Commands for mobile devices
Kaspersky Security Center supports commands for remote mobile device management. For instance, if a mobile device is lost or stolen, you can send commands to locate the device or wipe all corporate data from the device.
You can send commands to the following types of managed mobile devices:
- Android devices managed via the Kaspersky Endpoint Security for Android app
- iOS MDM devices
Each device type supports a dedicated set of commands.
You can cancel commands in the Command history.
Commands may be delivered almost immediately to devices connected to the internet. As a result, they may fail to cancel despite being displayed as canceled.
Commands for Android devices
Command |
Result |
|
|---|---|---|
Lock device |
The mobile device is locked. To obtain access to data, you must unlock the device using the Unlock device command or a one-time passcode. |
|
Unlock device |
The mobile device is unlocked. After unlocking a device running Android 5 – 6, the screen unlock password is reset to "1234". After unlocking a device running Android 7 or later, the screen unlock password is not changed. |
|
Reset to factory settings |
All data is deleted from the mobile device and the settings are rolled back to their factory values. After this command is executed, the device will not be able to receive or execute subsequent commands. This command is unavailable for personal devices and devices with a corporate container running Android 14 or later. |
|
Wipe corporate data |
Corporate data is wiped from the device. The list of wiped data depends on the mode the device is operating in:
|
|
Synchronize device |
The mobile device data is synchronized with the Administration Server. The Executed status may be displayed when the command has been successfully sent but not yet received by the device. |
|
Locate device |
The mobile device's location coordinates are obtained. To view the device location on a map, go to the Assets (Devices) → Mobile → Devices section. Then choose a device and select Command history → Locate device → Device coordinates → Open Maps. On devices running Android 12 or later, if the user granted the "Use approximate location" permission, the Kaspersky Endpoint Security for Android app first tries to get the precise device location. If this is not successful, the approximate device location is returned only if it was received within the past 30 minutes. Otherwise, the command fails. This command does not work on Android devices if Google Location Accuracy is disabled in the settings. Please be aware that not all Android devices come with this location setting. |
|
Take photos |
The mobile device is locked. Photos are taken using the front camera of the device when somebody attempts to unlock the device. On devices with a pop-up front camera, the photo will be black if the camera is stowed. When attempting to unlock the device, the user automatically consents to having their photo taken on the device. If the permission to use the camera has been revoked, the mobile device displays a notification and prompts to provide the permission. On a mobile device running Android 12 or later, if the permission to use the camera has been revoked via Quick Settings, the notification is not displayed but the taken photo is black. |
|
Sound alarm |
The mobile device sounds an alarm. The alarm is sounded for 5 minutes (or for 1 minute if the device battery is low). |
|
Wipe app data |
The data of a specified app is wiped from the mobile device. For this action, you need to specify the package name for the app whose data is to be deleted. |
|
Wipe data of all apps |
The data of all apps is wiped from the mobile device. On a corporate device, the data of all apps on the device is wiped. |
|
Send message |
A message with the specified title and text is sent to the user's mobile device. You can send only a push notification or both a push notification and an alert. |
|
Get location history |
The mobile device's location history for the last 14 days is displayed. To view the device location on a map, go to the Assets (Devices) → Mobile → Devices section. Then choose a device and select Command history → Get location history → View on map. Due to technical limitations on Android devices, the device location may be retrieved less often than specified in the Location tracking settings. |
|
Commands for iOS MDM devices
Command |
Result |
|---|---|
Lock device |
The mobile device is locked. To access data, you must unlock the device. |
Reset unlock password |
The mobile device's screen unlock password is reset, and the user is prompted to set a new password in accordance with policy requirements. |
Reset to factory settings |
All data is deleted from the mobile device and the settings are rolled back to their factory values. After this command is executed, the device will not be able to receive or execute subsequent commands. |
Wipe corporate data |
All installed configuration profiles, the device management profile, and apps for which the Remove when device management profile is deleted check box has been selected are removed from the device. |
Synchronize device |
The mobile device data is synchronized with the Administration Server. |
Install configuration profile |
A configuration profile is installed on the mobile device. You cannot install a configuration profile with settings for a supervised device on a device in basic control mode. |
Delete configuration profile |
The configuration profile is deleted from the mobile device. The profile may be displayed in the list of configuration profiles installed on the device for several minutes after it has been deleted. |
Install app |
The specified app is installed on the mobile device. |
Update app |
The specified app is updated on the mobile device. |
Delete app |
The specified app is removed from the mobile device. |
OS update (supervised only) |
Operating system updates are scheduled on the mobile device according to the specified update settings. This command may fail to be executed when a device does not have enough storage space or the specified OS version is not available for the selected device. We recommend specifying the latest available OS version. |
Change roaming settings |
Data roaming and voice roaming are enabled or disabled. |
Set Bluetooth state (supervised only) |
Bluetooth is enabled or disabled on the mobile device. This command is supported only for supervised devices running iOS 11.3 or later. |
Enable Lost Mode (supervised only) |
Lost Mode is enabled on the supervised mobile device, and the device is locked. The device screen shows a message and phone number that you can edit. If you send the Enable Lost Mode command to a supervised iOS MDM device without a SIM card and this device is restarted, the device won't be able to connect to Wi-Fi and receive the Disable Lost Mode command. This is a specific feature of iOS devices. To avoid this issue, you can either send the command only to devices with a SIM card, or insert a SIM card into the locked device to allow it to receive the Disable Lost Mode command over the mobile network. |
Locate device (Lost Mode only) |
The location of the mobile device is obtained. |
Sound alarm (Lost Mode only) |
A sound is played on the lost mobile device. |
Disable Lost Mode (supervised only) |
Lost Mode is disabled on the mobile device, and the device is unlocked. |
Permissions for executing commands
Special rights and permissions are required for executing Kaspersky Endpoint Security for Android commands. When the Initial Configuration Wizard is running, Kaspersky Endpoint Security for Android prompts the user to grant the application all required rights and permissions. The user can skip these steps or later disable these permissions in the device settings. If this is the case, it will be impossible to execute commands.
On devices running Android 10 or later, the user must grant the "All the time" permission to access the location. On devices running Android 11 or later, the user must also grant the "While using the app" permission to access the camera. Otherwise, Anti-Theft commands will not function. The user will be notified of this limitation and will again be prompted to grant the required level of permissions. If the user selects the "Only this time" option for the camera permission, access is considered granted by the app. We recommend contacting the user directly if the Camera permission is requested again.