KiwiCloud supports multiple remote operations on registered GMA devices, divided into batch operations and single-device operations. Remote operations are a key capability module for the platform to achieve real-time management, policy distribution, and security control.
1. Overview of Operations
Operation Name | Batch Action | Single Device Action | Description |
Add to Group | ✅ |
| Add selected devices to one or more device groups. If the group is associated with policies, you can choose whether to immediately push those policies to the devices; if not selected, the policies are only associated but not yet distributed. |
Associate Device Policy | ✅ | ✅ | Bind the selected devices to a device policy. You can choose to immediately push the policy; otherwise, only the binding is established, and the policy will be distributed during the next update. |
Associate App Policy | ✅ | ✅ | Assign and associate an application policy to one or more devices. Supports immediate push or deferred push after association. |
Associate File Distribution Policy | ✅ | ✅ | Assign and distribute file policies to one or more devices. Multiple policies can be selected, and files are distributed as configured without duplication. |
Remote Restart | ✅ | ✅ | Send a restart command to one or more devices, suitable for scenarios like remote diagnosis, configuration updates, or version deployment. |
Delete Device | ✅ |
| Remove devices from the platform’s device list and unbind them from management. This will not uninstall apps or erase data. The operation is irreversible, so execute with caution. |
Clear App Data | ✅ | ✅ | Clear local app data (cache, configs, login info, etc.) on the target device without uninstalling apps. Useful for account reset or recovery but may impact usage. |
Enable/Disable Lost Mode |
| ✅ | Place the device into “Lost Mode.” The device will be locked and display a warning message, restricting user operations—suitable for lost or stolen devices. |
Lock Device |
| ✅ | Remotely lock the device screen to prevent unauthorized use; supports custom lock screen messages. |
Unlock Device |
| ✅ | Clear the current lock state (including those triggered by policies or Lost Mode) to restore availability. |
Locate Device |
| ✅ | Obtain the device’s most recent location (requires online status and location permission) for recovery or troubleshooting. |
Remote Assistance |
| ✅ | Initiate a remote assistance session for troubleshooting (may require device-side confirmation). Helps quickly identify and resolve issues. |
Revoke Configuration |
| ✅ | Unbind the device from current policies and reset platform-issued settings for redeployment; device record is retained. |
Restore Default Policy |
| ✅ | Reset the device to the default policy stack, clearing temporary/abnormal configurations to restore stability. |
2. Bulk Device Operations
2.1 Add to Group
Description
The Add to Group feature allows administrators to add selected devices to one or more existing device groups. If the target group is already associated with device policies, app policies, or file distribution policies, administrators can decide whether to immediately push these policies to the newly added devices.
Select Groups: Choose one or more target groups.
Apply Group Policies: Single-choice option that determines whether to immediately apply the selected group’s policies to the devices.
Only Push Policies to New Devices: Checked by default. This ensures that existing group policies are pushed only to the newly added devices. If unchecked, the devices will only be added to the group without receiving policies immediately.
Effective After Submission: Once confirmed, the selected devices are immediately added to the group, and policies are applied according to the chosen configuration.
Notes
A device can belong to multiple groups simultaneously.
During bulk operations, if a device is already in the target group, the system automatically ignores duplicate entries.
Final policy application follows the principle of “module-level merging, with the latest policy taking precedence in the same module.”
Offline devices will still be added to the group, and policies will be pushed once the device comes online.
Removing a group does not affect the device itself; it only removes the group association.
Steps
In the device list, select the target devices.
Click Bulk Operations and choose Add to Group.
In the pop-up window:
Select one or more groups.
In Apply Group Policies, choose whether to immediately push the policies (single-choice).
Under The group policy information you selected is shown below; check to immediately push policies, choose whether to apply the policies to the new devices (checked by default).
Click Submit. The devices will be immediately added to the selected groups, and policies will be applied based on the chosen rules.
2.2 Associate Device Policy
Description
The Associate Device Policy function is used to bind the selected devices with a specified device policy. Once successfully associated, the devices will execute system settings and restrictions defined in the policy, ensuring compliance with enterprise security and management requirements.
