Frequently Asked
Questions

No. Kahf Guard cannot and does not access your messages, photos, or personal files.

The app uses Android's Accessibility Service to detect specific screen patterns — such as whether the YouTube Shorts tab is open or whether a blocked website is showing in your browser's address bar. It looks for structural markers (button IDs, tab labels), not your personal content.

The app does not request permissions for contacts, SMS, call logs, camera, microphone, or file storage — it physically cannot access these.

No. Android itself prevents this at the operating system level.

When any app marks an input field as a password (which all standard login screens do), Android returns empty or hidden text to any accessibility service — including Kahf Guard. This is an OS-level protection that no app can override.

Beyond this built-in protection, Kahf Guard's code only looks for specific view IDs associated with features like YouTube Shorts or Instagram Reels, URLs in browser address bars (to check against your blocked websites list), and a small set of explicit harmful keywords. The app applies strict text-length filters and skips anything that does not match these narrow checks.

Your data is stored in two places: on your device and on our servers.

• On your device only: All screen content analysis (processed in memory and immediately discarded), blocking statistics, feature toggle states, and pause data. This data never leaves your phone.
• On our servers: App usage statistics (which app, how long, by hour), installed apps list, permission status, DNS settings, and your account information. All server data is transmitted over encrypted HTTPS connections.
• Analytics: We use PostHog, Firebase Analytics, and Facebook SDK to understand how users discover the app and improve features. In some cases, limited account identifiers may be transmitted as part of standard SDK functionality. This data is not used for profiling or resale.

All content detection — checking for YouTube Shorts, Instagram Reels, blocked websites, and harmful keywords — happens entirely on your device, in your phone's memory. The detection result is a simple "block" or "don't block" decision. The actual text and UI data from your screen is never written to disk, saved to a database, or sent over the internet.

No. Your browsing history is never stored or transmitted.

When the website blocker feature is active, the app checks the URL currently visible in your browser's address bar against your personal blocklist. This check happens instantly in your phone's memory. If the URL matches a blocked domain, the app navigates you away. If it does not match, the URL is immediately discarded.

No. Kahf Guard does not use a VPN. Your internet traffic does not pass through our servers.

The Safe Internet feature works by configuring your device's DNS settings to point to Kahf Guard's DNS servers. DNS filtering only affects domain name lookups — it does not intercept, inspect, or route your actual internet traffic. Your data goes directly from your device to the websites you visit, without passing through any Kahf Guard infrastructure.

No. Kahf Guard does not record tap coordinates, swipe gestures, or typed text.

The Accessibility Service API does not provide touch coordinates or gesture data. The app receives text content from UI elements — not interaction events. Our analytics (PostHog) records only named events like "user enabled a feature" or "user visited a screen" — not how you interacted with those screens. No typed text is recorded or transmitted.

Android's Accessibility Service is the only API that allows an app to detect what is currently displayed on screen — which is essential for blocking specific content like YouTube Shorts, Instagram Reels, or blocked websites in a browser.

Without this permission, Kahf Guard could only block entire apps (by preventing them from opening), not specific features within apps. The Accessibility Service is what makes it possible to block Reels while still allowing you to use Instagram for messaging, or to block Shorts while still allowing YouTube for learning.

This is the same API used by screen readers, password managers, and productivity tools like LastPass and Google Assistant.

The Accessibility Service provides the structural "table of contents" of your screen — not the visual content. It can read text labels, element IDs, and content descriptions of UI elements. It cannot see images, videos, or visual content.

Kahf Guard uses this to check for specific view IDs (like the Shorts player ID in YouTube) and URLs in browser address bars. It does not process, store, or transmit any of this structural data — it simply checks it against your blocklist in real time and discards it immediately.

Taking screenshots requires the MediaProjection API, which requires explicit user confirmation every time it is used (Android shows a prominent system dialog). Kahf Guard does not use MediaProjection and does not request it.

No. All screen content analysis is processed in memory and immediately discarded. The app checks whether a specific condition is met (e.g., "is the Shorts player open?") and then discards all the data used to make that check. Nothing is written to disk or sent to any server.

No. It only monitors apps relevant to the features you have enabled. The app maintains specific lists of monitored packages:

• Social media apps (YouTube, Instagram, Facebook, Telegram, WhatsApp) — only if you have enabled their specific blocking features
• Browsers (Chrome, Firefox, Edge, Brave, and 13 others) — only if you have the website blocker or risky word blocker enabled
• System apps (Settings, Play Store) — only for uninstall and DNS change prevention

Any app not on these specific lists is entirely ignored. When Android sends an event from an unmonitored app, the app drops it instantly without any processing.

