Blocking stolen phones from the cloud can be done, should be done, won't be done A lot of our tech world is nightmarish, but sometimes this is literally true. The fear of our mobile devices not working when we need them most is leaking into dreams, joining public nudity and disastrous lateness in our cinema of sleep's horror bill. Now, the UK's powers-that-be want to make that nightmare a reality for …
But how about the police and justice system work to stop the criminals? You know, actually have some coppers on the street, arrest, convict and meaningfully sentence the first line thieves (and confiscate and destroy the bikes they use), find and prosecute the gangs who bring together the stolen phones and ship them out of the country?
By all means, Google and Apple SHOULD stop supporting the theft of phones, but that should be a backstop.
Apple works hard to fight the re-use of stolen parts - see Activation Lock. Note that they have a direct commercial incentive to do this, because their original manufacturer 'genuine' parts are a strong revenue stream for them (as well as their repair services provided through Apple stores). I imagine Android manufacturers either do something similar or are considering it, because it makes good business sense. Regardless, the fact that some phones have some value when broken up for parts is not an argument against preventing devices from accessing cloud services worldwide when reported stolen, using the IMEI.
Yeah no. We have civil forfeiture (police can seize proceeds of crime) here in Trumpistan, and it's probably one of the many steps on the road to hell we're in now, creating a reason for police to conduct "your money or your life" raids.
Civil forfeiture allows police to seize and then keep or sell any property and money they allege (NOT a judge or attorney) is involved in a crime.
Cops know that actual organized crime doesn't give a shit, but that dirty little citizens without lawyers and shell organizations to take the fall will contest their life savings/property being taken - bingo, got the department's arrest stats padded with serious charges OR free money - everyone wins except the little pissant "civilians."
This used to be a rare point of bipartisan complaint before everything went off the rails:
Right-leaning Americans For Prosperity:
https://americansforprosperity.org/blog/civil-asset-forfeiture-horror-stories/
Left-leaning ACLU:
https://www.aclu.org/issues/criminal-law-reform/reforming-police/asset-forfeiture-abuse
Civil forfeiture != proceeds of crime.
Civil forfeiture in the US is an affront to basic common sense and decency.
But across Europe there are plenty of proceeds-of-crime statutes where Police can have assets frozen temporarily (as evidence usually) and then a court can distribute those where appropriate - whether it’s drug dealer’s BMW, the proceeds of embezzlement or fraud, or other nefarious gains.
Yes, catching criminals is so hard and expensive, let's just "give up then"
AHH the either or bullshit arguement.
If you make the phones pretty much worthless, then that crime massively decreases. They then can shift focus to other issues, like stolen vehicles that are stripped and shipped.
There are finite resources.
If this country had half brain, they would actually look at research and massively alter multiple laws (personal possession of drugs, soliciting prostitution, TV licence prosecution, copyright laws)....but they won't because they listen to public opinion, driven by self serving media outlets.
I am very familiar with the 'CONCEPT' of Democracy ... it would be 'nice' if I could see it in action somewhere !!!
P.S.
I think that 'Democracy' is having a very bad time in the US of A at the moment, it appears to have been put on 'infinite hold' for the last few decades !!!
Ask Trump if he can remember where he put it ???
If he cannot remember ... I am sure Putin has some 'Democracy' filed away somewhere ... NEVER used in perfect condition !!!
:)
As a public service, isn't this what they should do.
To a point. But that assumes public opinion represents informed opinion, which - thanks to the efforts of Murdoch, the Barclays and Lord Lebedevedev-dev, is not a sure thing. Some sort of moderating expert input is often an important component.
Of course it's a difficult thing to balance - a gilded tower "Well the plebs are wrong" approach is not a good thing - it encourages echo-chambers within the halls of power. Even if the plebs are just being bigoted because the Daily Zeig Heil told them to.
But conversely, it's also undesirable to just do what the racists want because DEATH and INVASION sells papers and the flames of intolerance and willful-ignorance have been fanned by billionaires who want an unregulated, low-tax business environment and have found that pandering to that corner of society can be quite profitable - if you don't care too much about the wider social consequences.
Some people will ask how that squares with democracy, and that's a tricky one - there's a reason we have a minimum voting age and don't let 10year olds vote - we assume that some competence is required, and that most 18 year olds can form some sort of a meaningful opinion. Where do you balance straight democracy with tyranny of the masses?
Nonetheless, these billionaires have managed to convince the proles that the reason their public services are dreadful is because of a statistically-insignificant number of immigrants, not because they voted for the people those billionaires told to vote for - people who then implemented a deeply regressive tax system and stopped investing in public infrastructure (and indeed sold much of it to the private sector who then asset-strip it for private gain).