Single Policy Binding: A device can only be bound to one device policy at a time.
Policy Deployment Mechanism: After submission, the system immediately calculates and merges the selected policy, then delivers it to the device. If the device is offline, the policy will be automatically resent once it comes online.
GMA/KMA Restrictions:
GMA devices can only apply GMA-type device policies.
KMA devices can only apply KMA-type device policies.
Notes
After binding a new policy, the effective rules follow the “module-level merge, latest configuration overwrites” principle.
Device policy instructions are processed by the Google Android Enterprise service, ensuring delivery regardless of the device’s online status.
Steps
In the device list, select the target devices.
Click [Batch Operation] and choose [Associate Device Policy].
In the pop-up window:
Select one policy from the Available Device Policies list (single selection).
Click [Submit] to confirm.
The devices will be successfully associated with the selected policy. The system will immediately calculate and merge the effective configurations, then deliver the merged policy to the devices.
2.3 Associate Application Policy
Description
The Associate Application Policy function is used to bind the selected devices to a specific application policy. Once bound, the devices will follow the policy requirements for application installation, uninstallation, permission management, and runtime control, ensuring that the application environment complies with the enterprise’s business and security needs.
Single Policy Binding: A device can only be bound to one application policy at a time.
Policy Delivery Mechanism: After submission, the system will immediately calculate the merged result of the selected policy and deliver it to the device. If the device is offline, the policy will be automatically re-delivered once it comes back online.
GMA/KMA Restrictions:
GMA devices can only apply GMA application policies.
KMA devices can only apply KMA application policies.
Notes
Delivering an application policy may involve application installation or uninstallation on the device; please proceed with caution.
Device policy commands are processed by Google Android Enterprise services, ensuring policy delivery reliability regardless of the device’s online status.
Steps
In the device list, select the target devices.
Click Batch Operation and select Associate Application Policy.
In the pop-up window:
Select one policy from the Available Application Policies list (single selection).
Click Submit to confirm.
The system will immediately establish the association between the selected devices and the application policy, calculate the merged result, and deliver the policy to the devices.
2.4 Associate File Distribution Policy
Description
The Associate File Distribution Policy function is used to bind the selected devices with one or more file distribution policies. These policies deliver specified files to target devices according to preset rules, typically for business application installation, configuration file delivery, or runtime environment preparation.
Prerequisite: The file distribution policy must work with the KC App for devices to properly receive and execute the delivery.
Multi-selection Support: Multiple file distribution policies can be selected at the same time. The system will consolidate all files from the policies and deliver them together.
File Deduplication: If multiple policies contain the same file, the platform automatically removes duplicates to avoid redundant delivery.
Independent Execution: File distribution policies are executed independently; no merging or overlay calculation applies.
Immediate Delivery: After submission, the system immediately executes the delivery. If the device is offline, the command will be automatically re-sent once the device comes online.
Notes
File distribution policies rely on the KC App; without it, devices cannot receive or apply files.
If the same file already exists on the device, the platform will overwrite it to ensure consistency with the policy.
Offline devices will automatically receive the files once they come back online.
Deleting a policy does not remove files already delivered to devices; it only stops future deliveries.
File distribution tasks may impact device storage and performance; confirm capacity and business needs before execution.
Steps
In the device list, select the devices to operate.
Click Batch Operation and choose Associate File Distribution Policy.
In the pop-up window:
Select one or more policies from the Available File Policies list (multi-selection supported).
Click Submit to confirm.
The system will immediately deliver the selected file distribution policies. Once devices are online and running the KC App, they will receive the files.
2.5 Remote Reboot
Description
The Remote Reboot function is used to send reboot commands to one or more selected devices. This operation is suitable for scenarios where devices need to be quickly restored without on-site intervention, or when enforcing a reboot after strategy or configuration changes to ensure updates take effect.
Immediate Execution: Once confirmed, the system immediately sends the reboot command to the selected devices.
Batch Support: Multiple devices can be rebooted at the same time.
Offline Device Handling: If the device is offline, the system caches the command for 10 minutes. If the device comes online within this period, the command is executed automatically; otherwise, the command expires.
