eSIM technology is spreading across global mobile networks at a pace not seen a few years ago. GSMA reported in July 2025 that 531 mobile operators in 206 countries had launched eSIM service for smartphones. That makes up 69% of operators, compared to around a third two years earlier.
Europe and Eurasia lead adoption where eSIM is close to universal. Other regions are slower. In Sub-Saharan Africa, about half of operators have yet to launch the service. GSMA linked this to the fact that eSIM is mostly available in flagship phones rather than cheaper models.
The organisation expects more operators to add eSIM over the next two years. This growth is tied to the launch of eSIM-only phones outside the United States and the arrival of mid- and low-priced devices that use the technology.
How Has Apple Influenced The Trend?
Apple has been one of the main companies going forward with the eSIM. This month, the company announced that its iPhone 17 Pro and iPhone 17 Pro Max would be sold as eSIM-only models in markets such as the United States, Canada, Japan, Mexico, Saudi Arabia, Bahrain and the UAE.
Removing the SIM tray allowed Apple to place a larger battery in the phones. This gave users a couple of more extra hours of video playback, bringing total time to 39 hours. Apple also mentioned that eSIM strengthens device security, as it cannot be taken out if the phone is lost or stolen.
What Are The Privacy Concerns?
If users already cannot remove batteries, they can never truly turn off phones. Now, the same will apply with communication capability via sim. What will this do to user privacy? Experts share their thoughts…
Our Experts:
- Trevor Horwitz, CISO, TrustNet
- Zbyněk Sopuch, CTO, Safetica
- James Brown, Managing Director, Protect Your Bubble
- Asad Hamir, Co-Founder, Klyk
- Ross Devereux, R&D Director at Lifecycle Software
- Arshad Khalid, Technology Advisor, No Strings Public Relations.
- Chris Hauk, Consumer Privacy Advocate, Pixel Privacy
- Andy Aitken, Co-Founder and CEO, Honest Mobile
- Paul Bischoff, Consumer Privacy Advocate, Comparitech
- Kristian Torode, Director and Co-Founder, Crystaline
Trevor Horwitz, CISO, TrustNet
“As smartphone makers shift to sealed devices with non-removable batteries and embedded SIMs, users are losing one of the last controls they had over when and how their devices connect to networks. With eSIMs, there is no physical card to remove. Everything is managed digitally and remotely. That makes it easier to switch carriers, but it also makes it harder to verify whether the device is truly offline.
“Even when powered down, there is growing concern that phones may still emit low-level signals or remain accessible through firmware or baseband components. For individuals and organisations that operate in high-risk environments, this is not just a design limitation. It is a serious privacy and security issue. Traditional methods of disconnecting from the network, such as removing the SIM card or battery, are disappearing.
“eSIM technology allows carriers to provision or reconfigure service remotely, without the user ever handling the device. This creates operational efficiency but also introduces the potential for silent surveillance or unauthorised changes if that provisioning process is compromised.
“Privacy is no longer just about online behaviour. It is about having the ability to disconnect when you want to. When that capability is removed, digital autonomy becomes much harder to achieve.
“To stay vigilant, users should consider practical steps like using secure device settings that restrict background connections and investing in privacy-focused phones or operating systems. Organisations with higher security needs should assess mobile device policies and treat modern smartphones as always-on sensors, not just communication tools.”
Zbyněk Sopuch, CTO, Safetica
“eSim removes a user’s ability to control whether or not their device is truly ‘offline,’ which instantly raises risks significantly. A device always being connected means data is always potentially in motion. And because Bring Your Own Device is still very much in-play for companies, this means a huge security challenge for both individuals and businesses whose employees use these eSim-based devices.
“So this means eSim goes beyond being a mere hardware issue and more a data visibility one. Raising the eSim conversation is important because ensuring sensitive data isn’t leaving devices unchecked needs to be a priority- whether a SIM is physical or embedded. This can be as simple as installing safeguards that include strong endpoint monitoring, data-handling policies, and more user awareness.
“Ultimately eSIM becoming a standard on many newer devices is just a stark reminder that both consumers and businesses alike must remain vigilant with layered protection. Counting on switches or removable components to guarantee privacy doesn’t cut it. Once data is compromised, that’s it. So taking security steps from the beginning and routinely adding to them is a good rule of thumb.”
James Brown, Managing Director, Protect Your Bubble
“The delivery of an eSIM is almost instant, and although they are not any less secure than physical SIMs, their instant nature could make them more appealing to hackers.
“If not careful, users could be victims of a SIM swap scam, which is when a fraudster pretends to be a consumer (the victim) and notifies the victim’s mobile phone network that they need a replacement SIM for their device. They trick network providers into allowing the criminal to activate a SIM card or eSIM that the criminal has.
“This lets them take control of the victim’s mobile number, allowing them to potentially gain access to calls, texts, which may include authentication or verification codes, online banking details and more.”
“Signs of a SIM swap fraud could include receiving verification codes to the SIM not in the victim’s possession, and even being locked out of online banking, which could put a lot of pressure on mobile users.
“When it comes to your device and mobile account, many UK mobile providers now allow users to add a PIN or password to their account, which they’d need to provide for any account changes. For higher security measures, it could be beneficial to set this up with providers so they can help users keep their accounts safe in case a criminal is trying to gain access by pretending to be the consumer.
“Using authenticator apps and biometric verification for an added layer of protection could also make it more difficult for criminals to access users’ personal data to perform a SIM swap fraud.”
More from Tech
- Apple Launches New AirPods With Instant Translation: How Do They Work?
