Sending commands to a lost or stolen mobile device
To protect data on a mobile device that is lost or stolen, you can send special commands.
You can send commands to the following types of managed mobile devices:
- Android devices managed via the Kaspersky Endpoint Security for Android app
- iOS MDM devices
Each device type supports a specific set of commands (see the tables below).
Commands for Android devices
Commands for protecting data on a lost or stolen Android device
Command |
Result |
|
|---|---|---|
Lock device |
The mobile device is locked. To obtain access to data, you must unlock the device using the Unlock device command or a one-time passcode. |
|
Unlock device |
The mobile device is unlocked. After unlocking a device running Android 5 – 6, the screen unlock password is reset to "1234". After unlocking a device running Android 7 or later, the screen unlock password is not changed. |
|
Reset to factory settings |
All data is deleted from the mobile device and the settings are rolled back to their factory values. After this command is executed, the device will not be able to receive or execute subsequent commands. This command is unavailable for personal devices and devices with a corporate container running Android 14 or later. |
|
Wipe corporate data |
Corporate data is wiped from the device. The list of wiped data depends on the mode the device is operating in:
|
|
Locate device |
The mobile device's location coordinates are obtained. To view the device location on a map, go to the Assets (Devices) → Mobile → Devices section. Then choose a device and select Command history → Locate device → Device coordinates → Open Maps. On devices running Android 12 or later, if the user granted the "Use approximate location" permission, the Kaspersky Endpoint Security for Android app first tries to get the precise device location. If this is not successful, the approximate device location is returned only if it was received within the past 30 minutes. Otherwise, the command fails. This command does not work on Android devices if Google Location Accuracy is disabled in the settings. Please be aware that not all Android devices come with this location setting. |
|
Take photos |
The mobile device is locked. Photos are taken using the front camera of the device when somebody attempts to unlock the device. On devices with a pop-up front camera, the photo will be black if the camera is stowed. When attempting to unlock the device, the user automatically consents to having their photo taken on the device. If the permission to use the camera has been revoked, the mobile device displays a notification and prompts to provide the permission. On a mobile device running Android 12 or later, if the permission to use the camera has been revoked via Quick Settings, the notification is not displayed but the taken photo is black. |
|
Sound alarm |
The mobile device sounds an alarm. The alarm is sounded for 5 minutes (or for 1 minute if the device battery is low). |
|
Wipe app data |
The data of a specified app is wiped from the mobile device. For this action, you need to specify the package name for the app whose data is to be deleted. |
|
Wipe data of all apps |
The data of all apps is wiped from the mobile device. On a corporate device, the data of all apps on the device is wiped. |
|
Get location history |
The mobile device's location history for the last 14 days is displayed. To view the device location on a map, go to the Assets (Devices) → Mobile → Devices section. Then choose a device and select Command history → Get location history → View on map. Due to technical limitations on Android devices, the device location may be retrieved less often than specified in the Location tracking settings. |
|
Commands for iOS MDM devices
Commands for protecting data on a lost or stolen iOS MDM device
Command |
Result |
|---|---|
Lock device |
The mobile device is locked. To access data, you must unlock the device. |
Reset unlock password |
The mobile device's screen unlock password is reset, and the user is prompted to set a new password in accordance with policy requirements. |
Reset to factory settings |
All data is deleted from the mobile device and the settings are rolled back to their factory values. After this command is executed, the device will not be able to receive or execute subsequent commands. |
Wipe corporate data |
All installed configuration profiles, provisioning profiles, the iOS MDM profile, and apps for which the Remove when device management profile is deleted check box has been selected are removed from the device. |
Enable Lost Mode (supervised only) |
Lost Mode is enabled on the supervised mobile device, and the device is locked. The device screen shows a message and phone number that you can edit. If you send the Enable Lost Mode command to a supervised iOS MDM device without a SIM card and this device is restarted, the device won't be able to connect to Wi-Fi and receive the Disable Lost Mode command. This is a specific feature of iOS devices. To avoid this issue, you can either send the command only to devices with a SIM card, or insert a SIM card into the locked device to allow it to receive the Disable Lost Mode command over the mobile network. |
Locate device (Lost Mode only) |
The location of the mobile device is obtained. To view the device location on a map, go to the Assets (Devices) → Mobile → Devices section. Then choose a device and select Command history → Locate device → Device coordinates → Open Maps. |
Sound alarm (Lost Mode only) |
A sound is played on the lost mobile device. |
Disable Lost Mode (supervised only) |
Lost Mode is disabled on the mobile device, and the device is unlocked. |
Permissions for executing commands
Special rights and permissions are required for executing Kaspersky Endpoint Security for Android commands. When the Initial Configuration Wizard is running, Kaspersky Endpoint Security for Android prompts the user to grant the application all required rights and permissions. The user can skip these steps or later disable these permissions in the device settings. If this is the case, it will be impossible to execute commands.
On devices running Android 10 or later, the user must grant the "All the time" permission to access the location. On devices running Android 11 or later, the user must also grant the "While using the app" permission to access the camera. Otherwise, Anti-Theft commands will not function. The user will be notified of this limitation and will again be prompted to grant the required level of permissions. If the user selects the "Only this time" option for the camera permission, access is considered granted by the app. We recommend contacting the user directly if the Camera permission is requested again.
For the complete list of available commands, please refer to the Commands for mobile devices section. To learn more about sending commands from Administration Console, please refer to the Sending commands section.