How to Restrict Android App Installs for Your Kid: A Two-Track Guide

Stop wrestling with Android settings menus every time your kid finds a new app to download. "Restricting installs" sounds like a single toggle, but on Android it is actually two separate problems — blocking new installs from the Play Store, and dealing with risky apps that are already sitting on the home screen. Add sideloaded APKs from the browser into the mix and a single Family Link checkbox no longer covers it. This guide walks through the native Google Family Link path, the gaps it leaves behind, the parental control layer that closes them, and the practical fix when your child tries to sideload an APK around your rules. If apps are hidden rather than newly installed, find hidden apps on iPhone covers the Apple side.

What "Restricting App Installs" Actually Means on Android

When a parent searches for how to restrict Android app installs, they usually have two scenarios in mind that get mashed into one query. Separating them up front saves hours of trial-and-error.

• New installs from the Play Store. The child opens Play, finds something, and taps Install. You want that to require your approval — or be blocked outright by age rating.
• Apps already on the device. TikTok, Snapchat, Roblox, or a game your kid downloaded two months ago. Blocking Play Store does nothing for these — they are already on the home screen.
• Sideloaded APKs. The browser or a Discord message hands the child a .apk file that installs outside Play. Family Link does not gate this path because Google's approval flow only fires inside Play Store.

A single toggle does not solve all three. The realistic stack is Google Family Link for Play Store approval, plus a parental control layer for already-installed apps and sideload defense.

A quick decision check before you start:

• Under 13: use a supervised Google Account with full approval-for-all-downloads.
• Teen 13+: move toward a request-permission model — fewer fights, same control.
• Shared family tablet: create a separate child profile rather than sharing your account.

Track 1: Block New Installs From the Google Play Store

The native path runs through Google Family Link and the Play Store's parental controls. Here is the order that actually works:

1. Install Google Family Link on your phone and link your child's Google Account to a supervised profile. Children under 13 must use a supervised account; teens can opt in.
2. Turn on install approval. Inside Family Link, open your child → Controls → Controls on Google Play → Apps & games → set to Require approval for all downloads. This forces a push notification to your phone for every install attempt.
3. Set content rating filters. Same screen, scroll to Content restrictions. Choose an age band (E, T, M) so unrated or mature apps disappear from Play Store search before the child even sees them.
4. Require authentication on every purchase. On the child's device, open Play Store → profile icon → Settings → Authentication → Require authentication for purchases → For all purchases through Google Play on this device. This stops in-app purchases inside apps the child already has.
5. Lock device-level install sources. Settings → Apps → Special app access → Install unknown apps. Set every browser and messenger to Not allowed. This is the single most overlooked step.

Known gaps with this native path — and this is where parents get burned:

• Account switching. Older kids learn to add a personal Google Account to the device. Family Link's approval only applies to the supervised account.
• Secondary stores. Samsung Galaxy Store, Amazon Appstore, and APK markets do not respect Play Store parental controls.
• Pre-installed apps. Carrier or OEM apps that shipped with the device are not gated by Family Link approval, because they were never installed from Play.
• Apps the child already has. Family Link approval is install-time only — it does not retroactively block what is already on the home screen.

Set up Track 1 first because it is free and stops the easiest path. Then layer Track 2 on top for everything Family Link misses.

Track 2: Restrict Apps Already Installed on the Device

This is where Family Link runs out of road. If TikTok is already on the home screen, blocking new Play Store installs is irrelevant — the app is already there, and tapping the icon launches it normally.

The native options for installed apps are limited:

• Per-app daily time limits in Family Link. Useful for budgeting screen time, but they do not stop the child from opening the app — they only cut it off after a daily quota. A risky app gets up to its limit every day before the lock kicks in.
• Disable system apps. You can disable some pre-installed apps from Settings → Apps, but most user-installed apps can only be uninstalled, and uninstalling triggers a confrontation.
• Hiding apps. Some launchers let you hide an icon, but a long-press on the home screen brings it back.