Turkeys voting for Christmas.
It's incredible that the biggest topic in that corner of politics is "stop the boats" not "why are taxpayers subsidising commercial banks to the tune of £35Bn/yr?".
"As democracy is perfected, the office of president represents, more and more closely, the inner soul of the people. On some great and glorious day the plain folks of the land will reach their heart's desire at last and the White House will be adorned by a downright moron."
Henry Louis Mencken
This post has been deleted by its author
A stolen phone even if IMEI blocked can still be shipped off to a sweatshop in the far east to get broken down for parts. So although it might make it less lucrative to steal a phone, it would not stop people getting their phone nicked.
And as for not being able to use Googles privacy invasive services, some people actively go out of their way to remove them from their phones. So it wouldn't be a deal breaker for everyone if their phone can't use the Play store or Google Maps etc.
And then take step 2 and force manufacturers like Apple to supply spares for actually reasonable costs and ban contracts preventing chip suppliers from selling manufacturer specific part-numbers/revisions of common chips and breaking down phones for parts becomes a non-issue too as only the most fly-by-night shitty repair services would use used/recovered chips if they can get the genuine article at a decent cost.
It's simpler than that even
The vast majority of phones being stolen and fenced (along with most burglaries and "petty" crime) is to fund addictions (both legal and illegal materials)
Deal with the underlaying issues instead of the symptoms and you might stand a chance of not engaging in a "forever war"
And that's what happens in some cases: When criminals make it very dangerous by going armed, the police start wondering if it's really worth risking their lives.
Sure, some police will still try, but they then face public outrage for when things go wrong. And if they have bad intel? They get the wrong person? Then they get a public lynching for their efforts. So they have to take extra care while the criminals don't. Makes it somewhat one-sided.
Add into the mix that the police have to show they're doing something: Meet targets, get arrest numbers... of course they'll focus on the easy cases, the low hanging, and more importantly, SAFE arrests. People who don't intend to break the law generally are sorry for doing so and won't fight too hard, and if they're innocent, well, just bully them into a plea deal so they admit their guilt and that's another success!
BTW: Never accept a plea deal if you're innocent unless it includes a guarantee it won't go on your criminal record and you're okay with the terms. Just because you're told it'll be best for you, or the best outcome, or it'll save you hassle: It could also cost you more than you expect, and wreck your life. So be very, very weary about plea deals and the police going easy on you if you just confess...
While I'm right behind the idea of the police actually working for a change, an ounce of prevention is better than a pound of cure. Apple and Google have it in their power to make it no longer worth stealing phones in the first place. Even if the cops had a 100% success rate in finding and returning stolen phones, it would still be a worse experience for the victims than not being victimised at all. And that's before you consider the likelihood that the phone thief might assault their victim as well as grab the device.
I think it was the BBC covered this, too, and they noted the reasons why Apple and Google don't want to is: IMEI fraud and spoofing, plus a lot of the stolen phones wind up in places like China that won't honour the block, so it's pretty pointless.
There was also the suggestion they simply brick the phone (send a signal that'd stop the phone from working) except any such attempt can be circumvented, and it would also open up extortion rackets where criminals could threaten to block your phone unless you pay up. Considering what we have on our phones these days... that could be real inconvenient.
So it's not simply Apple and Google being lazy: They might even have a point as to why blocking phones outside of the current approach would be bad.
I don't disagree with the suggestions you're making, but it remains the case that if there are safeguards preventing the use of a stolen phone the resale value will drop. With that, the incentive to steal the phone in the first place drops as well. It's better to try and make the game not worth the candle than to do nothing at all.
Yup, but that depends on the safeguards being solid (hard and expensive to bypass) and there not being another reason for stealing the phones.
So the problem then comes to the cost of developing and implementing such safeguards (and hence increased cost of the handset) v how easy they are to bypass. If it's cheaper to crack the safeguards than it is to add them then you're just making the phones more attractive. We've seen this with software: Publishers insisting on anti-piracy measures that pushed the price up, and didn't stop the piracy. Instead people turned to cracked copies 'cause they couldn't afford the inflated price of a legit license. Plus some of those anti-piracy measures interfered with the software making it buggy and in some instances, unusable. Just something that needs to be kept in mind when adding more layers of 'protection' to anything, really.
Plus, phones can still be stolen for parts and materials. Not quite as lucrative but if there's a sufficient profit margin, the criminals will do it.
