Age rating compliance for open-source mobile software
Following the news lately makes it clear that there's popular demand for applying age restrictions to certain types apps. While Australia was the first to ban social media apps for children, the European Union also started moving on this topic. So F-Droid and the wider mobile FOSS ecosystem might have to address this eventually.
Privacy-respecting age verification is best handled on the device as part of the operating system. The operating system should provide age cohort information to apps, with parents setting their child's age information through the operating system's parental control settings. Apps should then implement content restrictions based on the user's age cohort provided by the operating system.
This approach can easily be translated to the web as well. Browsers would send standardized age classification with every request, for example indicating that a user belongs to the 12 to 16 years of age cohort. Websites with potentially harmful content can then either block access based on age restrictions or alternatively provide content filtered for child safety.
Parental control features are a proven approach that has been working great for many years in practice. So it makes sense to standardize on parental control settings, which are easy and cost-effective for app developers to implement, provide better privacy for users than using a different age verification service for every app, create overall less friction for users, and deliver better safety for children.
Online age verification services where users have to show their ID and or biometric features are a bad idea for several important reasons. They hinder innovation by imposing unreasonable costs on app developers and cause a lot of friction for users. Age verification services also accumulate data that represents an unnecessary cybersecurity risk with major damage and abuse potential.