Design Mobile Family Sharing: Locations, Subscriptions, Screen Time

By /
⏱ 3 min read

“Design Family Sharing” is a multi-account mobile-system-design question — the interviewer is checking whether you understand identity and authorization across multiple users, the unique problem of children’s accounts, and the privacy story behind shared location and screen time. Apple’s Family Sharing and Google’s Family Link are the references.

Clarify scope

  • Just our app, or full OS-level family identity?
  • Features: location sharing, photo album, subscriptions, parental controls?
  • How many members per family? (Apple caps at 6)
  • Cross-platform (iOS + Android in the same family)?

Identity model

  • Family = group with one organizer (must be 18+)
  • Members = adult (full account) or child (restricted account, requires organizer approval)
  • Each member has an own identity; the family is a soft group, not a shared account

Authorization rules differ by feature: location is opt-in per member, subscriptions are auto-shared by default, screen time is enforced top-down.

Children’s accounts

The single most regulated part of the design. COPPA (US), GDPR-K (EU), and similar laws require:

  • Verifiable parental consent before account creation
  • Age-appropriate data handling
  • No targeted advertising
  • Data deletion on request

Implementation: the organizer initiates account creation, presents government-grade ID verification or a small payment (the “credit-card swipe” trick proving adulthood), and supervises permission grants on the child’s device.

Location sharing

  • Each member opts in per-family
  • Background location updates batched and uploaded; throttled when stationary
  • Privacy: server stores recent locations; older history is pruned (Apple keeps ~24 hours)
  • Geofences: notify when a member arrives at home/school/work

Battery management is critical. Use significant-location-change APIs and visit detection rather than continuous GPS.

Shared subscriptions

This is App Store / Play Store machinery, not your app. But you should understand the shape:

  • Organizer’s payment method funds purchases
  • Subscriptions tagged as shareable propagate entitlements to family members’ devices
  • Cross-device entitlement check at app launch
  • Apps must register receipt-validation code that handles family entitlements
  • Time limits per app or category
  • Downtime windows (e.g., bedtime)
  • App approval (kid requests, organizer approves)
  • Web-content filtering at the OS level

Enforcement is OS-level — the OS blocks the app at the kernel/usage-monitor layer; your app cannot bypass it. Approvals propagate via Apple Push or FCM to the organizer’s device.

Shared photo album / iCloud Family

  • Per-family album that all members can add to and view
  • Smart suggestions: “Add this photo of the kids?”
  • Storage counted against the family pool, not individuals
  • Members can disable location sharing for the family without leaving
  • Children’s data is not used for personalization
  • Family-shared content does not bleed into individual feeds without consent
  • Granular per-feature opt-out

Cross-platform considerations

Apple Family Sharing is iOS/macOS-only. Google Family Link works across Android and (for parental controls) Chromebook. A truly cross-platform family sharing system has to model identity at the application layer, not the OS layer. This is hard — most products instead pick one OS and partner.

Edge cases interviewers love

  • A child turns 18 — automatic conversion to adult member, with their data migrated cleanly
  • An organizer leaves — designate a successor or dissolve the family
  • A divorce — both parents need ongoing parental access; not a solved problem
  • A teenager wants privacy — design a “private mode” that limits what the organizer sees

Frequently Asked Questions

How do I verify the organizer is over 18?

Apple uses a small credit-card authorization (legal-adult signal). Some jurisdictions require government ID. Both are imperfect; document the threat model and accept the residual risk.

What about a “babysitter” temporary access?

Time-bound limited delegation: the organizer grants a specific person specific permissions for a specific window. Apple does not offer this; some third-party tools do.

How do I migrate a child to a teen account?

Birthday triggers a state change. Reduce restrictions automatically, but require organizer approval for any data-sharing change. Adult-conversion at 18 should require explicit confirmation.

Scroll to Top