Exactly.

Trying to approach it from the direction of websites determining if you are an adult is a privacy nightmare and provides a huge attack surface. (Which is what the government wants--the ability to monitor.) Flipping it over is much, much safer--but fails the real mission of exposing dissent.

(On-device security, the credential of the adult is loaded onto the device but not transmitted anywhere, it can only be obtained locally. The device simply responds as to whether it has a credential loaded. Bad guys are unlikely to want to sell such devices as the phone could be traced back to them.)

And the parents can select a strict child lock, or permitted but copies forwarded to the parent.)