GSMA creating IMEI security threats for India?


By Jay P Gupta

Embedding national security threats by ignoring its responsibilities towards unique key identifier (IMEI) for mobile phones, foreign body monopoly is fostering negative Impact on Indian Mobile Industry, telcos and Innocent mobile phone subscribers. Indian’s Telecom and Security wing has been taken for a ride.

New Delhi: The explosion of mobile-phones, with ever advancing technological features, has brought the issue of key mobile phone identifier IMEI’s integrity, into focus. The loopholes of IMEI which is a 15-digit decimal number issued by a global body GSMA based in London has come into light in course of  a surveillance conducted recently.

The IMEI number which is embedded into every mobile phone is an important unique number and the only mechanisms by which the Telcos can pin point the mobile phone’s identity. It is also used by the law enforcement and the national security agents to track down the terrorists and elements involved in the anti-national activities.

As the Mobile Phones, have become the prominent terrorist and the rogue elements instrument of choice to rapidly creating terrorist and malicious attacks, it has also become paramount requirement of the security agencies to ensure that the mobile phone instrument’s IMEI is tagged and tracked to enable the capture of the terrorist behind the vicious attacks.

But what is revealed is that not only the Mobile Phone key identifier IMEI is compromised. The uniqueness of this very important unique identifier is compromised from its roots, it is copied and cloned onto millions of mobile phones present in the country, which is plainly unknown to the subscribers who have bought these mobile phones and are still buying these compromised IMEI numbers mobile phones from the market in lakhs.

This IMEI integrity compromise is actually what has happened silently over the years and the body behind administering these IMEI numbers “GSM Association” has turned a blind eye towards it for years especially in India who is currently racing towards the 1.5 billion subscribers mark in 2019.

No other country in the world is so much exploited by GSMA than India where the number of mobile phones count has already crossed the 2 billion mark. On a closer deeper look, shadowy practices have been seen administered by the GSM Association.

Here are some of those alarming practices run under their roof with a run-down of its nefarious exploited modus operandi.

  • GSMA falls short of its own responsibilities: Allocates Incomplete IMEI numbers, Major National Security Threat

When GSM Association got its first charge of administering the IMEI numbers in 2004, from the mobile manufacturers, and national authorities, they had also given the GSMA responsibility document “TS.06 – IMEI Allocation and Approval Process” an IMEI Roles and Responsibility document which is written and approved by the mobile industry as GSMA’s permanent reference official document or its IMEI charter. The GSMA was entrusted by all stakeholders to follow the official IMEI charter.

The IMEI charter document entrusts that GSMA were to maintain the IMEI database in which all the IMEI number ranges which were allocated to the mobile manufacturers are to be registered. GSMA was also asked to provide the IMEI distribution list and access to the Telco’s who can then provision the IMEI number ranges which are issued to the manufacturers.

GSM Association started short of issuing the complete 15 digit IMEI numbers to the mobile fraternity – a documented responsibility which was clearly given to them as part of discharging their duties, instead it started issuing incomplete IMEI numbers of only first eight-digit identifiers (TAC) for the mobile phones.

GSMA violated its own official IMEI charter; i.e., the role and responsibility document TS.06 which is also referenced and mandated to the mobile manufacturers. In the TS.06 it is well mentioned that “The IMEI Serial number is used to uniquely identify each individual mobile phone and the number range is allocated by the reporting body of GSM Association” &“Document and maintain the procedures to be followed by GSMA Reporting Bodies for notification of allocated IMEI.”

Even a separate section in their charter has been outlined for the Telcos and Device manufacturers which highlights the benefits of having the full 15 digit IMEI, amid it is also documented that “IMEI is used to identify an individual mobile terminal to a GSM (2g) UMTS (3G) or LTE (4G) network”.

The IMEI charter document TS.06 goes on to further read that the following threats which were clearly envisioned and is also outlined as “The overriding principles for IMEI allocation are preservation of the available number range, the prevention of duplication and the maintenance of security”

GSMA violated the IMEI charter and broke the responsibility and trust by issuing incomplete IMEI only to be left by the others to take advantage and exercise zero control on the very important key identifier by looking the other way.

