Mobile Threat Catalogue

Personal Data Deletion


Threat Category: Enterprise Mobility


Threat Description: Personal data may be intentionally or unintentionally wiped from devices, by MDM administrators or attackers.

Threat Origin

Personal Data Security and the ‘‘BYOD’’ problem: Who is Truly at Risk? 1

Exploit Examples

Not Applicable

CVE Examples

Not Applicable

Possible Countermeasures


Consider the use of EMM/MDM solutions that can be configured to require dual authorization (two administrative users) to trigger device wipe functions, or at a minimum, solutions for which wiping functions involve multiple steps to complete.

To enable recovery of personal data wiped from a managed device, provide a mechanism for users to preserve personal data, such as encrypted back-ups to the native cloud service (e.g. iCloud Backup & Storage).

To limit the potential loss of personal data, encourage users of enrolled devices to use authorized mechanisms for the synchronization or transfer of personal data to external systems not subject to remote wipe by enterprise EMM solutions.

Educate users regarding the risks to any personal data generated on an enrolled mobile device.


  1. D. Denslow, “Personal Data Security and the “BYOD” Problem: Who is Truly at Risk?”, blog, 19 Nov. 2014; [accessed 8/24/2016]