Yes. Go to your phone's Settings > Accessibility > Kahf Guard, and toggle it off. This immediately disables all content-blocking features. The app will continue to work for non-blocking features (like prayer times), but it cannot detect or block any content without this permission.

If uninstall protection or DNS change prevention is enabled, the app will detect attempts to access these settings and redirect you back to prevent children from disabling parental controls. In this case, the parent can disable these protections remotely from their device or generate an emergency code to allow changes.

Android automatically masks password input fields at the OS level. When any app marks an input field as a password field (which all standard login screens, banking apps, and secure forms do), Android prevents accessibility services from reading the text in that field. The service receives empty or masked content instead of the actual password. No app can override or bypass this protection.

No. This is an Android platform limitation that applies to all accessibility services. The Accessibility Service API provides text labels, element identifiers, and content descriptions — the structural "table of contents" of your screen. It does not provide pixel data, image content, video frames, or any visual information. A service can detect that "there is an image element here" but cannot see what the image shows.

No, for two reasons:

1. Banking and financial apps use Android's FLAG_SECURE protection, which blocks all accessibility services from reading their content. This is enforced at the OS level.
2. Kahf Guard only monitors apps on your specific blocking list (social media apps, browsers, and system settings). Banking apps are never on this list and are completely ignored by the app.

Android's Accessibility Service API has strict limitations enforced by the OS. It cannot access:

• Images, videos, or visual content — only text labels and element IDs are available
• Network traffic — no API exists for intercepting internet connections
• Files or storage — cannot read, write, or access your files, photos, or downloads
• Camera or microphone — these require separate permissions that Kahf Guard does not request
• GPS location — requires separate permission that Kahf Guard does not request
• Contacts, SMS, or call logs — requires separate permissions that Kahf Guard does not request
• Password fields — Android masks these automatically at the OS level
• Content in FLAG_SECURE apps — banking and security apps are protected by the OS

Each permission serves one specific purpose. We do not request any permission we do not need.

Yes. All permissions can be revoked at any time through your phone's Settings. Revoking a permission disables the feature that depends on it. For example, revoking the Accessibility Service permission disables all content blocking. Revoking Battery Optimization exemption may cause protection to stop unexpectedly. The app will notify you if a critical permission is missing.

Because Android kills all background services when your phone restarts. If Kahf Guard did not restart automatically, your content blocking would silently stop working every time you restarted your phone — a child could simply restart their phone to bypass all restrictions.

The boot process restarts the protection service, reschedules prayer time calculations, and restores notification settings. It does not send any data to servers, does not report anything about your device, and does not perform any network communication during startup. This is standard behavior for any protection or parental control app on Android — including Google Family Link.

The app listens for a small number of system events, all for one purpose: ensuring your protection stays active. When your phone restarts, the app needs to restart its protection service. The events it listens for — such as boot completion and power state changes — are used solely to check whether the Accessibility Service is still running and restart it if needed.

The app does not monitor your calls, SMS, location changes, Wi-Fi connections, Bluetooth activity, app installs, or any other system activity. It does not send any data to servers when these events occur.

Android has a built-in backup system that automatically saves app preferences to Google Cloud. Kahf Guard's backup only includes your feature settings (which toggles are enabled) and a device identifier. It does not include screen content, messages, browsing history, app usage data, or any personal content.

This backup is encrypted by Google and managed through your Google account. You can disable Android backup entirely in Settings > System > Backup. If you uninstall and reinstall the app, only your preference settings are restored — you still need to log in and re-enable permissions.

Kahf Guard offers 18 different blocking features across six categories:

• Content Blocking (specific features inside apps): YouTube Shorts, Instagram Reels, Facebook Reels, Telegram Search, WhatsApp Status
• App Blocking (entire apps): YouTube, Instagram, Facebook, Telegram, WhatsApp — individual toggles, plus any custom app you choose
• Group Blocking: Social Media group — 17 apps including Facebook, Instagram, Twitter, TikTok, Snapchat, Reddit, Pinterest, Discord, and more
• Website Blocking: Custom domains you add to your blocklist, detected across 17 supported browsers
• Harmful Content Detection: Risky word blocker — scans for explicit adult and gambling terms in social media apps and browsers
• System Protection: DNS change prevention, uninstall prevention, and emergency pause disabling

The website blocker reads the URL currently visible in your browser's address bar and checks it against your personal blocklist. This check happens in real time in your phone's memory. If the URL matches a blocked domain, the app navigates you away from the page. If it does not match, the URL is immediately discarded — it is never stored, logged, or transmitted.

The blocker works across 17 supported browsers, including Chrome, Firefox, Edge, Brave, and others.

