Hi Forum,
We’re building a security-focused SDK for iOS that includes SIM Binding and SIM Swap detection to help prevent fraud and unauthorised device access, particularly in the context of banking and fintech apps.
We understand that iOS limits access to SIM-level data, and that previously available APIs (such as those in CoreTelephony, now deprecated from iOS 16 onwards) provide only limited support for these use cases.
We have a few questions and would appreciate any guidance from the community or Apple engineers:
Q1. Are there any best practices or Apple-recommended approaches for binding a SIM to a device or user account?
Q2. Is there a reliable way to detect a SIM swap when the app is not running (e.g., via system callback, entitlement, or background mechanism)?
Q3. Are fields like GID1, GID2, or ICCID accessible through any public APIs or entitlements (such as com.apple.coretelephony.IdentityAccess)? If so, what is the process to request access?
Q4. For dual SIM and eSIM scenarios, is there a documented approach to identify which SIM is active or whether a SIM slot has changed?
Q5. In a banking or regulated environment, is it possible for an app vendor (e.g., a bank) to acquire certain entitlements from Apple and securely expose that information to a security SDK like ours? What would be the compliant or recommended way to structure such a partnership?
Thanks in advance for any insights!
Q1. Are there any … Apple-recommended approaches for binding a SIM to a device or user account?
No.
Well, I’m aware of one exception to that, namely UPI, which has a specific affordance in the Messages UI framework, namely the -setUPIVerificationCodeSendCompletion:
method.
Q2. Is there a reliable way to detect a SIM swap when the app is not running
No.
Indeed, I’m not sure there’s a reliable way to detect a SIM swap at all.
Q3. Are fields like GID1, GID2, or ICCID accessible through any public APIs … ?
No.
Q4. For dual SIM and eSIM scenarios, is there a documented approach to identify which SIM is active or whether a SIM slot has changed?
No. Well, probably not.
It kinda depends on what you mean by “active”. CTTelephonyNetworkInfo
has the serviceCurrentRadioAccessTechnology
dictionary, but that tells you about the current radio state rather than the state of the SIM. That is, if there’s no value then you can’t determine whether that’s because the SIM change or the device simply has no service.
Q5. … is it possible for an app vendor … to acquire certain entitlements from Apple … ?
I’m not aware of any such programme.
In general, Apple is moving to a state where stuff like this is public API but gated by managed capabilities and appropriate privacy limitations. You can see this in Core Telephony, where we’ve added public APIs to replace stuff that was previously only visible to carriers. For example, iOS 18 added the isSIMInserted
property, but that’s not only gated by an entitlement but also designed to be useful only for its intended use case, carrier apps.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"