Notes
Rebooting will interrupt all running tasks; it is recommended to perform this operation during off-peak business hours or when no critical tasks are running.
During reboot, devices will temporarily go offline and reconnect once system services and network are restored.
If a device fails to reboot for an extended time, check its power supply, network connection, and hardware status.
Remote reboot commands for offline devices are cached for only 10 minutes. If the device does not reconnect within this window, the command will not be executed.
This action is irreversible; once submitted, the device will reboot immediately.
Steps
In the device list, select the target devices.
Click Batch Operation and choose Remote Reboot.
A confirmation window will appear with the message: “Are you sure you want to reboot these devices?”
Click Confirm; the system immediately sends the remote reboot command.
The devices execute the reboot operation and return to normal running state after completion.
2.6 Delete Device
Description
The Delete Device function is used to completely remove selected devices from the platform. After execution, the device will be unenrolled and restored to factory settings, while all associations with the platform are terminated, and related license resources are released.
The specific impacts of a delete operation include:
Factory Reset: The device will erase all user data and configurations, restoring to its factory state.
Disassociation: Removes all links between the device and its strategies or groups.
Data Cleanup: Device records will be removed from both the Device List and Registration Management modules, and placed in the Retired Devices module.
License Release: The license occupied by the device will be automatically released and made available for other devices.
Offline Device Handling: If the device is offline, the system will cache the delete command for 10 minutes. If the device comes online within this time, the command will be executed; otherwise, the command expires.
Notes
Deletion is irreversible. Once the device is restored to factory settings, all data will be permanently lost.
Ensure the device is not running critical business tasks before performing deletion.
A deleted device must be re-registered to be managed by the platform again.
If the license has been released, new devices must be re-assigned a license when connecting.
Steps
In the device list, select the target device(s).
Click Batch Operation and choose Delete Device.
A confirmation dialog will appear, stating: “After deletion, the device will be unenrolled and restored to factory settings.”
Click Confirm, and the system will immediately issue the delete command.
Once the device successfully performs a factory reset, it will be completely removed from the platform.
2.7 Clear Application Data
Description
The Clear Application Data function is used to delete local data of specified applications on selected devices, including cache, configuration files, login information, and user data. After this operation, the application will be restored to its initial installation state but will not be uninstalled.
Select target applications: Supports selecting multiple installed applications at the same time for data clearing.
Restore to initial state: After clearing, the application returns to its just-installed state and requires reconfiguration or login.
Traceable operation: When submitting the clear action, an operation reason must be provided for auditing and record-keeping.
Offline device handling: If a device is offline, the system caches the command for 10 minutes. If the device comes online during this time, the command executes immediately; otherwise, the command expires.
Notes
The clear operation will not uninstall applications; it only deletes their local data.
For batch operations, the selected devices must already have the target applications installed; otherwise, the clear command will not take effect.
If the application stores business-critical data, proceed cautiously to avoid data loss.
Once submitted, the operation cannot be undone, and cleared data cannot be restored.
Applications require re-initialization after data clearing, which may impact device workflows.
Steps
In the device list, select the target devices.
Click [Batch Operation] and choose [Clear Application Data].
In the popup:
Select one or more installed applications from the dropdown list.
Fill in the Operation Reason field (mandatory).
Click [Submit]. The system immediately issues the clear application data command.
Once executed, the application returns to its initial installation state.
3. Single Device Operations
3.1 Associate Device Policy
Same as “2.2 Associate Device Policy”.
3.2 Associate Application Policy
Same as “2.3 Associate Application Policy”.
3.3 Associate File Distribution Policy
Same as “2.4 Associate File Distribution Policy”.
3.4 Clear Application Data
Same as “2.7 Clear Application Data”.
3.5 Enable Lost Mode / Disable Lost Mode
Description
Lost Mode is a security feature available only for company-owned devices, allowing administrators to remotely lock a device when it is lost and display a custom message on the device screen (e.g., employee or IT contact information). This feature effectively protects organizational and employee data and increases the likelihood of recovering the device.
Note: If a device remains lost for more than 24 hours, it is recommended to perform a remote wipe to ensure data security.
