Can Google Policy Profile remotely erase all data on the device?

Question

I'd like to configure my company's Google e-mail on my iPhone, however when enabling e-mail profile in Inbox, Gmail, Mail or any other app, the following Device Policy Alert is shown:

To use Google apps on this device as ..., your organisation requires that you install a security profile to keep your data safe.

And on the next screen the Google Apps Device Policy Profile says:

Your admin may enforce policies, configure settings, and remotely erase data on this device.

I would argue how allowing remotely erase data on this device keep my data safe, but anyway.

My question is, what are the security risks involved by installing above Google policy profile which warns me that somebody from the company may which I work for can remotely erase my personal data on my device?

In other words, is this policy profile applies only for the e-mail data (like restricting the removal option only for specific app) or any other data as well (like personal e-mails, contacts, files, pictures, etc.), where somebody can accidentally wipe out my whole device?

Related: How the device policy profile works, but it doesn't explain much.

Answer 1

The short answer is "Yes".

If the phone given to you is a "company phone", you must comply.

If this is your phone, as the message mentioned, you must contact your company IT to check out the actual policy enforced. This is something internal, there is no way to tell how far the policy is enforced.

Since mobile phone is cheap now a day, I suggest you get another phone for such "company usage". You don't need an active phone services for that phone, you can tether your current phone as WIFI access point to that phone to download email from time to time.

Answer 2

This provides security for the company because it will mitigate the chance of an unauthorized person from gaining access to company internal info. If you are using a BYOD (Bring Your Own Device) device or COPE (Company Owned Personal Enabled) instead of a fully managed device then the work Profile will be the only thing that is deleted. The company can only delete their info, hence the Work profile.