International Mobile Equipment Identity
Based on Wikipedia: International Mobile Equipment Identity
In 2002, investigators sifting through the wreckage of the Bali bombings found the charred remains of a Nokia 5110. From that destroyed phone, they extracted a fifteen-digit number that would eventually help them track down and identify the perpetrators of one of the deadliest terrorist attacks in Indonesian history.
That number was an IMEI.
Your Phone's Fingerprint
Every mobile phone you've ever owned has carried a secret numerical tattoo. The International Mobile Equipment Identity, or IMEI, is a unique fifteen-digit code assigned to your device before it ever leaves the factory. Think of it as your phone's fingerprint—a permanent identifier that follows it from the assembly line to the recycling bin, regardless of what SIM card you insert or what network you connect to.
You can see your own phone's IMEI right now. Pick up your device, open the phone dialer, and type in a curious little code: star, pound, zero, six, pound. On almost every phone ever made, this incantation will summon the IMEI to your screen. It's a trick that works on ancient Nokia brick phones and the latest iPhones alike, a rare piece of consistency in the ever-changing world of mobile technology.
The number itself might look random, but it's not. Those fifteen digits encode a surprising amount of information about your device. The first eight digits form what's called the Type Allocation Code, or TAC, which identifies the phone's manufacturer and model. The next six digits are a serial number unique to your specific unit. And that final digit? It's a mathematical check, calculated using something called the Luhn algorithm—the same formula that validates credit card numbers—to catch typos and transcription errors.
The Distinction That Matters
Here's where things get interesting, and where many people get confused. Your phone actually carries two different identities, and understanding the difference between them is crucial.
The IMEI identifies your device—the physical hardware. It's burned into the phone itself and doesn't change when you swap SIM cards.
The IMSI, or International Mobile Subscriber Identity, identifies you—the subscriber. This number lives on your SIM card and travels with it from phone to phone.
When you slide your SIM card into a new phone, your subscriber identity moves with it, but your old phone's IMEI stays behind. This separation is both a feature and a vulnerability. It means you can easily upgrade your phone without calling your carrier. But it also means a thief can pop their own SIM card into your stolen phone and, in theory, start using it immediately.
In theory.
The Global Blocklist
Australia pioneered the solution in 2003. When mobile phone theft reached epidemic proportions, the country became the first to implement IMEI blocking across all its GSM networks. The concept was elegant: if your phone is stolen, your carrier adds its IMEI to a blocklist. That blocklist gets shared with every other carrier in the country. Suddenly, the stolen phone becomes a very expensive paperweight—it can't connect to any network, no matter whose SIM card the thief inserts.
The United Kingdom followed with a voluntary charter among mobile networks. When any UK carrier blocklists a handset, the information flows to the Central Equipment Identity Register, or CEIR, and propagates to all other networks within forty-eight hours. Police forces, including Scotland Yard's Metropolitan Police Service, actively check the IMEI numbers of phones found at crime scenes.
New Zealand, Latvia, and dozens of other countries have built similar systems. The idea spread because it worked. Phone theft becomes significantly less attractive when the stolen goods can't actually be used.
But not every country joined the party.
The American Exception
The United States, for years, didn't bother with IMEI blocking. The major carriers simply didn't coordinate. A phone blocklisted by AT&T worked perfectly fine on T-Mobile. A phone stolen in New York could be shipped to Los Angeles and activated without issue.
Senator Chuck Schumer introduced a bill in 2012 to make IMEI tampering illegal. It never passed. That same year, under government pressure, the major carriers finally committed to creating a shared blocklist. AT&T and T-Mobile began blocking newly reported IMEIs in November 2012—but crucially, they didn't bother adding phones that had been reported stolen before that date. The existing ocean of stolen devices remained perfectly usable.
Even now, it's unclear whether the American blocklist fully interoperates with the international CEIR. A phone blocked in the United States might work overseas. A phone reported stolen in Europe might activate in America. The system has gaps large enough to drive a criminal enterprise through.
The Other Approach: Allowlists
Some countries took the opposite approach entirely. Instead of maintaining lists of banned devices, they maintain lists of allowed ones. Your phone must be legally registered before it can access any network.
