Help Center

Local Navigation

Deleting all device data from the device storage space

A BlackBerry® device is designed to permanently delete the following data from the NV store, application storage, and built-in media storage:
  • all BlackBerry device user data
  • any references to your organization’s PIN encryption key
  • any references to the device transport key
  • if applicable, authentication information (for example, the binding information of the smart card)
  • IT policy public key
  • if you reset the device to the factory default settings, any references to past hashes of the device password
  • record of time that elapsed since the user last turned on the device
  • if you reset the device to the factory default settings, the IT policy that is stored on the device
  • if a user selects the Include third party applications option or the User Installation Application option on the device, all third-party applications and application data

If you or a user turned on content protection, the device uses a memory-scrub process to overwrite the application storage on the device and built-in media storage. The memory-scrub process complies with United States government requirements for deleting sensitive user data, including US Department of Defense Directive 5220.22-M and NIST Special Publication 800-88.

For BlackBerry® Device Software 5.0 and later, if you configure the Media Card Format on Device Wipe IT policy rule, the device can delete all user data from a media card. By default, the user can choose to delete third-party applications and the user data on the media card when the user permanently deletes all device data.

When a device deletes all device data

The BlackBerry® device is designed to delete all device data from the device storage space when any of the following events occurs:
  • The user clicks Wipe Device, Wipe Handheld, or Security Wipe in the security options on the device.
  • The user types the device password incorrectly more times than the Set Maximum Password Attempts IT policy rule or the password option on the device permits. The default value is ten attempts.
  • The user runs the application loader tool and types the device password incorrectly more times than the Set Maximum Password Attempts IT policy rule permits.
  • The user uses the application loader tool to delete all user data and application data on the device. The user can choose not to delete the device applications.
  • You send the Delete all device data and remove device IT administration command to the device with or without a delay (in hours), to the device. The maximum delay is 168 hours (7 days).
  • You click the Remove user data from current device option in the BlackBerry Administration Service after you connect the device to the BlackBerry Administration Service. This option deletes all data and applications from the device even if service books do not exist on the device.

For more information about the security options on the device, see the user guide for the device.

Using IT policy rules to specify when a device must delete device data

You can configure the following IT policy rules to require that a BlackBerry® device automatically deletes device data after a specific time or under specific conditions.

IT policy rule

Description

Secure Wipe Delay After IT Policy Received

This rule specifies the length of time (in hours) after a device receives an IT policy update or the Delete all device data and remove device IT administration command before the device deletes all BlackBerry device user data.

Secure Wipe Delay After Lock

This rule specifies the length of time (in hours) after a device locks before the device deletes all user data.

Secure Wipe if Low Battery

This rule specifies whether a device deletes all user data if the battery power level is low enough that the BlackBerry device turns off the wireless transceiver.

For more information, see the BlackBerry Enterprise Server Policy Reference Guide.

Resetting a device to factory default settings

When a BlackBerry® device resets to the factory default settings, the device overwrites the device storage space. If you or a BlackBerry device user turned on content protection, the device also uses a memory-scrub process to overwrite the application storage on the device and built-in media storage. When the device runs the memory-scrub process, it deletes any residual unmapped data.

You can use the Reset to Factory Defaults on Wipe IT policy rule to require that a device reset to the factory default settings when the device receives the Delete all device data and remove device IT administration command over the wireless network. When you change the value for the IT policy rule to Yes and send the IT administration command to the device, the device resets to the factory default settings and permanently deletes all applicable device data from the device storage space. If the device is running BlackBerry® Device Software 4.5 or later, the device also deletes the Reset to Factory Defaults on Wipe IT policy and removes third-party applications.

If the device is running BlackBerry Device Software 4.5 or later and you change the value for the IT policy rule to Yes, the device resets to factory default settings when you send the IT administration command, when the user permanently deletes device data, or when the user exceeds the maximum number of times the user can try to type the device password.

Process flow: Deleting all device data from a device

When you delete all BlackBerry® device data from a device using the Delete all device data and remove device IT administration command, the device performs the following actions:

  1. Adds a Device Under Attack flag to the NV store

    If a user removes the battery or the battery power drops to zero before the device deletes all data, when the user replaces the battery, the process continues because the Device Under Attack flag is still present.

  2. Restarts
  3. Deletes the IT policy public key from the NV store to remove the binding between the device and the BlackBerry® Enterprise Server

    The device can bind to another BlackBerry Enterprise Server at a later time. The device does not use the memory-scrub process to overwrite the IT policy public key because it is not a protected or hidden value.

  4. If applicable, deletes authentication information from the NV store

    For example, the device deletes the binding information for the smart card. The device can bind to another smart card at a later time.

  5. Deletes data in the persistent store in application storage, including references to the device transport key and the copy of the principal encryption key
  6. If you or a BlackBerry device user turned on content protection, overwrites the copy of the principal encryption key with zeroes
  7. If applicable, formats the built-in media storage on the device
  8. Overwrites the application storage with zeroes
  9. Deletes the device password from the NV store
  10. If you or a user turned on content protection, the memory-scrub process overwrites the file system of the device application storage and built-in media storage

    The memory-scrub process overwrites the device heap in RAM, which changes the state of each bit four times.

  11. If you or a user specified that the data on the media card must be deleted, the memory-scrub process overwrites the media card
  12. Deletes the Device Under Attack flag from the NV store

Was this information helpful? Send us your comments.