What parents actually need for risky apps that are already installed:

• Instant per-app block — not limit to 30 minutes, but blocked right now, no countdown, no negotiation.
• Scheduled block — TikTok during homework hours, all chat apps during school, gaming after 9 PM.
• A request-to-unlock path — instead of a daily argument, the child taps a request-access button and the parent approves or denies in one tap.

The request-to-unlock pattern matters more than people realize. When kids have a legitimate channel to ask, they stop probing for workarounds. The lock becomes a conversation instead of a wall, and you get visibility into which apps your child actually wants — which is parenting data you would not otherwise have.

This is the gap a dedicated parental control app fills, and it is what we cover next. An app install and usage controls view pairs that request-to-unlock flow with the visibility into which apps your child actually wants and uses.

Use NexSpy to Close the Gaps Family Link Leaves Open

Family Link is a fine starting point for Play Store approval. The reason most parents still end up adding a parental control layer is that Family Link was built around the install moment — once an app is on the device, your enforcement options narrow to time limits. NexSpy sits next to Family Link rather than replacing it: keep Family Link for the supervised account and Play Store approval, and use NexSpy for everything that happens after an app is already on the phone.

Below is the honest side-by-side for the two-track problem this article opens with.

Instant per-app block with a request-permission path

The lever Family Link is missing is immediate blocking of an already-installed app. From the NexSpy Parent Dashboard, tap an app on the child's device and choose Block now or Schedule. Blocked apps become inaccessible until the restriction ends, and the icon is hidden from the home screen on Android — so the child is not tempted to keep tapping a dead icon. When the child wants access, they hit Request permission in the NexSpy Kids app; you get a push notification and approve or deny in one tap. This is the de-escalation pattern that ends the nightly can-I-have-it-back argument.

Website filter, custom blacklist, and Safe Search

Most kids who cannot install an app from Play Store next try the browser. NexSpy's Website Restrictions cover that route with four prebuilt categories — adult, drugs, violence, and gambling — plus a custom blacklist and allowlist for everything else. Add the APK-hosting domains your child has been Googling to the blacklist and the download itself never reaches the device. Safe Search is enforced across Chrome, Edge, Firefox, Opera, Samsung Internet, and Safari, which closes the search-result workaround that pure DNS filters leave open.

Browsing history review for the post-block conversation

When a block fires, the useful next question is what your kid was actually trying to do. NexSpy's browsing history review on Android shows the sites visited and the searches that ran before and after the block attempt. That is the difference between handing down a punishment and saying — I saw you searched three times for a TikTok APK, let's talk about why TikTok matters to you. The data turns the lock into a conversation, which is the goal.

NexSpy works alongside Family Link, not on top of it. Set up Family Link first for Play Store approval, then add NexSpy for already-installed apps, browser-side filtering, and the request-permission flow. The combination covers all three problems this article opens with — new installs, installed apps, and sideloads — without rooting the device.

What to Do When Your Kid Tries to Sideload an APK

Sideloading is the workaround most parents do not see coming. The child downloads a .apk file from a browser, Telegram, Discord, or a Google Drive link, and installs it outside the Play Store. Family Link's approval flow never fires because Google was never asked.

Lock down sideloading in this order:

1. Disable Install unknown apps per source. Settings → Apps → Special app access → Install unknown apps → set Chrome, Edge, Firefox, Samsung Internet, Files, Telegram, Discord, and Drive to Not allowed. Android grants this permission per app, so you have to walk the list — there is no global off switch.
2. Block the download source. Add common APK-hosting domains to a custom website blacklist so the download never lands on disk. This is more durable than chasing individual installer apps.
3. Catch what slips through. If a sideloaded app still appears on the home screen, add it to a per-app block from the parent dashboard — instant or scheduled — same as any installed app. The icon hides on Android until the block ends.
4. Offer the legitimate path. Hand the child the request-permission button in the NexSpy Kids app and explain it. Most sideload attempts are kids trying to get a specific app you already said no to. When the ask is one tap, the workaround dies on its own.

Sideloading defense is layered: settings to make it hard, a website blacklist to cut the supply line, a per-app block to catch the leftovers, and a request flow to remove the motivation. None of those four are one-and-done — review them once a month as the child finds new download paths.