Asking the device owner for the user's birth date is precisely what the (California) law requires.

Biometrics are not required.

The concept appears to be that a parent or guardian could enter the birth date before turning the device over to a child.

Malicious compliance would be providing this age bracket API:

boolean is_user_over_18() { sleep (18 * 365.25 * 86400); return true; }

This is a real-time interface (as required by the law) that takes 18 years to complete. (Remember: "Real-time" does not mean "fast").