"actually have some coppers on the street"
Proven not to work, but keep going with this Daily Mail nonsense...
What the police actually do about theft is try to find the people who buy the phones and ship them out of the country, because it's basically impossible to catch every little scrote committing minor property crimes.
"Proven not to work"
Utter garbage. If you take 1 criminal off the street that is 1 less criminal that can potentially break the law and potentially many, many more who will now think twice about it.
Letting criminals run amok and not doing anything about it does nothing to make people safer.
B.S!
One copper, one week = £1000 tax payer money.
If a cop nick a scrote who nicked a phone, that is two and a half days of the coppers time between paper work and court time, and the scrote is still back on the street nicking phones the same day. Tell the cops to nick scrotes and the best they can do is two a week.
Nick the bell end who pays scrotes for stolen phones, and you have a whole bunch of scrotes that have to look elsewhere for their drug money, and you have a much better chance of getting a conviction with a custodial sentence that will keep the bell end off the streets.
If you want more cops, then pay more taxes. If you want more safety, then let the cops do their jobs properly instead of letting the red tops tell them what their jobs should be.
"the scrote is still back on the street nicking phones the same day."
Perhaps you should actually read my comment - it talks specifically about getting them off the streets.
Besides letting 'scrotes' skate with no police intervention achieves nothing.
"Nick the bell end who pays scrotes for stolen phones, and you have a whole bunch of scrotes that have to look elsewhere for their drug money"
Yeah they'll just mug you for your wallet instead, which involves a LOT more risk to the victim. You really need th¡o think things through.
"If you want more cops, then pay more taxes"
I don't want more cops, I want the ones I'm paying for now to actually do their jobs.
>>Perhaps you should actually read my comment - it talks specifically about getting them off the streets.
Err nicking someone does not get them off the streets. It does for about 12 hours in the worst cases. Usually far less (custody want rid so they don't have to provide meals and they need the space).
Then the (typically) druggie is out on Police bail, free to do whatever (as long as they aren't caught) until a visit to the beak. At which point, for petty theft, they will get a slap on the wrist and told not to do it again, because it has been proven many times that habitual theives are gonna theive, no matter what the punishment.
Anyway, why waste tax payer's money on putting a scrote away for a month at the cost of say £10k (it's actually more than that, IIRC, but its been a while) for a crime that did (in general) rather less than that in damage to society? more scotes off the streets = more money the tax payer has to find to look after them.
For a bit of reducto ad absurdum To save the costs associated with incarceration perhaps we should just execute anyone found guilty of anything? (nb. that was, by and large, tried over past centuries and found not to change the offence rate significantly)
I suppose it does get the copper off the streets though, with hours of paperwork, all of which is mandated to ensure the plod are doing what they are paid (or not, in the case of Specials) to do, but I am sure the criminals you want off the streets aren't, in this instance, the popo.
One approach ends up nicking a lot of scrotes
The other approach removes the reason for the scrotes to be scrotes
It's worth looking at what Portugal's approach to addiction treatments has done to their crime stats (way down) - and the narcogangs have mostly given up there as they can't turn a profit
Wash your mouth out!
We do not (repeat DO NOT) want to pay more taxes[1] but we do want things to get better. And we'll keep changing the government until it does.
We are the public and we have the power that comes from the wisdom of crowds idiots.
[1] See the arguments above about democracy.
Complex problems need to be addressed by multi-tiered solutions, where the problem needs to encounter the cheapest tiers first, and the most expensive tiers last.
Police is really expensive. We need police, and we need it to work properly, of course, but it can't be the first solution for every problem. Wherever there is a cheap and effective fix for 99% of a problem, you need to deploy that, and use police to deal with the remaining 1%. Otherwise, the economics just don't work.
Neglecting a simple technical fix while calling for a law enforcement solution, is like suggesting that we could all just dump trash in the streets, if the street cleaning crews just were more efficient. It just doesn't work. The street cleaning crews can only do their job if they are dealing with a tiny fraction of all trash. Police is the same. They can't deal with a society with strong incentives to being a criminal. Fix the incentives, then they can deal with the rest.
There is absolutely no need for police to have control over IMEI cloud blocking. Apple and the various Android manufacturers ALREADY have stolen phone functions that users can use to lock or wipe a phone that has been stolen. They consider these safe enough to deploy because they are confident in their authentication systems. They literally have all the systems they require to implement IMEI blocking already, they just need to add the IMEI (which they already see and store) to the identifiers for these functions. People arguing against this are imagining some kind of police state is needed and calling foul... but ironically also protesting that police are too weak to prevent all phone thefts and ought to be heavier-handed.
