Remote Wipe a Mobile Device
Editions supported: Google Apps for Business, Education, and Government.
If your user has Google Sync configured on a supported mobile device or an Android device with the Google Apps Device Policy app installed, you can use the Google Admin console to Remote Wipe the device. Additionally, for Android 2.2 and higher devices, you can choose instead of remotely wiping the entire device to instead only erase Google Apps data from the device by selecting Wipe account.
When to choose Remote Wipe vs. Wipe account
- Select Remote Wipe when a device is lost or stolen to erase all data on the device and to do a factory reset for the device. All data is erased from the device (and SD card, if applicable), including email, calendar, contacts, photos, music, and a user's personal files.
Note that Remote Wipe erases the device’s internal storage. Your user's device must already have Google Sync or Device Policy configured. You cannot install Google Sync or Device Policy and run Remote Wipe retroactively. For Android 2.3+ devices, Remote Wipe also erases the device’s primary SD card, with the following limitations:Limitations with SD card wipe:
- Currently works only with Android 2.3+ devices
- Doesn’t work on all Android 2.3+ devices, such as Motorola Xoom devices and the Galaxy S4. We’re working on resolving this issue.
- Only the primary SD card can be wiped and not secondary cards.
- The SD card needs to be mounted in order to be wiped.
- Does a fast erase and not a secure erase of the SD card.
- Read-only SD cards will not be wiped.
- Select Wipe account to only delete the Google Apps data from an Android device, but keep the user’s personal files on their device. Wipe account functions similar to removing an account on Android. It deletes a user’s Google Apps account data, such as email, calendar, and contacts from the device’s internal storage. It’s useful for when a user who’s using his own device at work leaves your company.
With both options, a user's Google Apps data remains available through a web browser or other authorized mobile devices.To remote wipe a lost or stolen device:
- Sign in to the Google Admin console.
Click Device management > Managed devices.
Note: If Chrome Management is enabled, go to Device management > Mobile > Managed devices.
- Hover your cursor over the user whose device you want to wipe.
- Click Remote Wipe (or Wipe account) in the box that appears.
- A second box appears asking you to confirm that you want to remotely wipe the device. If you are sure you want to wipe the device, click Wipe Device (or Wipe account).
Google Apps displays a message that the device has been successfully wiped. On the next sync, all content will be deleted and the settings reset to the defaults for this device. For information about the remote wipe process, see the device's documentation.
A suspended user's device can't be wiped because it's not syncing with Google's servers. If you want to wipe the device or wipe the account of a suspended user, you first need to unsuspend the user.
About remote wipe on Android: Usually, the device receives the remote wipe command within a few seconds. However, sometimes the command doesn't reach the device right away, so the Device Policy app checks the server every three hours for a wipe command. Therefore, the maximum time before the device is wiped is about 3 hours, or when the device reconnects to the network.
Enable users to remotely wipe their devices
User remote wipe allows your users to remotely wipe their own device from their My Devices page. This feature is turned off by default, and it's currently only available for Android 2.2+ users who have the Device Policy app installed on their device.Follow these steps to enable this setting for users:
- Sign in to the Google Admin console.
- Click Device management > Device management settings
- Enable Allow user to remote wipe device.
- Click Save changes at the bottom of your screen.
You can apply this setting to your whole organization or by organizational unit to enable remote wipe for only specific groups of users.
Once enabled, a user can remotely wipe their device by following these steps:
- Go to their My Devices page. The user will need to enter their password to access this page, even if they're already signed in to their account.
- Click Wipe Device.
A window appears with this warning text: This will wipe all application and personal data from your device. Anything that hasn't been synced will be lost. Are you sure you want to proceed?
- The user clicks Confirm to wipe the device.
Learn more about how users can wipe their devices.
Pros and Cons of enabling user remote wipe
Pro: Enabling this setting gives you more flexibility, in that your Android users can remotely wipe their device if they lose it, without having to go to you (the Google Apps administrator). If a user loses his device on a weekend or a holiday, he can wipe it immediately. You can also enable this setting by organizational unit, to allow and block specific users and groups in your organization to use this feature.
Con: Android users you enable this setting for can wipe their devices. If you fear that your users may accidentally wipe their phone from their My Devices page, not realizing what they're doing, don't enable this setting for those users.