Sending commands to a lost or stolen mobile device
To protect data on a mobile device that is lost or stolen, you can send special commands.
You can send commands to the following types of managed mobile devices:
- Android devices managed via the Kaspersky Endpoint Security for Android app
- iOS MDM devices
Each device type supports a dedicated set of commands (see the tables below).
Commands for Android devices
Commands for protecting data on a lost or stolen Android device
Command | Command execution result |
|---|---|
Lock | The mobile device is locked. To obtain access to data, you must unlock the device. |
Unlock | The mobile device is unlocked. After unlocking a device running Android 5.0 – 6.Х, the screen unlock password is reset to "1234". After unlocking a device running Android 7.0 or later, the screen unlock password is not changed. |
Locate device | The mobile device's location coordinates are obtained. On devices running Android 12 or later, if the user granted the "Use approximate location" permission, the Kaspersky Endpoint Security for Android app first tries to get the precise device location. If this is not successful, the approximate device location is returned only if it was received not more than 30 minutes earlier. Otherwise, the Locate device command fails. The Locate device command does not work on Android devices if Google Location Accuracy is disabled in settings. Please be aware that not all Android devices come with this location setting. |
Mugshot | The mobile device is locked. The mugshot photo is taken by the front camera of the device when somebody attempts to unlock the device. On devices with a pop-up front camera, the photo will be black if the camera is stowed. When attempting to unlock the device, the user automatically consents to the mugshot. If the permission to use the camera has been revoked, the mobile device displays a notification and prompts to provide the permission. On a mobile device running Android 12 or later, if the permission to use camera has been revoked via Quick Settings, the notification is not displayed but the photo taken is black. |
Alarm | The mobile device sounds an alarm. The alarm is sounded for 5 minutes (or for 1 minute if the device battery is low). |
Wipe app data | The data of a specified app is wiped from the mobile device. The action is only applicable to devices running Android 9.0 and later in device owner mode or with created Android work profile. |
Wipe data of all apps | The data of all apps is wiped from the mobile device. The action is only applicable to devices running Android 9.0 and later in device owner mode or with created Android work profile. |
Wipe corporate data | The corporate data is wiped from the device. The list of wiped data depends on the mode in which the device operates:
|
Reset to factory settings | All data is deleted from the mobile device and the settings are rolled back to their factory values. After this command is executed, the device will not be able to receive or execute subsequent commands. |
Commands for iOS MDM devices
Commands for protecting data on a lost or stolen iOS MDM device
Command | Command execution result |
|---|---|
Lock | The mobile device is locked. To obtain access to data, you must unlock the device. |
Reset password | The mobile device's screen unlock password is reset, and the user is prompted to set a new password in accordance with policy requirements. |
Wipe corporate data | All installed configuration profiles, provisioning profiles, the iOS MDM profile, and applications for which the Remove together with iOS MDM profile check box has been selected are removed from the device. |
Reset to factory settings | All data is deleted from the mobile device and the settings are rolled back to their factory values. After this command is executed, the device will not be able to receive or execute subsequent commands. |
Enable Lost Mode (supervised only) | Lost Mode is enabled on the supervised mobile device, and the device is locked. The device screen shows the message and phone number that you can edit. If you send the Enable Lost Mode command to a supervised iOS MDM device without a SIM card and this device is restarted, the device won't be able to connect to Wi-Fi and receive the Disable Lost Mode command. This is a specific feature of iOS devices. To avoid this issue, you can either send the command only to devices with a SIM card, or insert a SIM card into the locked device to allow it to receive the Disable Lost Mode command over the mobile network. |
Locate device (supervised only) | The location of the mobile device is obtained. You can click the link in the command log to view device coordinates and check the device location on a map. This command is supported only for supervised devices that are in Lost Mode. |
Play sound (supervised only) | The sound is played on the lost mobile device. This command is supported only for supervised devices that are in Lost Mode. |
Disable Lost Mode (supervised only) | Lost Mode is disabled on the mobile device, and the device is unlocked. This command is supported only for supervised devices. |
Special rights and permissions are required for the execution of commands of Kaspersky Endpoint Security for Android. When the Initial Configuration Wizard is running, Kaspersky Endpoint Security for Android prompts the user to grant the application all required rights and permissions. The user can skip these steps or disable these permissions in the device settings at a later time. If this is the case, it will be impossible to execute commands.
On devices running Android 10.0 or later, the user must grant the "All the time" permission to access the location. On devices running Android 11.0 or later, the user must also grant the "While using the app" permission to access camera. Otherwise, Anti-Theft commands will not function. The user will be notified of this limitation and will again be prompted to grant the permissions of required level. If the user selects the "Only this time" option for the camera permission, access is considered granted by the app. It is recommended to contact the user directly if the Camera permission is requested again.
For the complete list of available commands, please refer to the "Commands for mobile devices" section. To learn more about sending commands from Administration Console, please refer to the "Sending commands" section.