Unless it's mandate by law. That's why in 1700 the actual form of democracy was devised - to have a state that protects the less strong ones from the 800 puond gorillas. Just, it canìt work if most voters just try to find an 800 pound gorilla to hide behind and crush others.
That is not democracy, that is a republic. The tyranny of a 'pure' democracy is that if 51% want to speak Latin, then 100% must speak Latin, if 51.9% want to leave the EU, then 100% get shafted. In a republic, all citizens are protected by the rule of law (usually a constitution) that can only be changed by a significant majority. 51% can decide that Latin is the preferred language, but they can't force it on the rest.
The IMEI is the ID the phone uses to identify itself to the mobile network.
We have the chain phone > mobile network provider > internet > somebody else's computer.
How and why should somebody else's computer be able to reach through the comms network to grab the IMEI which should be none of its business.
OK, probably Apple can because Apple. If Google can't so much the better. Or to put it another way, if Google can see the IMEI what about Meta, X, random site the user visits? It's a security issue if that's possible.
This is something the mobile networks can and should be dealing with. Talk to the right people.
What are you talking about? Every phone OS can see the phone's IMEI, it's a decision by the OS maker (and lawmakers, maybe) if it makes that information available in any form. But the OS could always check against a stolen phones list.
Who would be in charge of those list is the tricky bit - some governments would probably use that in nefarious ways
What I am talking about is that back when GSM was introduced, and with it the IMEI, we were briefed that the network operators could at least block if not disable (it was a long time ago) a stolen phone.
This, it may be difficult to believe for some, is before Android and iPhone OSes existed. Before the phone would connect to the internet. Before there were cloud services to connect to.
The system was designed for the network operators do this.
It's how it was supposed to work.
Talk to the right people.
Yep: The first thing in the article was about a global, centrally managed block list so the operators can all use the same list.
This is because operators can pick which block lists to implement. That means they can ignore the block list from the EU or US, for example, so phones stolen from those countries will still work. A global block list would address this pick and mix approach and hopefully plug that hole. However, the operators would just choose to ignore the global list and use their own, so that approach is highly unlikely to achieve anything.
The reason for Apple and Google to be dragged into this is for them to install Kill switches in their OS's - something that could be horribly abused, both by governments and criminals. Hence their stated reluctance. Plus IMEI spoofing and the likely response from criminals of cloning the OS without the kill switch and installing that on a 'bricked' handset. So basically it'd be a colossal waste of time, money and resources.
@ Doctor
back when GSM was introduced, and with it the IMEI, we were briefed that the network operators could at least block
Having been around a certain mobile telecom operator, yes, indeed. There was an agreed protocol to distribute *known and verified* stolen device IMEIs as a list amongst (at the time I was tasked with redeploying the infra) at *least* 11 different north american operators. (I say at least, however I suspected from the size of some of these reports that a couple of the operator sources were collating lists from elsewhere). These data exchanges were weekly between US/CAN operators and daily between CAN/CAN operators.
The single largest issue with GENERATING the data was obtaining correctly defined reports that the devices were actually stolen. In our case we needed the actual report to come from an end user and include either a corporate entity label, or a police report #. (i.e. the device was owned by a corporate and the corp was reporting it stolen through appropriate contacts, or owned by an individual and included a police report #) You can see the issue there. The reporting requirements were to prevent someone locking out someone else's phone with a malicious report.
Sometime after 2008 or 2009, the police report requirement was dropped at our end, but there were some events that came close to being large legal issues with stolen phone reports. I'm not aware of the *current* processes, but having seen the data reporting requirements about 5 years ago, I'm guessing that getting an IMEI blocked is going to be somewhat harder these days.
You're both forgetting that Apple and Google (and various Android manufacturers) already have methods by which users can remotely lock and wipe stolen phones using using their cloud account which is connected to the device OS. These problems with verification that apply to IMEI blocklists implemented at a network level can be circumvented already using existing systems that the phone OS manufacturers have implemented. These are ALREADY as vulnerable as they will ever be to blackmail and abuse, because they have abilities that can effectively brick a phone as far as a regular user is concerned. To implement blackmail, you have to gain control of the user's cloud account. Apple, Google, etc are already fine with this risk. But somehow... not fine with simply adding a further check on the IMEI, against an internal list of handsets reported stolen by owners ('owner' being authenticated by the cloud account).
It's very obvious that the companies controlling the OSs and cloud services don't want to play ball solely due to commercial interest.
>>How and why should somebody else's computer be able to reach through the comms network to grab the IMEI which should be none of its business.
