SIM Change Detection — Android Background Service

Continuously monitor SIM state changes to help mitigate SIM-swap account takeovers. Runs silently in the background and sends only non-sensitive metadata for risk scoring.

High-level flow

1. User installs/opens the banking app with the SDK.

2. A lightweight background service starts automatically (and after reboots).

3. Service periodically checks SIM state allowed by Android.

4. If the current SIM differs from the baseline, an event is triggered.

5. Event (NO_CHANGE | SIM_CHANGED | UNKNOWN) + session metadata is sent securely to the backend.
   

    

Required permission (AndroidManifest.xml)

<uses-permission android:name="android.permission.READ_PHONE_STATE"/>

Notes: Android 10+ restricts some identifiers; behavior varies by OEM.

Event types

• NO_CHANGE — SIM unchanged

• SIM_CHANGED — SIM differs from baseline

• UNKNOWN — SIM info unavailable on device/OS

Example payload to backend

{
  "device_id": "abcd-1234",
  "timestamp": "2025-09-16T15:00:00Z",
  "sim_status": "SIM_CHANGED",
  "carrier": "CarrierName",
  "os_version": "Android 14",
  "sdk_version": "2.1.0"
}

Security & privacy

• No SMS/contacts/phone numbers are read; only SIM status + technical metadata.

• TLS 1.2+ for transport; designed for data minimization.

Limitations & compatibility

• Android-only; newer Android versions/OEMs may mask info.

• Dual-SIM devices may complicate detection; not available on iOS.

• Maintain a tested device/OS compatibility list and validate before rollout.

Next steps

1. Add permission.

2. 2) Initialize background service at app start.

3. 3) Ingest events server-side.

4. 4) Combine with other signals for scoring.

5. 5) Validate on your device matrix pre-production.