Turkey, Chile, Azerbaijan, Colombia, Nepal, and Egypt all use this model. In these countries, if you buy a phone abroad and bring it home, you'll have a grace period—sometimes just a few days, sometimes a few weeks—to register the device with authorities. Fail to register, and your shiny new imported smartphone becomes useless the moment the grace period expires.
India, Pakistan, Indonesia, Cambodia, Thailand, Iran, Nigeria, Ecuador, Ukraine, Lebanon, and Kenya have adopted variations of mandatory IMEI registration. The approach is more bureaucratic and arguably more intrusive, but it creates a much tighter system. Every phone on the network is known and accounted for.
Sprint, the American carrier that merged with T-Mobile in 2020, ran its own private allowlist for years. If you bought a phone elsewhere and tried to activate it on Sprint's network, you had to register both the IMEI and the SIM card first. Verizon only used allowlists for their older 3G service. T-Mobile uses a blocklist. The American market remains a patchwork of different approaches.
The Cat and Mouse Game
There's an uncomfortable truth that the blocklist advocates don't like to discuss: IMEI numbers can be changed.
In theory, the IMEI is permanent. It's supposed to be difficult or impossible to modify. In practice, with the right tools and know-how, it's not particularly hard. Underground markets sell devices and software specifically designed to "reflash" phones with new IMEI numbers. A stolen iPhone can be given a fresh identity and put back into circulation.
The United Kingdom responded by making this a crime. Under the Mobile Telephones (Re-programming) Act, changing a phone's IMEI or possessing equipment designed to change it is illegal under certain circumstances. But laws against IMEI tampering don't exist everywhere, and even where they do, enforcement is spotty.
There's another complication. Unlike your subscriber identity—the IMSI on your SIM card—the IMEI is never authenticated by the network. When your phone connects to a cell tower, it simply claims to have a certain IMEI, and the network believes it. This makes spoofing relatively straightforward for those who know how.
This vulnerability has consequences beyond simple theft. Intelligence agencies and law enforcement sometimes track specific phones by their IMEI. A sophisticated target can evade this surveillance by using a spoofed identifier. The same feature that makes blocklisting possible also creates a security gap that determined adversaries can exploit.
The Dark Side of Device Tracking
IMEI tracking cuts both ways.
Law enforcement agencies around the world use IMEI numbers as inputs to tracking systems that can locate a specific phone within a few meters. This capability has solved crimes, found missing persons, and saved lives.
It has also been abused.
Reports have emerged of Saudi Arabian government agencies using IMEI numbers to hunt down women who fled the country's strict patriarchal social system. The numbers were retrieved from the original phone packaging—a reminder that the IMEI is printed in multiple places, including on boxes that might be left behind when someone flees.
The same technology that helped identify the Bali bombers can be turned against dissidents, journalists, and refugees. The IMEI is neutral; the intentions of those who track it are not.
The Australian Lockdown
When Australia shut down its 3G network, something unexpected happened. The carriers—Telstra, Optus, and Vodafone—began blocking devices that hadn't been explicitly approved for use in the country. This wasn't about stolen phones. These were perfectly legal devices, purchased overseas, that happened to lack Australian certification.
The carriers blocked them by IMEI and by TAC—the Type Allocation Code that identifies the device model. Users who brought phones from abroad suddenly found themselves locked out. Appeals to the carriers went nowhere. Even if owners could prove their devices were technically compatible with Australian networks, the carriers refused to remove the blocks.
This represented a new use of IMEI blocking: not to prevent crime, but to control which devices could access national networks. It's a preview of a possible future where device allowlists aren't just about security—they're about market control.
The VoLTE Problem
Voice over LTE, or VoLTE, introduced yet another layer of complexity. This technology allows voice calls to travel over 4G data networks instead of older voice channels. It's more efficient and sounds better. It's also created new gatekeeping opportunities.
AT&T and the Canadian carrier Telus maintain allowlists specifically for VoLTE access. Phone manufacturers must register their devices in AT&T's or Telus's databases before customers can make voice calls on those networks. This isn't a customer registration requirement—it's a manufacturer registration requirement.
The result is a mess. An imported phone might have all the right radio frequencies for AT&T's network. It might support VoLTE perfectly on competitors or via roaming agreements. But if the manufacturer hasn't registered it with AT&T, voice calls simply won't work. Older OnePlus phones, various devices sold by Verizon and Sprint, and numerous international models fall into this gap. Data works fine. Voice does not.