They don't have to reach anywhere. IMEI is available to Android/iOS (whatever the Apple equivalent is) all Google/Apple have to do is to ask what the IMEI is and the OS will send it right back.
Note that, since Android 10, third party apps on the Google Play store can't ask for the IMEI. The system calls are still there if your app has the right privs and any app that asks for those privs on the store is denied store presence (I presume... who knows if what they say should happen actually does in real life). I presume its pretty similar in Apple land.
Unfortunately it's also possible to spoof what goes to the network as there is software between the hard coded IMEI and the antenna sending it out.
It being the modem software actually makes for a more productive hack - there is a very limited range of cellular modem manufacturers these days, so one hack can apply to a double digit % of the market.
Imagine that you can change your IMEI to something else. Great. Now... what IMEI are you going to use instead of the original one, in a stolen handset? Do you know which IMEIs are valid, not reported stolen and match your model of phone? Do you know which have and haven't been used, so you can't be blocked by networks and Apple/Google services because you're not the first live handset reporting that IMEI? You would have to either corrupt the IMEI assigning authorities (plausible, but it creates a single high level point of failure for the criminal enterprise) or purchase a real physical device with a mobile network chip that has a unique IMEI and use the IMEI from this without ever turning on the device (fine, but this moves control to the IMEI assigning authorities who have various other actions they can implement to discourage theft; it also increases the price of a stolen phone, which ultimately discourages theft).
Or just make a gizmo that runs through batches of IMEIs and finds out which ones are allowed to connect to the network. Which is how it's done at the moment.
There's no need to have an IMEI that matches your model of handset as networks don't have any simple way to detect a mismatch, and the complex ways are too complex to apply to every connection attempt.
Equally very few networks detect and block duplicate IMEIs - because they can't tell which one is the duplicate.
That's only for apps on the phone (and someone above said Android no longer allows apps to access it) so what if you connect to a web site using your browser? Phones are still pretty useful just with the browser and Apple/Google built in apps.
Even if it could stomp out 100% of all phone theft forever it would not be worth it if every app you used or every site you connected to got your IMEI and could personally identify you. And that IMEI WOULD personally identify you, because all it would take is giving your real name or email to ONE that sells that information on (or has it stolen via hackers) and made available and then everything you do has your personal identity tied to it. OK your phone's identity, but that's more personal than a specific PC, which is more personal than a specific IP address, which is more specific than a IP based geolocation. Data brokers would KILL for something that specific to link visits across apps/sites!
We know the UK government (of whatever colour) does not like citizen privacy & autonomy.
The UK police currently essentially ignore phone theft (even if your phone tracking software can show them the exact location a stolen phone is currently located at & so they could get a nice easy arrest if they could be bothered!)
This is more about having a nice way to block "people of interest" from the cloud / screw up with their phone usage at will
If you think I am being melodramatic, read up about how terrorist legislation is subverted into big prison sentences for protesters, look at the long disreputable history of the "spycops" saga etc.
The UK police currently essentiallyignore phone theftselectively enforces law
FTFY
Phone thief probably can swear, looks mean and intimidating. Whereas auntie having a brain fart on Facebook after getting a bit tipsy will be crying and compliant.
For the poor wages they get, they wouldn't be risking having to watch their back going home after finishing a shift.
auntie having a brain fart on Facebook after getting a bit tipsy
Alcohol removes inhibitions, it does not create new behaviour, it just allows suppressed opinions and behaviour to be expressed.
A drunk who is violent or racist will be easily capable of being the same when sober.
>” This is more about having a nice way to block "people of interest" from the cloud / screw up with their phone usage at will”
I would agree, as I know my phone/device and if it gets lost or stolen, I can log into my account from another device (assuming I have correctly set up account recovery in the event of my primary phone and/or device being lost or stolen) and deny access to my Apple/Google account from it. Okay this isn’t as simple as calling up a mobile operator, passing a simple security check and they then barring the device, but it is doable.
This seems to be more about the authorities saying to Apple and Google - we have this phone, please block logins to your cloud service, sorry we don’t know the account name.
Which suggests Apple and Google need to include IMEI validation as part of the cloud service sign in and connection maintenance.
It's more that they don't care about the low hanging fruit of the thief: They want to track where the phone goes so they can find the whole network involved in the theft.
It's the same for cars: They ignore car theft so they can follow the cars through the chop-shops and smugglers to see where the car or it's components, wind up.
Problem is the criminals keep changing their approach, routes and networks and ship to countries where your local police can't follow, so it's really hard to catch those behind it all.
