. “I want the iPad porn free,” said Steve Jobs all the way back in 2010. It seems incredible now but back when the iPad was launched Germany’s Stern magazine saw its app pulled because it ran topless photo spreads, while the newspaper Bild added bikinis to its topless models. A gay travel guide to New York even got the boot. None of this was because of pressure from legislators: Apple seemed to be showing a puritanical streak. A section in its developer agreement warned against: “Materials… that in Apple’s reasonable judgement may be found objectionable, e.g. materials that may be considered obscene, pornographic or defamatory.” These days just reading Apple’s own Content and Privacy Restrictions tells a very different story: books can be explicit; apps can be 18-plus and web content can be adult. What would Steve Jobs think? Even the message on the age confirmation screen that “the UK requires…” has a ‘nothing to do with us’ feel about it. Yes, it can only be the Online Safety Act.

The commentary on this issue has tended to be somewhat parochial. Apple and the other tech giants do not make their products just for us Brits. Global suppliers of whole-planet tech such as Google, Meta and Apple are having to deal with censorious legislation in every region of the globe. Apple calls it “age assurance obligations” and from its developer blog it is clear it’s thinking about Brazil, Australia, Singapore, Utah and Louisiana in particular. The UK doesn’t even get a mention. Content filtering may not even be its biggest issue. Consider the case that Meta and YouTube just lost in Los Angeles. They were found negligent in not warning users of the “dangers” associated with using their platforms. The case is significant because it does not focus on the content itself but merely on the algorithms suggesting that content. This gets around US section 230 of the 1996 Communications Decency Act that protects interactive computer services from liability for third party content. That has huge consequences and it is not too much of a stretch to see the decision being broadened out to the devices hosting the apps that show the content. It has been described as a Big Tobacco moment for Big Tech. In the US, as in the EU, instead of campaigners going after the small-time creators of the actual content they are finding ways of weaponising it and going down the tech stack to the Big Tech providers they really despise. The class action suits could be epic.

Given all this is, it is not so surprising that platform companies such as Apple are keeping up with legislation such as the Online Safety Act. To what extent they also agonise over the slippery slope and free speech arguments we don’t know. But limiting the age restriction to only web content when it would have been justifiable to filter everything it determines as explicit may in fact be an encouraging sign, even if the experience on install is somewhat jarring. On the other hand, we have now seen how control over access to content can be taken out of your hands based on nebulous definitions and vague proxies such as whether or not you have a credit card. It does feel ripe for activists to abuse just as they have with ‘hateful content’. We know the controls are already there, just look at the settings on your iPhone. If the web filter can be forced to ‘on’ then so can all the others. Who knows who gets to define what constitutes adult content. The real question is who controls the controls. As Apple has demonstrated: not you. Enjoy what freedom you have while you can.