The sub-techniques beta is now live! Read the release blog post for more info.

Delete Device Data

An adversary could wipe the entire device contents or delete specific files. A malicious application could obtain and abuse Android device administrator access to wipe the entire device.[1] Access to external storage directories or escalated privileges could be used to delete individual files.

ID: T1447
Tactic Type: Post-Adversary Device Access
Tactic: Impact
Platform: Android
Version: 2.0
Created: 25 October 2017
Last Modified: 25 September 2019

Procedure Examples

Name Description

FlexiSpy can delete data from a compromised device.[2]


Monokle can delete arbitrary files on the device, and can also uninstall itself and clean up staging files.[4]


Pallas has the ability to delete attacker-specified files from compromised devices.[3]


Mitigation Description
Caution with Device Administrator Access