The issue is, and always will be, 3rd party trust. You cannot assume your child is safe using XYZ until you thoroughly audit the app/game/device and enumerate all their loopholes, plug-ins, and rushed updates. The sensical method would be a device-wide deny all firewall rule, where no TCP connection is allowed in or out without explicit parental consent. E.g. Alice wants to chat with Bob via chatmonkey. Approve this one time connection? Good luck finding anything on the market that supports and enforces this very sane level of parental control.

To concur, the principle with guarding your children is the same as the principle of guarding your software systems.

Defense in depth. Multiple layers. Calender reminders to audit devices, usage, and look at router logs. Check in with your kids.