- From ‘Naughty Step’ To Wi-Fi Blackout: How Parents Discipline In The Digital Age
- The Double-Edged Sword of Digital Identities: More Risks Than Rewards?
- Is Built-In Antivirus Software Enough To Protect You?
- Why We Need More Martins and Kates: The Crucial Role of Advocacy in Raising Awareness of Lasting Power of Attorney
- Nofence Launches HerdNet: A New Communication System For Livestock Collars
- Pet Tech and Recurring Revenue: The Purr-fect SaaS Model?
- Tech To Help Teachers Tackle The New School Year
Asad Hamir, Co-Founder, Klyk
“With hardware manufacturers phasing out physical SIMs almost overnight, we’re entering a new era where security assumptions have to change. The ability to physically remove or swap a SIM card once gave users and businesses a tangible sense of control. With eSIMs, everything is provisioned in the cloud, which means attackers only need to compromise an online workflow to take over your number.
“Because mobile numbers underpin so much of our personal and business security – from SMS codes to password resets – a successful takeover can quickly cascade into devastating account compromise. This shift forces a rethink: carriers must strengthen identity checks and build more robust network-level protections, while individuals and businesses need to move beyond SMS authentication. Adopting authenticator apps, passkeys, and hardware security keys will be essential as phone numbers evolve from a layer of protection into a potential point of failure.”
Ross Devereux, R&D Director, Lifecycle Software
“The shift to eSIMs signals a step towards seamless, always-on connectivity. For many users, this means simpler device setup, easier international roaming, and more flexibility when switching networks. But with greater convenience comes the need to rethink privacy. We are moving towards a world of permanent connectivity, where the hardware itself limits users’ agency. It might be optimistic to assume that transparency, consent, and oversight will catch up. But history shows that tech often races ahead of regulation.
“Take facial recognition technology: it was widely deployed in public spaces long before lawmakers could establish meaningful privacy safeguards, leaving users exposed without recourse. The telecom compliance and regulation evolution is often slow and complicated.
“My concern is that the least tech-savvy, or those living in markets with weaker regulation, will be the first to suffer from invisible privacy invasions. If we value agency, we need to push now, not later, for built-in options that disables connectivity, rather than just enabling it, before this becomes another case of users left exposed.
“If transparency, consent and the ability to control connectivity are built into the rollout, eSIMs could improve mobile experiences without eroding user agency.”
Arshad Khalid, Technology Advisor, No Strings Public Relations.
“eSIM profiles are stored in software rather than a removable card. That creates a new class of risk: if attackers find vulnerabilities in the provisioning systems run by carriers or device makers, they could potentially clone or swap your number without ever touching your device.
“Traditional SIM-swap fraud relied on tricking a carrier into issuing a replacement card, but with eSIMs, the attack vector shifts to software and remote access. It means your profile could be moved instantly, giving attackers control of calls and texts, including SMS codes used for banking and authentication, without leaving any physical trace.”
Chris Hauk, Consumer Privacy Advocate, Pixel Privacy
“While eSIMS are more convenient than traditional SIM cards, they do present privacy and security issues. eSIMs are embedded in devices, meaning they can’t be physically removed or swapped out. While eSIMs use security measures that make them tougher to hack, bad actors could possibly exploit weaknesses in the phone manufacturer or cellular provider’s system.
“eSIMS also can allow cellular providers to collect loads of information, not allowing users to prevent such info from being collected. This could lead to more targeted advertisements, or worse, identity theft. Users with devices that use eSIMS should immediately set a PIN on their eSIMs, if available.”
Andy Aitken, Co-founder and CEO, Honest Mobile
“The question around user privacy in relation to newer phones and eSIMs is an interesting one.
“Firstly, I don’t believe people using eSIMs should be worried about their privacy being invaded. You only need to look at places like China, which delayed the widespread adoption of eSIMs in part due to tracking limitations, to realise that this is not the motivation behind the rise of eSIMs.
“If you are worried about being tracked, I’d recommend disabling your eSIM and turning off your phone. This will mean your phone has no connectivity and cannot be tracked. You could even uninstall your eSIM and re-add it later for extra peace of mind.
“Ultimately, I believe it’s positive that more phones are eSIM-compatible. It reflects progress in developing better, more efficient phones that use less plastic than their predecessors.”
Paul Bischoff, Consumer Privacy Advocate, Comparitech
“For 99 percent of people, it makes no difference. You can’t remove an eSIM, so it ties your phone number to your phone and could communicate over a mobile network when you don’t want it to. But do any of us remove our SIM cards for privacy, anyway? I never have. There might be some limited circumstances in which you want to be sure your mobile provider is not tracking you, in which case a removable SIM might be preferable. But you could also just set it to airplane mode and get the same result. I also find the premise that “we can’t remove batteries and so can never truly turn our phones off” a bit ridiculous. Of course you can turn your phone off.”
Kristian Torode, Director and Co-Founder, Crystaline.
“The move to eSIMs marks a significant shift in mobile connectivity — one that brings both efficiency and new privacy considerations. For SMEs, especially those managing distributed teams or BYOD policies, this change means devices are now more tightly tied to mobile networks and harder to disconnect physically. This changes the way we much think about privacy.
“Unlike physical SIMs, eSIMs can’t be physically removed from the device, which reduces user control and raises concerns about persistent connectivity and tracking. If paired with the inability to remove batteries, users essentially lose their ability to truly go ‘offline’.
“However, eSIMs also allow businesses to manage and secure devices remotely, with faster provisioning and better control over usage. The key for SMEs is to adopt strong mobile device management (MDM) practices and ensure employees understand the privacy settings available on their devices. With the right policies in place, the benefits of eSIMs can be harnessed without compromising user trust or data security.”
