New data exfiltration protections for G Suite data on iOS devices

What’s changing 

We’re adding new security controls that admins can use to protect sensitive company data on iOS devices. Admins can now choose to:

  • Restrict copy and paste on data belonging to G Suite accounts to other accounts. This can prevent corporate data from being exfiltrated to personal accounts. 
  • Restrict the ability for users to drag and drop files from specific apps within their G Suite account. 

At launch, admin controls will apply to five G Suite iOS apps: Gmail, Drive, Docs, Sheets, and Slides. This feature is available to G Suite Enterprise, G Suite Enterprise for Education, and Cloud Identity Premium customers. Users will still be able to copy and paste and drag and drop from personal accounts to G Suite accounts. Protections are available to devices managed with G Suite’s basic or advanced mobile device management, as well as devices with basic mobile management alongside a separate enterprise mobility management (EMM) solution.

Who’s impacted 


Why it’s important 

Without these features, there are limitations in the controls admins have to prevent users moving corporate data between corporate and personal accounts on the same iOS device. While admins can prevent sharing files between managed and unmanaged apps, users can still share data between accounts when apps support multiple accounts or via cut/copy/paste actions. For example, iOS users can copy the text of a corporate email into a personal account. This introduces the potential for data leaks and reduces the overall security of your corporate data on iOS.

The admin controls introduced in this launch will help increase protections and make it more difficult for corporate data to be accidentally or intentionally shared to a personal account. Similar protections are already available on Android devices through Work Profiles.

See our post on the Cloud Blog to learn how this and other launches can help G Suite customers stay secure.

Getting started 

  • Admins: This feature will be OFF by default and can be enabled at the organizational unit (OU) level. Visit the Help Center to learn more about data protection on iOS devices
  • End users: There is no end-user setting for this feature. If a user tries to perform a restricted copy and paste action, the text “This info can only be shared within your organization’s G Suite apps” will paste instead of the text they copied. 

Admin controls for data exfiltration protection on iOS 

Rollout pace 

  • This feature is already available for all domains. 


  • Available to G Suite Enterprise, G Suite Enterprise for Education customers and Cloud Identity Premium customers 
  • Not available to G Suite Basic, G Suite Business, G Suite for Education, G Suite for Nonprofits customers, and Cloud Identity Free customers