Remove corporate data from a mobile device
This feature is not available in the legacy free edition of Google Apps.
As a Google Apps administrator, you can use the admin console to remotely remove data from your users' device. You can choose to remote wipe the entire device or only erase Google Apps data.
Note: Before you Remote Wipe a device, you should sign the device’s accounts out of Hangouts to prevent stale Hangouts sessions from remaining online for up to 30 days.
When to choose Remote Wipe vs. Wipe account
- Select Remote Wipe when a device is lost or stolen to erase all data on the device and to do a factory reset. You can remote wipe an Android device with the Google Apps Device Policy app installed and any supported mobile device with Google Sync configured. All data is erased from the device (and SD card, if applicable), including email, calendar, contacts, photos, music, and a user's personal files.
Note that Remote Wipe erases the device’s internal storage. Your user's device must already have Device Policy (or Google Sync) configured. You cannot install Device Policy and run Remote Wipe retroactively. For Android 2.3+ devices, Remote Wipe also erases the device’s primary SD card, with the following limitations:Limitations with SD card wipe:
- Currently works only with Android 2.3+ devices
- Doesn’t work on all Android 2.3+ devices, such as Motorola Xoom devices and the Galaxy S4. We’re working on resolving this issue.
- Only the primary SD card can be wiped and not secondary cards.
- The SD card needs to be mounted in order to be wiped.
- Does a fast erase and not a secure erase of the SD card.
- Read-only SD cards will not be wiped.
- Select Wipe account to delete Google Apps data only from an Android Sync or iOS Sync device, while keeping the user’s personal files on their device. Wipe account functions similarly to removing an account. It deletes a user’s Google Apps account data, such as email, calendar, and contacts from the device’s internal storage. It’s useful for when a user who’s using their own device at work leaves your company.
- If your user has a Work Profile set up on their Android 5.0+ device that supports Android for Work, select Remote Wipe or Wipe Account to delete the entire Work Profile from their mobile device, regardless of how many accounts it contains. If your user has added the same account to both their Work Profile and Personal space, only the account in their Work Profile is deleted.
With Remote Wipe and Wipe Account, a user's Google Apps data remains available through a web browser or other authorized mobile devices.To remote wipe a lost or stolen device:
- Sign in to the Google Admin console.
- Click Device management > Mobile devices.
- Hover over the user whose device you want to wipe.
- Click Remote Wipe (or Wipe account) in the box that appears.
- A second box appears asking you to confirm that you want to remotely wipe the device. If you are sure you want to wipe the device, click Wipe Device (or Wipe account).
Google Apps displays a message that the device has been successfully wiped. On the next sync, all content will be deleted and the settings reset to the defaults for this device. For information about the remote wipe process, see the device's documentation.
A suspended user's device can't be wiped because it's not syncing with Google's servers. If you want to wipe the device or wipe the account of a suspended user, you first need to unsuspend the user.
About remote wipe on Android: Usually, the device receives the remote wipe command within a few seconds. However, sometimes the command doesn't reach the device right away, so the Device Policy app checks the server every three hours for a wipe command. Therefore, the maximum time before the device is wiped is about 3 hours, or when the device reconnects to the network.
Enable users to remotely wipe their devices
User remote wipe allows your users to remotely wipe their own device from their My Devices page. This feature is turned off by default, and it's currently only available for Android 2.2+ users who have the Device Policy app installed on their device.Follow these steps to enable this setting for users:
- Sign in to the Google Admin console.
- Click Device management > Mobile > Device management settings.
- Check the Allow user to remote wipe device box.
- Click Save Changes.
You can apply this setting to your whole organization or by organizational unit to enable remote wipe for only specific groups of users.
Once enabled, a user can remotely wipe their device by following these steps:
- Go to their My Devices page. The user will need to enter their password to access this page, even if they're already signed in to their account.
- Click Wipe Device.
A window appears with this warning text: This will wipe all application and personal data from your device. Anything that hasn't been synced will be lost. Are you sure you want to proceed?
- The user clicks Confirm to wipe the device.
Learn more about how users can wipe their devices.
Pros and Cons of enabling user remote wipe
Pro: Enabling this setting gives you more flexibility, in that your Android users can remotely wipe their device if they lose it, without having to go to you (the Google Apps administrator). If a user loses their device on a weekend or a holiday, they can wipe it immediately. You can also enable this setting by organizational unit, to allow and block specific users and groups in your organization to use this feature.
Con: Android users you enable this setting for can wipe their devices. If you fear that your users may accidentally wipe their phone from their My Devices page, not realizing what they're doing, don't enable this setting for those users.