An example of this (the car side) happened to a friend: Car stolen but could be tracked. Police weren't interested. Except the thief abandoned their car to steal a more expensive car... so their car was eventually recovered, got moved around various police pounds, things removed, lost, found, lost again, the whole car then was lost as it was redirected to another pound, found, lost yet again, then eventually, nearly a year later, handed back because the insurance company was seriously pissed at that point and threatening serious action against the police. Coincidentally, my friend had worked for Caterpillar, and had helped check a long list of serial numbers of machine parts recovered by police in a variety of countries. All were stolen from the UK years ago, the machines stripped down and parts sent abroad to be swapped into compatible machines - and a years long investigation/sting operation had just concluded with the local police in those countries making arrests, recovering parts and sending the serial numbers back to the UK to confirm the parts were, indeed, stolen. One thing she noted: They didn't recover ALL of the parts of the original machines... and where they were recovered, the parts were found in across a number of countries.
Apple Activation Lock already does the equivalent of this. If someone nicks my phone I use the Find My app to lock the phone and if someone tries to use it then they can't. They can't reset it or restore it and Apple won't do so without an original receipt and proof of original ownership. Great so far, but over the Apple boards and you'll see about a post a day from someone asking how to deactivate Activation Lock. Most of them are probably small-time thieves trying to get into their ill-gotten gains but some of them will be people who have bought a stolen phone probably without knowing it was stolen. My point is that even though Apple can and does disable stolen phones and has been doing so for some years now, it hasn't stopped them getting nicked. Why does anyone think that a different method based on IMEI would make a difference?
Everyone who has used Find My at least once.
Go to Find My... oh, wait, you need to use a different device. Log into any computer (including other phones, tablets, whatever) which has an Internet connection. Go to icloud.com. Log in. It would be best if you used a device which you have previously logged into iCloud to do this, such as a computer used to back up the original, now stolen, device. You do back up, don't you?
Once in iCloud, go to Find My. Click on the stolen device. Find My should show its location, if it's on. Even if it's off, Find My should show several large buttons, the first three of which are 'Play Sound', which plays a loud annoying sound on the device to help you find it, 'Directions', which gives directions to the last known location of the device, and 'Lost iPhone/iPad/whatever' which turns on the lost feature. And disables the device.
If you have logged into the computer you're using for iCloud before, you will have access to Keychain, which will have the passwords.
If you have never logged into iCloud on that computer before, you will have to put more effort into it, but it can be done. If you don't have another computer available, you're screwed.
Personally, I have logged into iCloud on multiple personal desktop and laptop machines and several office and school desktops; I wanted access to my iCloud files. This means that I can use any of them for Find My should I wish, the Apple devices among them will automatically get the 'trust me' six-digit codes, the Windows devices will take more effort. Linux won't work; at least I've never been able to get the 'trust me' code on a Linux system, if anyone else can I would appreciate finding out how you did that.
The premise is flawed - a fully bricked phone is still valuable. Even with Activation Lock or IMEI blacklisting, stolen phones can be stripped for parts or exported to markets where these protections don’t apply. The goal isn’t to make theft impossible, just less profitable - but when the scale is industrial, even bricked phones have value. And if the police aren’t seriously disrupting these networks, then all these technical measures are just noise.
In some regions, especially parts of Africa and Southeast Asia, blacklisted or locked phones are still bought for parts, reprogramming, or use as Wi-Fi-only devices. Tools to bypass locks are widely available, and labour costs for disassembly are low. You're right that China makes phones - but it also imports e-waste and locked devices for refurbishing or component harvesting. The market isn’t about personal use - it’s about volume and margins in grey markets.
>The goal isn’t to make theft impossible, just less profitable [...] all these technical measures are just noise.
Those two bits are in direct contradiction. The technical measures make the phone less valuable by preventing you from selling it as-is into the most expensive markets. That makes the theft less profitable.
You don't have to bring the profit to zero, you just have to push it as far down as you can. Every little bit will make the police work that much more effective.
You're not wrong - technical measures do reduce profitability. But the issue is scale: when phones are stolen by the thousand and shipped abroad, even bricked units have value. So yes, the tech helps - but without enforcement, it's like locking your car in a neighbourhood where no one's watching the carjackers. The real deterrent isn't just deactivation - it's disruption of the networks profiting from it. Otherwise, you're just raising the bar slightly for industrial thieves who already have workarounds.
yes, but do you remember how much car theft was reduced when decent loocks and immobilisers became standard? Making it harder cools the whole ecosystem, even if it isn't a magic bullet that stops it entirely.