Issuing complete IMEI numbers were deliberately left out and a practice to issue incomplete IMEI numbers was adopted by the GSM Association and its reporting bodies.

No systems or procedures were ever introduced by them to ensure that the release of the complete IMEI numbers.

Neither any process nor documented procedures were introduced to ensure the integrity of the IMEI numbers remains preserved.

No mechanism to prevent the duplication and the maintenance of the IMEI security was ever adopted by GSM Association giving rise to the copy TACs and their clone IMEIs.

  • GSMA IMEI Database: Is It Really an IMEI database? No, Not at all, Very Clever Trait by GSMA

The IMEI Charter document TS.06 further goes on to state that “All the IMEI numbers allocated must be stored in the GSMA IMEI database and it shall be used by the network operators”.

In the absence of the full IMEI numbers, GSM Association only stores the first eight digits of the IMEI numbers called TAC, but it cunningly brands it under the name of the “IMEI database” to fool everyone. The IMEI database is in fact an incomplete list of the IMEI’s first eight digit TAC which it has changed to call IMEI meaning the fifteen digit IMEI database. Very clever GSMA.

All for which the global body was trusted to create and deliver IMEI database but it clearly failed to perform its duty on all counts

  • Rise of India: Two Billion plus Mobile Phones with Zero IMEI Surveillance by GSMA

The rise of the mobile phones in India is a phenomenal success story for India, but it is a very sad story for the national security of India as during a recent surveillance conducted resulted in more than 250 copy incomplete IMEI identifier (TAC) which can be used to create more than 250 million IMEIs easily. These IMEIs can be present in the mobile devices of innocent subscribers who have unknowingly bought these copy IMEI mobile phones.

If an IMEI surveillance from the Indian market is conducted in a short span of one week and a resultant 250 million copy IMEIs are possible then how is it possible that GSMA remains ignorant to the IMEI surveillance procedure which can be conducted any time to perform a dip stick measure to curb the degradation to the integrity of the IMEI numbers.

GSMA has failed in its duties as a custodian as they have been entrusted with the whole administration and security of the IMEIs for so long.

GSMA is wrecking the widespread industry relied IMEI product’s Integrity with failing to see the repercussions it is causing to the security agencies, common subscribers, Telcos, Mobile manufacturers and anyone who is relying on the integrity of the IMEI number to be unique.

In the absence of any supervisory body above GSMA who can hold them accountable in executing the TS.06 IMEI charter with documented responsibilities, GSMAhas directly resulted into the degradation in the integrity of the IMEI and the duplication it has manifested in millions of the forged IMEI numbers present in the mobile phones.

It is now being now felt that in the interest of national security, and considering foreign monopolistic power abuse in India, it is high time that, GSMA should abandon its role of IMEI administrator and give back the responsibilities which it has clearly failed to perform to the Government of India.

We are in receipt of several complaints which the Indian Mobile Industry has written to GSMA, Department of Telecom, and Ministry of home affairs along with National Security agencies to look into the GSMA’s foreign monopolistic power abuse for which it’s taking India for a ride.

Also, the face of GSM Association was clearly diminished when it came to light that it became money hungry by creating a for profit body under its synonym name called “GSMA limited”,

This for-profit body misused its monopoly power which it derived from GSM Association by arm twisting the mobile manufacturers and brands by getting one sided GSMA IMEI terms and conditions agreements signed, keeping the issuance of IMEI on hold as a hostage, therefore NO signature on IMEI agreements so NO IMEI numbers to them.

Stay Tuned…More to follow in coming weeks

  • How GSMA’s monopoly power favored China over India?, The Indian mobile brands and manufacturers had to pay for the IMEI numbers since 2010 while the Chinese mobile manufacturers and brand owners enjoyed free IMEIs for their mobile phones.
  • How GSMA did Antitrust Violations by using its monopolistic power to favor the big brands by giving them unlimited IMEIs for their mobile phones while penalizing the new mobile phone entrants?”
  • How GSMA is selling Indian data to third parties which it gathered from manufacturers and brands of India without their explicit consent to sell to support its money-hungry-for-profit GSMA Limited’s predatory ambitions?”
  • “How GSMA secretly transferred the data it collected from India to Pakistan without India’s consent?”


Please enter your comment!
Please enter your name here