SIM Card Number
Full Title or Meme
Yet one more identifier that is traced to a unique individual user (in nearly all cases.)
Context
- This is a smart card chip on a very thin backing that is inserted into a smart card.
- It contains a 19 (or so) digit decimal number, sometimes appended with an alphabetic suffix.
Problems
- In normal use this is tied to the user by the telco. But is no more secure than the phone number since sim card swapping replaces it in the telco db.
Estonia National ID
The initial mobile ID solution in Estonia is using SIM cards for key storage. However, their more recent mobile ID solutions do not build on SIM for security services. I don't know how e-SIMs work, but traditional SIMs, require a contract with the operator for third party usage. BankID(SE) started with a SIM-based solution but abandoned it after a couple of years since each bank having contracts with multiple operators became too complicated.
I have not found any SIM-related security API in Android either: https://developer.android.com/privacy-and-security/keystore
Personally, I don't see the standalone e-SIM as a long-term solution since internal, HW-backed security solutions should be able to handle mobile networks as well. Well, GSMA do certainly not agree
Solutions
Do not use this number for high assurance authentication.