Enable Lost Mode: The device will be remotely locked, display the configured lost message on its screen, play an alert sound for up to 5 minutes, and periodically report its location.
Disable Lost Mode: Once the device is recovered, administrators can disable Lost Mode via the platform, or employees can exit Lost Mode by entering the correct password on the device.
Device Restrictions: A device cannot enter Lost Mode under the following conditions:
The device is not company-owned.
The device is already in Lost Mode.
The IT admin has reset the device password within the last 12 hours.
The employee has manually exited Lost Mode within the last 12 hours.
The device is a company-owned "Work Profile" device and the work profile is paused.
Notes
Once Lost Mode is enabled, the device cannot be used until it is exited or disabled.
The displayed message should contain valid contact information to facilitate recovery.
If a user manually exits Lost Mode, the system will record this action in the logs for audit purposes.
If the device is offline, the Lost Mode command will be cached by the system for 10 minutes. If the device comes online during this period, the command will execute immediately; otherwise, the command will expire.
Steps
A. Enable Lost Mode
In the device list, select the target device.
Click Operations and select Enable Lost Mode.
In the popup window, enter the following information:
Phone Number: IT administrator or department phone number.
Email: IT administrator or department email address.
Organization Name: The company or organization name.
Lost Message: The message to display on the device screen.
Reason: Provide the reason for enabling Lost Mode.
Click Submit. The system immediately sends the command to enable Lost Mode.
The device will be locked, display the lost message, and periodically report its location.
B. Disable Lost Mode
In the device list, select the target device.
Click Operations and select Disable Lost Mode.
In the popup window, enter the reason for disabling.
Click Confirm. The system sends the disable command, and the device immediately resumes normal usage.
3.6 Device Location
Description
The Device Location feature is used to retrieve the real-time geographic location of the target device and display its position on a map. Administrators can use this feature to quickly track the device’s location, either to trace a lost device or to conduct remote troubleshooting during operations.
Real-time Location: The system retrieves the device’s latest location and marks it on the map.
Location Details: Displays the device’s address, latitude/longitude coordinates, and the latest report time.
History Records: Supports viewing the device’s location history, helping to trace its activity path.
Offline Devices: If the device is offline, the location data shows the last reported position.
Notes
Location tracking requires the device to have granted location permissions; otherwise, data cannot be retrieved.
Location data relies on device reporting. If the device disables location services or loses network connectivity, no updates will be shown.
Location display may have delays, and the actual position could differ from the marked point.
For devices that haven’t reported for a long time, the displayed data may be outdated and should be treated as reference only.
Since location data may involve privacy concerns, ensure compliance with company policies when using this feature.
Steps
Select the target device from the device list.
Click [Actions] and select [Device Location].
The system navigates to the device detail page and displays the last reported location.
View the device’s location marker and detailed info (address, coordinates, report time) on the map.
Switch to Location History to view the device’s historical location trajectory.
Click Enable Lost Mode to combine location tracking with security protection and recovery.
3.7 Lock Device
Description
The Lock Device feature is used to remotely place a device into a locked state, preventing unauthorized use. Administrators can choose to either lock the screen only or set a new lock screen password to ensure device security.
Lock Screen Only: The device immediately enters a locked state, and users must enter the original password to unlock.
Set Lock Screen Password: Administrators can push a new lock screen password, which the device immediately applies as the unlock condition.
Once the lock command is issued, the device will remain locked until the correct password is entered or an administrator issues an unlock command.
Notes
Lock operations are irreversible and can only be undone via password entry or the platform’s unlock function.
If “Set Lock Screen Password” is chosen, the password must be securely stored and communicated to the authorized user promptly.
If the device is offline when receiving the lock command, the system caches the command for 10 minutes. If the device comes online within that time, the command will be executed immediately; otherwise, it expires.
Steps
Select the target device from the device list.
Click [Actions] and select [Lock Device].
In the pop-up window, choose the lock method:
Lock Screen Only
Set Lock Screen Password and enter the new password.
Click [Submit]. The system immediately issues the lock command.
The device enters the locked state once it receives the command.
