Blocking Stolen Phones From The Cloud Can Be Done, Should Be Done, Won’t Be Done
Opinion A lot of our tech world is nightmarish, but sometimes this is literally true.
The fear of our mobile devices not working when we need them most is leaking into dreams, joining public nudity and disastrous lateness in our cinema of sleep’s horror bill.
Now, the UK’s powers-that-be want to make that nightmare a reality for criminals who perpetrate that other modern misery, phone theft. They need Apple and Google to help out, but that dream team doesn’t want to.
Before delving into the corporate psychology underlying this antisocial psychosis, we must get some facts in order. All mobile phones have an IMEI, a unique International Mobile Equipment Identity burned into them much as every vehicle has a Vehicle Identification Number (VIN) tattooed into its chassis – to prevent fraud. You can replace and respray a stolen motor, but if the VIN is on the list of hot motors, then it can be spotted during an inspection. Likewise, a snatched phone’s IMEI can be blacklisted on cell networks, stopping the device from connecting. This means a stolen phone has little resale value and little attraction to thieves.
Which would work really well if two things were true: that there was a single universal IMEI blacklist and all carriers used it. Neither is the case. Lots of carriers do use a variety of blacklists, some with considerable reach, but enough exceptions exist to provide healthy export markets attractive to gangs around the world. A working device means operator revenue, no matter where it came from. Imagine trying to get gas stations to install pumps that have to validate a VIN before opening the taps, but not making it a legal requirement.
Yet the cell networks are only part of what makes a device useful. Cutting off access to Apple and Google from stolen devices makes them virtually useless anywhere. Extend IMEI blocking into the cloud, and the job’s done. It would even cripple phones working as Wi-Fi devices; you can get around not having any Apple or Google services, but this isn’t viable if you’re after a cheap smartphone.
Apple and Google just don’t wanna, for reasons so specious they’d make a toddler blush. Apple says it’s fine with the idea in theory, but it knows all about online security and IMEI blocking would encourage blackmail. How? Apple knows these things, because it’s Apple and spends so much money on security. Pick the logic out of that if you can. Google can’t even be bothered to come up with a reason beyond “IMEIs are a special bond between carriers and subscribers, and that’s the way it has to be.” It doesn’t go as far as saying “because it’s written in the Bible,” but only because it couldn’t find a Biblical scholar to creatively interpret a verse or two.
The real reasons are easy to speculate about, akin to the non-blocking network operators, but with added cynicism. Every device connected to a cloud service means revenue, and the existence of an effective afterlife for stolen phones is the equivalent of an entire international aid effort seeding modern smartphones lacking modern services into places that couldn’t afford them otherwise. Think Microsoft’s studied ambivalence towards pirated copies of Windows in poorer markets: owning the ecosystem is far more important than revenue you won’t see anyway.
There’s also the danger that a flood of cheap phones that can’t connect to your cloud services will encourage the development of others that they can use, especially in regions with good reason to distrust the American tech hegemony. Which, these days, is everywhere outside the 50 states. It doesn’t particularly matter how likely this is to be a factor, the mere idea will be enough to dig those big tech heels in. So a few hundred thousand pedestrians will have their phones swiped by a hoodie on an e-bike, with all the subsequent personal and societal pain and cost.
It’s unfair to pick on Apple and Google for an attitude so endemic across this and other industries we rarely notice its heft. Fraud, theft, and other crimes associated with digital identity are massively enabled by our daily digital systems whose universality and connectedness make them fertile for good and bad. But if criminals are dedicated to exploiting every weakness in cyberspace, the industry isn’t dedicated to stopping them.
Every service provider that relies on digital identities is at risk from identity theft, with the damage to users being far more traumatic than to the organization. Systems against ID theft are piecemeal and heterogeneous, with the burden on the user having to manage multiple systems that can’t even agree on the same name for the same thing.
Imagine a federated security system where the user allows different organizations to verify your identity with each other when necessary. You set who talks to whom, creating and controlling multiple verification pathways with no single point of failure. Getting it secure, effective, and usable by everybody would be a considerable challenge needing considerable buy-in but with potentially huge rewards to consumers and suppliers alike. But nobody’s trying. A company may invest multiple billions in AI, but not a penny in systematic cooperation towards a proper consumer-focused identity environment. Which option would benefit the most people?
In a world where “don’t wanna” is the default answer to a single measure that would cut crime across the world, there is no chance of actual industry-wide proactive cooperative problem solving on behalf of us all.
There is precious little chance of anyone even calling it out as true corporate sociopathy. The things we should dare to dream are instead the stuff of nightmares. ®
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.


![[QILIN] - Ransomware Victim: Omrin 2 image](https://www.redpacketsecurity.com/wp-content/uploads/2024/09/image-300x300.png) 
                       