Checking Your Own Device
Amid all this complexity, a simple tool exists for ordinary consumers. Public IMEI lookup services let you check the status of any phone. Enter the fifteen digits, and you'll learn whether the device has been reported stolen, whether it's carrier-locked, and often details about its warranty status and original carrier.
These services decode the Type Allocation Code to identify the exact model. They check against blocklists maintained by carriers and law enforcement. They can tell you if that used phone you're considering buying is actually legitimate or if you're about to purchase someone else's stolen property.
It's good practice to check any secondhand phone's IMEI before buying. The number is printed on the original box, displayed by that *#06# code, and often listed in the phone's settings menu. A few seconds of verification can save you from buying an expensive brick.
Beyond Phones: Satellite Networks
The IMEI system has spread beyond terrestrial mobile networks. Satellite phone systems including the Broadband Global Area Network, Iridium, and Thuraya all use IMEI numbers on their transceiver units. These phones—the kind you might find on a yacht, in a war zone, or on a remote expedition—carry the same fifteen-digit identifiers as your smartphone.
Iridium's 9601 modem takes this to an extreme. It has no SIM card slot at all. The device identifies itself purely by its IMEI. This makes sense for Iridium's closed network, but it's worth noting: the modem is completely incompatible with any terrestrial GSM network. Different worlds, same numbering scheme.
The Check Digit
That final digit of the IMEI deserves a moment of appreciation. It's calculated using the Luhn algorithm, a formula developed by IBM scientist Hans Peter Luhn in 1954—originally for validating identification numbers in the pre-computer era.
The algorithm works by doubling every other digit, summing the results (with a twist for two-digit numbers), and checking if the total divides evenly by ten. It's designed to catch single-digit errors and most transpositions—exactly the kind of mistakes humans make when copying long numbers by hand.
Here's the strange part: this check digit is never actually transmitted over the radio. When your phone talks to a cell tower, it sends only fourteen digits. The check digit exists purely for human convenience—for preventing typos when people type IMEI numbers into databases or read them off phone labels. It's a mathematical guardian against clerical error, invisible to the network itself.
The History in the Digits
The IMEI format has evolved over time, and you can read that history in the numbers themselves.
Before 2002, the structure was different. The first six digits were the Type Allocation Code, followed by a two-digit Final Assembly Code that indicated where the phone was manufactured. This FAC was specific to each manufacturer's factories.
During a transition period from January 2003 to April 2004, all phones were assigned "00" as their Final Assembly Code—a placeholder while the industry phased out the system.
After April 2004, the FAC disappeared entirely. The Type Allocation Code expanded to eight digits, consuming the space the FAC once occupied. If you find an IMEI where the seventh and eighth digits are "00," you're holding a phone from that brief transitional era—a device manufactured during the eighteen months when the mobile industry was reorganizing its numbering system.
The first two digits of any IMEI identify the "Reporting Body"—the organization that allocated the TAC. Code 35, for example, belongs to BABT, the British Approvals Board for Telecommunications. Different regions have different allocators, but they all follow the same global standard.
Does Any of This Actually Work?
The honest answer is: partially.
IMEI blocking has unquestionably made phone theft less attractive in countries with comprehensive systems. In places like Australia and the UK, stealing a phone means stealing something that's difficult to sell domestically. The economics of theft change when the stolen goods can't easily be monetized.
But critics note that comprehensive domestic blocking might simply redirect stolen phones to international smuggling. A phone blocked in London might end up in a market in Lagos. A device reported stolen in Sydney might resurface in Southeast Asia. The global system has enough gaps that determined criminals can find ways through.
The effectiveness of IMEI measures depends entirely on implementation. A voluntary system where carriers don't share data is barely more than theater. A mandatory national registration system with international cooperation is genuinely effective. Most countries fall somewhere in between.
Meanwhile, the same infrastructure that enables anti-theft measures also enables surveillance, market control, and bureaucratic gatekeeping. The IMEI is just a number. What matters is who has access to it, and what they choose to do with that access.
Those fifteen digits printed inside your phone carry more weight than you might expect. They're a tracking beacon, a theft deterrent, a market control mechanism, and a forensic tool. They're neutral technology put to countless purposes, some noble and some troubling.
And they all started with a simple question: how do we tell one phone from another?