# SIM Change Detection — Android Background Service

Continuously monitor SIM state changes to help mitigate SIM-swap account takeovers. Runs silently in the background and sends only non-sensitive metadata for risk scoring.

**High-level flow**

1. User installs/opens the banking app with the SDK.
2. A lightweight **background service** starts automatically (and after reboots).
3. Service periodically checks SIM state allowed by Android.
4. If the current SIM differs from the baseline, an event is triggered.
5. Event (NO\_CHANGE | SIM\_CHANGED | UNKNOWN) + session metadata is sent securely to the backend.

**Required permission (AndroidManifest.xml)**

```
<uses-permission android:name="android.permission.READ_PHONE_STATE"/>

```

Notes: Android 10+ restricts some identifiers; behavior varies by OEM.

**Event types**

- `NO_CHANGE` — SIM unchanged
- `SIM_CHANGED` — SIM differs from baseline
- `UNKNOWN` — SIM info unavailable on device/OS

**Example payload to backend**

```bash
{
  "device_id": "abcd-1234",
  "timestamp": "2025-09-16T15:00:00Z",
  "sim_status": "SIM_CHANGED",
  "carrier": "CarrierName",
  "os_version": "Android 14",
  "sdk_version": "2.1.0"
}

```

**Security &amp; privacy**

- No SMS/contacts/phone numbers are read; only SIM status + technical metadata.
- TLS 1.2+ for transport; designed for data minimization.

**Limitations &amp; compatibility**

- Android-only; newer Android versions/OEMs may mask info.
- Dual-SIM devices may complicate detection; not available on iOS.
- Maintain a tested device/OS compatibility list and validate before rollout.

**Next steps**

1. Add permission.
2. 2\) Initialize background service at app start.
3. 3\) Ingest events server-side.
4. 4\) Combine with other signals for scoring.
5. 5\) Validate on your device matrix pre-production.