The risky word blocker scans visible text in social media apps and browsers for a curated list of explicit adult and gambling terms. When a match is found, the app navigates away from the content. The scanned text is processed in memory and immediately discarded — it is never stored or transmitted. The word list is maintained by Kahf Guard and updated periodically.

When blocked content is detected, three things happen simultaneously:

1. Navigation away — The app presses the Back or Home button to take you away from the blocked content
2. Block overlay — A full-screen overlay appears showing an inspirational Islamic message (a hadith or Quran verse) for about 8 seconds
3. Haptic feedback — A gentle vibration provides physical confirmation that a block occurred

Yes, if the Emergency Pause feature is enabled (and not disabled by a parent). You can pause all blocking for a set duration from the app's main screen. When the pause expires, blocking resumes automatically. Parents can disable the Emergency Pause feature entirely to prevent children from bypassing restrictions.

When you add a custom app to your blocklist, you can choose from four blocking modes:

• Always Block — The app is blocked at all times
• Time Limit — The app is allowed for a set number of minutes per day, then blocked for the rest of the day
• Schedule — The app is blocked during specific hours (e.g., school hours or bedtime)
• Allowed — The app is explicitly allowed (useful for whitelisting apps within a group block)

The parental control feature allows a parent (on their own device) to remotely manage the restrictions on a child's device. The parent sets up a "Family" in the app, links the child's device, and can then configure all blocking settings — app blocks, website blocks, content filters, screen time limits, and schedules — from their own phone. Changes are pushed to the child's device in real time.

A parent can see the following information about their child's device:

• App usage statistics — which apps were used and for how long (by hour and by day)
• List of installed apps on the child's device
• Which permissions are currently active on the child's device
• Current restriction settings

A parent cannot see: messages, photos, browsing history, screen content, call logs, or any personal communications. The parental monitoring is limited to usage statistics and settings — not personal content.

When a parent changes a restriction setting, the change is saved to Kahf Guard's servers and a push notification is sent to the child's device via Firebase Cloud Messaging (FCM). The child's device receives the notification, fetches the updated settings from the server, and applies them immediately. This typically happens within a few seconds.

Yes. From the parent's app, you can request an immediate sync of app usage data and the installed apps list from the child's device. This triggers a push notification to the child's device, which then uploads the latest data to the server. The parent's app then refreshes to show the updated information.

Kahf Guard includes several anti-bypass protections:

• Uninstall prevention — prevents the app from being removed without authorization
• DNS change prevention — stops unauthorized changes to internet filtering settings
• Emergency pause disabling — removes the ability to temporarily bypass blocks
• Settings redirect — if a child tries to access Accessibility or DNS settings, the app redirects them away

A determined and technically sophisticated user may find ways around these protections (e.g., factory reset). No software solution is 100% bypass-proof. Kahf Guard is designed to make bypassing difficult and to require significant effort, which is sufficient for most use cases.

The accountability partner feature allows an adult to share their app usage statistics with a trusted person — a spouse, friend, or mentor — without giving that person control over their device. The accountability partner can see usage data and receive alerts, but cannot change settings. This is designed for adults who want voluntary accountability without full parental control.

All data transmitted between the app and our servers uses encrypted HTTPS connections (TLS). This means your data cannot be intercepted or read by anyone on the network between your device and our servers.

The Accessibility Service is a powerful permission that requires careful use. Kahf Guard uses it responsibly: the app only processes events from a specific, limited list of monitored apps, applies strict filters to minimize what data is even evaluated, processes all data in memory without writing to disk, and never transmits screen content to any server.

The risk with Accessibility Services comes from malicious apps that abuse the permission. Kahf Guard is open about exactly what it uses the permission for, and everything it does with it is documented in this FAQ.

No. Kahf Guard does not provide remote access, remote control, or remote viewing of your device. The parental control feature allows a parent to change restriction settings on a child's device — but this is limited to configuration changes (which apps and websites to block). It does not allow viewing the screen, reading messages, controlling the device, or accessing any personal content.

No. Kahf Guard does not contain any backdoors, hidden data collection, or undisclosed functionality. Everything the app does is documented in this FAQ. We believe in full transparency — if we collect data, we tell you. If we use a third-party service, we document it. If a permission is required, we explain why.

PostHog is our product analytics tool, hosted on our own servers. It records named events (like "user enabled a feature" or "user visited a screen") to help us understand how the app is used and where to improve it.

No, it does not record your screen. Our PostHog implementation has session replay explicitly turned off (sessionReplay = false). No typed text is recorded or transmitted. PostHog only receives the events we explicitly send to it — nothing else.

Kahf Guard uses Facebook advertising to reach people who need content protection. The Facebook SDK helps us measure whether our ads are effective — specifically, whether people who see our ads install the app. This is standard practice for virtually every app on the Play Store.