3.8 Unlock Device
Description
The Unlock Device feature is used to remotely remove a device’s locked state caused by the Lock Device action. Once executed, the device will immediately return to normal usage without requiring the user to enter a password.
Instant Effect: Once confirmed, the platform immediately sends the unlock command to the device.
Scope of Application: Only applicable for lock states triggered by the Lock Device feature.
Audit Trail: An operation reason must be provided to support auditing and traceability.
Notes
Unlock operations are irreversible; once submitted, the device will immediately return to normal use.
If the device is not in a “Locked” state, the unlock command will have no effect.
Batch unlock applies to all selected devices at once — use with caution.
If the device is offline, the system caches the unlock command for 10 minutes. If the device comes online during this time, the command executes immediately; otherwise, it expires.
Steps
Select the target device from the device list.
Click [Actions] and choose [Unlock Device].
Fill in the “Operation Reason” field in the pop-up window.
Click [Confirm]. The system immediately sends the unlock command.
The device automatically exits the locked state upon receiving the command and returns to normal use.
3.9 Remote Restart
Same as “2.5 Remote Restart”.
3.10 Revoke Configuration
Description
The Revoke Configuration function is used to release a device from its current managed state and, based on business needs, choose whether to wipe data and define the device’s subsequent status. This operation is applicable to scenarios such as device decommissioning, retirement, repair, or redeployment.
There are two modes of operation:
Mode 1: Wipe Device Data
Actions performed:
Perform a factory reset on the device, clearing all local storage data (including SD card);
Remove the device from the platform (if “Delete Device” is selected);
At the same time, set the device status to:
Unenrolled: the device record remains on the platform and can be re-initialized later;
Retired: indicates that the device has been deactivated or discarded.
Mode 2: Do Not Wipe Device Data
Actions performed:
No data is cleared from the device;
Set the device status to Repair, indicating that the device can still be used but its configuration has been reset;
The system will automatically push the default policy to this device to maintain minimal control.
Notes
Devices in Retired status cannot be registered on the platform again; use only for permanent deactivation.
After a factory reset, device data cannot be restored.
Devices in Unenrolled status remain in the platform record and can be re-registered.
Repair status is suitable for return, diagnostics, or temporary suspension scenarios.
For offline devices, the revoke command will be cached by the system for 10 minutes; if the device comes online within this period, the command will execute immediately, otherwise it expires.
Steps
Select the target device
In the device list, click on a single device and choose the Revoke Configuration option.
Configure the revoke method
Choose whether to wipe the device: Yes / No;
Set the device’s target status:
If Wipe: Unenrolled / Retired;
If Do not wipe: Repair.
Enter the operation reason
All operations require a description for auditing purposes.
Submit and confirm
After clicking the Revoke Configuration button, the system will display a confirmation dialog. Once confirmed, the operation takes effect immediately.
3.11 Restore Default Policy
Description
The Restore Default Policy function clears all custom policies and configurations from the device and replaces them with the system defaults. This operation allows the device to quickly return to a controlled default state, avoiding abnormalities caused by misconfiguration or policy conflicts.
The following impacts may occur after execution:
Device configuration reset: Existing policies will be overridden, and the device’s behavior and functionality may change;
Application impact: Applications will remain available, but configurations such as update methods may be reset to default values;
Irreversible: Once executed, the restore default policy operation cannot be rolled back.
Notes
This action is irreversible; confirm carefully before execution;
When performed as a batch operation, all selected devices will be restored to the default policy simultaneously;
If the device is offline when receiving this command, the system will cache it for 10 minutes. If the device comes online within this period, the command will execute immediately; otherwise, it expires;
Ensure the business environment has evaluated the impact of default policies on device operation to avoid unintended business interruptions.
Steps
Select the target device from the device list;
Click [Action] and choose Restore Default Policy;
In the confirmation dialog, review the prompt and enter an explanation in the Reason for Operation field;
Click Confirm. The system immediately issues the restore default policy command;
Once received, the device clears all custom configurations and policies and applies the system default policy.
3.12 Clear App Data
Same as 2.7 Clear App Data
3.13 Remote Assistance
To be completed.