UK MPs are questioning Apple and Google on why they refuse to remotely kill and reset stolen phone through their IMEI number.
In a one-off evidence session in the House of Commons yesterday, angered Members of Parliament voiced concern that commercial incentives might be behind the tech giant’s apparent lack of willingness to comply with calls from the Metropolitan Police, the UK’s largest force.
In response, Apple said remotely locking stolen phones after they were stolen or blocking cloud services might create other attack vectors for fraud against legitimate smartphone users. Google said its relationship with customers was through its cloud accounts, not the device.
There have been several proposals on how this can be done. One plan involves collecting a database of reported IMEI numbers that would automatically kill the device once it connects to the internet.
Speaking before a committee of MPs, Darren Scates, Met Police chief digital data and technology officer, said about 80,000 smartphones were reported as stolen in London alone in 2024, up from 64,000 in 2023. Apple phones make up about 80 percent of those stolen, while estimates suggest the replacement value of stolen phones is £50 million ($67 million) a year, he said.
After they were stolen, most of the devices are collected, distributed, and resold by criminal gangs. About 75 percent were moved abroad – the prime destinations being Algeria, China, and Hong Kong, Scates said. Data showing where stolen phones end up comes from the police working with phone providers and a sample of IMEI (International Mobile Equipment Identity) numbers – a unique 15-digit serial number assigned to every mobile device – known to belong to stolen devices provided by the police. Scates said the IMEI number could allow stolen phones to be blocked at a network level under an agreement by members of the GSMA industry association, representing only 10 percent of global phone networks.
“We’re asking – and it’s being considered by Apple and Google – [for] an international cloud-level [block]. They actually stop smartphone serial numbers [being allowed] to connect to their services if it’s reported as lost or stolen,” he told Parliament’s Science, Innovation and Technology Committee.
Security experts suggest that an orchestration layer could use the IMEI to take stolen phones out of action globally after they have been unlocked and wiped by criminals, effectively slashing their resale value and the incentive for theft.
Trustonic provides such a layer for private companies, including smartphone supply chain distributors, financiers, and retailers. Dion Price, chief executive, told the committee that the company could control 11 different locking technologies from smartphone manufacturers. However, devices needed to be registered with the platform when they were first turned on and in a “ready-to-lock” state.
“You have to capture the devices at first turn-on,” he said. “The devices that are on the street right now, because they’ve never been registered in any of those systems, they’re subject to the locking technology in the market today. We receive a manifest of IMEIs, we ingest them into the system, and then throughout their entire life – it doesn’t matter what happens to that device. If we get the signal from the legitimate owner of that device, then we can lock or unlock it within 30 seconds anywhere in the world.”
Price suggested that a regulator or new government body could create such a system based on the IMEI numbers of all phones imported into the UK, since the data was already collected for trade and tax purposes.
Do we really want to give the government additional power to remotely wipe our phones at any given moment? I don’t think so…in fact, this whole proposal is terrifying even if it was meant to combat theft.