Search
Clear search
Close search
Google apps
Main menu

Remove corporate data from a mobile device

As an administrator, you can remotely remove data from your users' devices. You can choose to erase all data on the device (remote wipe) or only remove G Suite data (wipe account). Whichever method you choose, the user’s G Suite data will still be available through a web browser and other authorized mobile devices.

When to choose remote wipe or wipe account

  Remote wipe Wipe account
Description
  • Erases all data on the device and SD card (if applicable, see limitations) including email, calendar, contacts, photos, music, and a user's personal files.
  • Factory resets devices that don’t have a work profile set up. For devices with a work profile, the work profile is deleted. The device isn’t reset.
  • Deletes G Suite data, including email, calendar, and contacts.
  • Keeps the user’s personal files on the device.
When to use it
  • If a personal or company owned device is lost or stolen.
  • If a user using a personal device at work leaves your company.
  • If a personal device is lost or stolen.
Available for
  • Mobile devices that are managed with advanced mobile management. The managed device must have the Google Apps Device Policy app (for Android), a device policy profile (for iOS), or Google Sync configured.
  • Personal and company-owned  devices.
  • Android and iOS devices.
  • Personal devices only. (Wipe account is not available for company-owned devices.)

Notes:

  • Before you use Remote wipe to remove data from a device, you should sign the device’s accounts out of Hangouts to prevent stale sessions from remaining online for up to 30 days.
  • If a work profile is set up, Remote wipe and Wipe account will delete the entire work profile from the device, regardless of how many accounts it contains. The device is not factory reset when the work profile is removed. If the user added the same account to their work profile and personal space, only the account in their work profile is deleted.

Remotely remove data from a device

As an administrator, you can remove data from a device remotely via the Admin console. Or, you can allow users to remotely wipe their own device from their My Devices page.

Remove data remotely via the Admin console
  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console dashboard, go to Device management.

    To see Device management, you might have to click More controls at the bottom.

  3. Click Mobile devices.
  4. Hover over the user whose device you want to wipe.
  5. Click Remote Wipe or Wipe account.
  6. If you're sure you want to wipe the device or account, click Wipe Device or Wipe account.

It will take a few minutes for data to be removed from the device. On the next sync, all content will be deleted and the settings reset to the defaults for the device. For information about the remote wipe process, see the device's documentation.

A suspended user's device can't be wiped because it's not syncing with Google's servers. If you want to wipe the device or wipe the account of a suspended user, unsuspend the user first.

About remote wipe on Android: Usually, the device receives the remote wipe command within a few seconds. However, sometimes the command doesn't reach the device right away, so the Google Apps Device Policy app checks the server every 3 hours for a wipe command. Therefore, the maximum time before the device is wiped is about 3 hours, or when the device reconnects to the network.

Enable users to remotely wipe their devices

Note: This setting is currently only available for Android 2.2 Froyo and later devices with the Google Apps Device Policy app installed.

To enable this setting for users:

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console dashboard, go to Device management.

    To see Device management, you might have to click More controls at the bottom.

  3. Click Android settings > General settings.
  4. Check the Allow user to remote wipe device from Device Manager box.
  5. Click Save.

Once enabled, users can remotely wipe their own device. You can apply this setting to your whole organization or by organizational unit to enable remote wipe for only specific groups of users.

Pros and Cons of enabling user remote wipe

Pro: Enabling this setting gives you more flexibility. Android users can remotely wipe their own device if they lose it. If a user loses their device on a weekend or a holiday, they can wipe it immediately. You can also enable this setting by organizational unit, to allow and block specific users and groups in your organization to use this feature.

Con: Android users you enable this setting for can wipe their devices. If you fear that your users may accidentally wipe their phone from their My Devices page, not realizing what they're doing, don't enable this setting for those users.

Limitations with SD card wipe

  • Works only with Android 2.3 Gingerbread and later devices.
  • Doesn’t work on all Android 2.3+ devices, such as Motorola Xoom devices and the Galaxy S4. We’re working on resolving this issue.
  • Only the primary SD card can be wiped. Secondary cards can’t be wiped.
  • The SD card needs to be mounted to be wiped.
  • Does a fast erase and not a secure erase of the SD card.
  • Read-only SD cards are not wiped.
Was this article helpful?
How can we improve it?
Sign in to your account

Get account-specific help by signing in with your G Suite account email address, or learn how to get started with G Suite.