Wednesday, March 5, 2014

Remote Wipe of Mobile Devices

A useful piece from the Google Apps Administrator Help Forum highlights some key considerations about remotely wiping data from a mobile device.
If your user has Google Sync configured on a supported mobile device or an Android device with the Google Apps Device Policy app installed, you can use the Google Admin console to Remote Wipe the device. Additionally, for Android 2.2 and higher devices, you can choose instead of remotely wiping the entire device to instead only erase Google Apps data from the device by selecting Wipe account.

When to choose Remote Wipe vs. Wipe account

  • Select Remote Wipe when a device is lost or stolen to erase all data on the device and to do a factory reset for the device. All data is erased from the device (and SD card, if applicable), including email, calendar, contacts, photos, music, and a user's personal files.
    Note that Remote Wipe erases the device’s internal storage. Your user's device must already have Google Sync or Device Policy configured. You cannot install Google Sync or Device Policy and run Remote Wipe retroactively. For Android 2.3+ devices, Remote Wipe also erases the device’s primary SD card, with the following limitations:

  • Select Wipe account to only delete the Google Apps data from an Android device, but keep the user’s personal files on their device. Wipe account functions similar to removing an account on Android. It deletes a user’s Google Apps account data, such as email, calendar, and contacts from the device’s internal storage. It’s useful for when a user who’s using his own device at work leaves your company.
With both options, a user's Google Apps data remains available through a web browser or other authorized mobile devices.

Enable users to remotely wipe their devices

User remote wipe allows your users to remotely wipe their own device from their My Devices page. This feature is turned off by default, and it's currently only available for Android 2.2+ users who have the Device Policy app installed on their device.

Pros and Cons of enabling user remote wipe

Pro: Enabling this setting gives you more flexibility, in that your Android users can remotely wipe their device if they lose it, without having to go to you (the Google Apps administrator). If a user loses his device on a weekend or a holiday, he can wipe it immediately. You can also enable this setting by organizational unit, to allow and block specific users and groups in your organization to use this feature.

Con: Android users you enable this setting for can wipe their devices. If you fear that your users may accidentally wipe their phone from their My Devices page, not realizing what they're doing, don't enable this setting for those users.