According to perplexity, "The standardisation of electronic immobilisers and improved locking systems has led to a dramatic reduction in car theft—by about 40–50% in the years following their widespread adoption, and by over 80% in the UK over two decades."
I'm sorry, disabling the OTA capability of my phone being locked is the first thing I do (if I can) with every new phone. I don't want it to be bricked accidentally on purpose by the carrier/$big_corp.
If my phone gets nicked... tough luck. On the other hand, it's a phone, I don't keep my whole life on it.
I've worked for big phone, one of the biggest and oldest on the planet, and let me tell you, it really is quite simple to disable a phone once it is reported stolen. There is not one damn complicated thing about it. I did it every day.
The phone companies absolutely DO NOT want to put any effort into it. ------------------------------>>>>>>>>>
LOL!!!
No, my friend, I don't think so. The government *issue* car registration numbers, they don't own them. Once issued, they can't withdraw them, they can't prevent them being used on the roads and they can't re-issue them to anybody else. Even if this wasn't true, do you really want this shower of idiots or their rich sponsors to have the power to decide if you, your parents, siblings, children, friends and acquaintances should be "allowed" to use a phone, or more accurately, be denied the right to use a phone when some unelected individual with no oversight and no fear of consequences decides that some rule has been broken? I am old enough to remember the poll tax riots, and I know that if Thatcher had the power to track IMSI's or IMEI's, she would have used it to punish the protesters and anybody connected with the protesters. Is that really the sort of authority you want to hand over?
I agree with you about the phones, but you are dead wrong about the car registration numbers, at least in the UK.
The DVLA allocate them to you, but you don't actually ever own them, even if you paid a lot of money for a personalised one. The law gives the DVLA devolved powers to arbitrarily do whatever the hell they like with vehicles and vehicle licensing. That includes withdrawing them, reissuing them, seizing and even destroying cars that they deem as not licensed properly. And they are totally unaccountable for their mistakes.
If you feel they have acted unfairly, you can complain to the ombudsman and there is a website of cases which is a real eye-opener. When the ombudsman rules against the DVLA, they don't actually have any power and the DVLA just routinely ignore their judgments. Even if you win, you lose.
The IMEI has nothing to do with the cloud. The only way "the cloud" knows what the IMEI is of a device making a network connection is if that device tells it.
So we want Apple and Google to modify say HTTP protocol so that anytime an iPhone or Android accesses theregister.com it passes the IMEI, so that the Register's webserver can check it against a blacklist and refuse to serve pages? What about my PC, will it need an IMEI so that it can "prove" it isn't a blacklisted phone? Because otherwise all you need to do is use a browser that doesn't pass IMEI on your stolen phone and you're golden. Well you could solve that problem by making it part of the IP protocol itself! Leaving aside how long the non-transition to IPv6 has taken, if we could make that change then iPhones and Androids would use this special IPv4.1 extension to pass their IMEI and the first router that sees that packet with a blacklisted IMEI drops it.
Wow this sure sounds like an easy and cheap solution to the mostly non problem of phone theft. What's the annual economic impact of phone theft, and how does that compare to shoplifting, car theft, breaking into houses. Is this really what we think deserves special effort?
Besides, blacklisting the IMEI WILL NOT STOP PHONE THEFT. That's on only one part of a phone, but plenty of other valuable parts like the display don't have the IMEI so a modern phone with a fully intact OLED display is still worth stealing. What's that I hear, mandate that the IMEI be encoded in multiple parts of the phone, similar to how the VIN is stamped on multiple car parts like the engine block and transmission? Well now you're just linking parts to a phone, which Apple is already doing specifically to minimize the value of stolen phones.
Activation lock already fairly effectively bricks phones and both Apple & Android do it. Tying parts together fixes the theft issue (though it creates roadblocks to using parts from broken non stolen phones which Apple took a few years to address) Why reinvent the wheel with IMEI, other than that's the number whoever came up with this idiotic idea is familiar with?
Let's cut through the smokescreen eh?
The solution to not having a global IMEI ban list is to make one.
This is about the UK authorities demanding the ability to kill any phone they choose, just like their demands for backdoors into encryption.
Google and Apple know that if they say they can do it every third-world dictator and authoritarian in the world will be demanding the same power to shut down their opposition.
BTW I have zero skin in this game - running Graphene with zero Google stuff installed so I could care less about their cloud or any bans...
"Every device connected to a cloud service means revenue"
From whom? My phone just got nicked. I'm dis-enrolling it from my cloud account (as rapidly as possible) and discontinuing payments for the service I'm no longer able to use. So, Apple, Google and the telecoms are expecting the thieves to drop by the phone store and open a new account? Doubtful.
