OS vendors don't want to add this feature, though. That could be because they make their money from a percentage of IAPs and ads.
And when they are mandated, like in Brazil, we HN commenters hate that even more, because apparently in Brazil it's illegal to sell a phone without locked bootloader, or an OS that can run software from outside of an app store, because the user might install an OS or an app that doesn't comply with the child-lock law.
Well yes, they are actual real risks - a badly thought out law can literally make it illegal for a device to allow an adult to, say, unlock a device's bootloader to install open source software (EDIT: this example was in my comment before the OP edited theirs to add it there as well), because the device vendor can't guarantee that it will comply any more.
I don't think anybody is actually opposed to parental controls being mandated to ship in commercial operating systems, as long as it doesn't restrict the freedoms of adults to completely disable them or to install software that removes them or doesn't have them. The problem is when these features are forced on adults and restrict devices or computers 'just in case'.
IMHO a better approach would be two-layered tagging to indicate traffic from children.
Firstly traffic can be tagged by ISPs/cell phone companies, at the bill payer's behest (whose name and age has already been verified). Secondly, smartphone OSes can tag traffic at the behest of parental controls (which already exist).
And when they are mandated, like in Brazil, we HN commenters hate that even more, because apparently in Brazil it's illegal to sell a phone without locked bootloader, or an OS that can run software from outside of an app store, because the user might install an OS or an app that doesn't comply with the child-lock law.