The Facebook SDK receives: app install and open events, subscription status, and a random advertising ID assigned by Google (not personally identifying). Your screen content, messages, and app activity are never shared with Facebook. We implement safeguards to limit what information is shared and are actively working to further restrict this in upcoming updates.

Firebase provides three separate services:

1. Firebase Analytics — Records usage events to help us understand how people use the app. In some cases, limited identifiers may be processed. We are actively working to minimize this.
2. Firebase Crashlytics — When the app crashes, a crash report is sent so we can fix the bug. The report includes technical information (error type, device model, OS version) and a server-generated user ID. It does not include your email, name, screen content, or any personal data.
3. Firebase Cloud Messaging (FCM) — Google's standard push notification service used by WhatsApp, Gmail, YouTube, and banking apps. In Kahf Guard, FCM is used to notify a child's device when a parent changes restriction settings and to trigger data syncs on demand.

The app uses public IP lookup services solely to detect your country — for prayer time calculations and language selection. When you first use the app, it contacts a geolocation service to determine which country you are in. Only your country name is saved to your device. Your IP address itself is not stored anywhere. This lookup happens once and the result is cached locally — the app does not repeatedly send your IP.

Our PostHog analytics has session replay explicitly turned off. No typed text is recorded or transmitted — not within Kahf Guard, and not within any other app. Our analytics records only named events — not how you interacted with those screens.

You can delete your account through the in-app settings. Go to More / Settings and select "Delete Account." This removes your account and all associated data from our servers. When you delete your account, all server-side data is removed and analytics identity is reset.

App usage data (screen time statistics) is retained for 28 days on our servers, after which it is automatically deleted. Account data is retained as long as your account is active. When you delete your account, all data is removed immediately. Crash reports are retained for 90 days for debugging purposes.

When you log out, your device is disconnected from your account. Local settings (which features are enabled) remain on your device, but the app stops syncing data with our servers. If you are a child device in a family, logging out disconnects you from the parent's management — the parent will no longer be able to manage your restrictions remotely until you log back in.

Data export is not currently available in the app. If you would like a copy of your data, please contact our support team at support@kahf.co and we will provide it in a readable format.

You have the right to access, correct, export, and delete your personal data at any time. You can exercise these rights through the in-app settings or by contacting support@kahf.co. For our complete legal privacy policy, visit kahfguard.com/privacy-policy.

Kahf Guard is designed to have minimal battery impact. The app only processes accessibility events from a specific list of monitored apps — it does not run continuous background scans. When no monitored app is active, the service is essentially idle. In our testing, the battery impact is comparable to other always-on services like notification listeners.

No. The content detection logic is highly optimized — each check takes microseconds. The app does not perform any heavy computation, network requests, or disk operations during normal use. You should not notice any performance difference with Kahf Guard running.

Android's battery optimization feature can kill background services to save power. If Kahf Guard is killed by battery optimization, your content blocking stops working silently — you would not know your protection is off until you open the app. Disabling battery optimization for Kahf Guard ensures the protection service stays running continuously. This is the same reason Google Family Link, parental control apps, and security apps request this exemption.

Android requires apps that run as foreground services to display a persistent notification. This is an Android requirement — not a choice by Kahf Guard. The notification serves two purposes: it tells you that protection is active, and it prevents Android from killing the service in the background. You can minimize the notification in your phone's notification settings if you find it distracting.

Kahf Guard offers three premium plans:

• Personal Pack — For individuals. Includes all premium features with 1 child device sync. Billed monthly.
• Family Pack — For families. Includes all premium features with unlimited device sync. Billed monthly.
• Yearly Pack — Save more by paying annually. Includes all premium features with 1 child device sync. Best value.

Current pricing is available on the app's subscription screen and at kahfguard.com.

The Barakah Pass is a free plan for users who genuinely cannot afford a premium subscription. It provides full access to all premium features at no cost. To apply, go to the subscription screen in the app and tap "I cannot afford it. Help me." at the bottom of the page. You will be asked to create an account and your application will be reviewed.

Yes. You can cancel at any time. The cancellation process depends on how you subscribed:

• Google Play — Go to Google Play Store > Subscriptions > Kahf Guard > Cancel
• bKash — Open the bKash app > Subscription > Payment Details > Kahf Bangladesh Ltd. > Cancel Subscription
• Other payment methods — Contact support@kahf.co

After cancellation, you retain access to premium features until the end of your current billing period. You will not be charged for the next billing cycle.

Kahf Guard accepts payments through:

• Google Play — Credit/debit cards, Google Pay, and any payment method linked to your Google account
• bKash — For users in Bangladesh

Additional payment methods may be available depending on your region. Check the app's subscription screen for the options available to you.