Perhaps they are expecting the prospective new owners (Dark alley: Hey buddy. Wanna buy a phone? Cheap.) to do so. That's more likely, although not a demographic that I'd depend upon to provide a decent revenue stream.
It's almost like Kia, refusing to put ignition interlocks on their low end cars. Which went on to be the favorite choice for the smash and grab thieves to hot wire. Until the gov't stepped in and said, "Fix it or you are liable for subsequent losses." Perhaps Google and Apple need a little taste of that medicine.
Initially, I was of the opinion - classic Big Tech being AHs and only caring about THEIR bottom line. Then this scenario played out ion my head.
Me Jim Brown. I hate John Smith. I hate John Smith to the point that I want to destroy his life. Me and John are not a Good Thing.
I impersonate John. I claim my (his) mobile has been stolen. I report it to the police who don't get too deep into checking my ID in the UK when reporting such a mundane theft. I make sure they record 'my' (his) IMEI.
Big Tech bricks his phone. His life in in the Cloud. He loses access to all his contacts, reminders, meetings etc. He has been right royally, er, mucked about with... He now has the joy of rebuilding everything.
Mark up a victory for Jim Brown (me) against my enemy, John Smith.
Worth remembering, the IMEI isn't confidential. It isn't treated like a password (although it really should be). It appears in open text on email, screen, paperwork coming with delivery of a new phone...
Okay, maybe a Jim/John battle isn't that realistic. What about Jim Brown wanting to 'get even' with his ex-wife/girlfriend and having such info? Ask a close friend or new wife/girlfriend to play the role of ex and report stolen phone/IMEI...
Such domestic unrest exists. Some of it ends up in the news as reported murders etc. Malicious false reporting of a 'stolen' (or lost) phone is easier and less problematic if uncovered (eventually).
"I was told her phone had gone missing/was stolen. I'm still secretly in love with her and all I wanted to do was help her because I had the all-important details (IMEI)."
Maybe Big Tech hasn't raised the matter of treating the IMEI the same way as a password, precisely because if it were, then there would be one less objection to bricking stolen/lost devices?
"Big Tech bricks his phone. His life in in the Cloud. He loses access to all his contacts, reminders, meetings etc."
Only until he picks up a replacement phone (perhaps as a loaner) and moves his SIM and SD cards to it. And then, he still has his original phone in his possession. Which can be used to establish that the stolen phone report was bogus. Get his original un-bricked and perhaps, if the police become uncharacteristically motivated, begin investigating the bogus report.
Many such proposals make the assumption that governments will always and ever work for the good of the people.
Gentle reminder: that can change with just one bad decision by the electorate.
If there are structures in place to essentially kick people off services they need to function in daily life, the question is not IF some government would eventually end up using that to go after people like protesters, "uncooperative" journalists, political opponents, vulnerable groups, etc.
It's only a question WHEN that will happen.
And besides: VIN numbers exist, and yet cars are still being stolen. And unless someone has a good proposal how to make essentially the entire world cooperate on this issue, there will pretty much always be some market for stolen phones somewhere in the world, where carriers simply ignore a hypothetical global IMEI-banlist.
A (properly) locked iPhone is useless as a phone. It won't work, even if another SIM is inserted.
iPhones aren't stolen to use. They're stolen for parts, or to resell for £25 down the pub to some thicko who thinks it's actually worth something.
Apple isn't interested in the whole IMEI thing because it's essentially pointless; it's a solved problem as far as they're concerned.
It's actually NOT a great idea to give one company the ability to say "this phone is stolen" and then completely block said phone from everything everywhere. You thought the "right to repair" was difficult to implement? Wait until some company decides, "phones repaired by 3rd parties are stolen" and blocks all of them. "A sane company won't do that" you say? The only reason Apple makes things any easier to repair is places like ifixit calling them out on it.
Unintended consequences, and all that.
... it appears that Apple has implemented a process by which stolen phones may be "bricked". But only if stolen from Apple. For the rest of you, tough luck.
In the eyes of the law, we are all equal. But some are more equal than others.
Once a system is set up to effectively brick any phone, anywhere at any time it will be a matter of moments before it starts getting abused. Technology can't tell the difference between 'stolen' and 'belongs to someone we don't like'. The tool would also considerably simplify surveillance of individuals, in fact I suspect the reason why the suggestion's been getting pushback is likely because it will screw up an already existing capability that people just don't want to talk about.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
