An eSIM, short for embedded SIM, is a digital version of a physical SIM card that’s already built into your phone or device. Instead of inserting a small plastic card to connect to a mobile network, you can activate or switch between mobile plans digitally, usually by scanning a QR code or using an app. With an eSIM, you don’t need to physically buy a card or wait for one to be delivered. As such, eSIMs are convenient and offer flexibility, making them popular among travelers.
Yet, as with any newer technology, particularly one that’s tied to your mobile phone number and data, it’s only natural to have some questions. In this post, we’ll explore how eSIMs work, whether they’re secure, and their pros and cons versus physical SIM cards. This should help you decide whether using an eSIM is right for you and how you can stay as safe as possible when using one.
What is an eSIM, and how does it work?
An eSIM is a digital version of the traditional SIM card used to connect your device to a mobile network. Unlike a physical SIM card that you insert into your phone, an eSIM is built directly into the device’s hardware. As such, there’s no need for a physical card slot or for you to have to swap anything out.
An eSIM performs the same function as a regular SIM card. It stores the information your device needs – such as your phone number and data plan – to authenticate it with your mobile network provider. Instead of being tied to a plastic card, the information is downloaded digitally by scanning a QR code or using a network provider’s app.
Here’s how an eSIM works:
- First, you’ll want to check if your device is e-SIM compatible. Most modern phones and tablets now support eSIM.
- You’ll then need a mobile carrier or eSIM provider that supports eSIM activation. This may be your regular mobile provider or a service that sells prepaid eSIMs.
- Once signed up for a plan, your carrier will send your eSIM activation details. This will be a QR code for you to scan, a manual activation code, or a link to install via their app.
- To install the eSIM on your iPhone, go to Settings > Mobile Service > Add eSIM and then scan the QR code or enter the details manually. On Android, it’s Settings > Network & Internet > SIMS or Mobile Network > Add Mobile Plan and then scan the QR code or enter manually.
- If you want, you can choose which SIM is used for calls, messages, or data. You can also choose whether you want to use both numbers or just one. It’s possible to label your SIM, for example, as “Work” or “Travel”.
- Your eSIM is now activated. You can use it to make calls, send texts, or use mobile data just like you would with a physical SIM.
Most modern smartphones, tablets, and even wearables now support eSIM. This includes recent iPhones, Google Pixels, and Samsung Galaxy series. Some laptops and tablets also include eSIM functionality, and this allows for seamless connectivity from anywhere.
Are eSIMs safe?
eSIMs are just as safe as traditional SIM cards. In some ways, they’re even more secure. Due to the fact that an eSIM is built into your device and activated digitally, they don’t have some of the same physical vulnerabilities. For example, there’s no risk of an eSIM being lost or damaged, or otherwise removed or tampered with. That doesn’t mean there aren’t a few downsides to eSIMs, however.
Harder to steal or clone
One of the key advantages of eSIMs is that they’re physically embedded into your device. This makes it that much more difficult to steal or tamper with them than with a traditional SIM card. With a physical SIM, someone could remove the card from your phone and insert it into another device to hijack your number. You may not even know about it until it’s too late.
With an eSIM, that’s just not possible. The eSIM is locked to the device’s hardware and can’t be manually removed. To transfer it, a person would need to access your carrier account, the original QR code or activation info, and possibly even your device’s unlock credentials. This makes casual theft or cloning all the more difficult.
In terms of cloning, physical SIM cards can be duplicated using specialized hardware and software, although this is relatively rare. Unauthorized duplication of eSIMs is more complex because eSIM profiles are encrypted and securely downloaded from the carrier. Unless someone has access to your device and its credentials, eSIM cloning is highly unlikely.
Still vulnerable to SIM swapping
Although eSIMs are embedded in devices, they’re not immune to SIM swapping. This is a type of fraud that involves someone tricking your mobile provider into transferring your number to a new SIM or eSIM that they control. If this is successful, an attacker can then gain access to calls, texts, and even two-factor authentication (2FA) codes.
Accidental deletion or loss
Deleting an eSIM or losing your phone doesn’t mean your mobile plan disappears, but recovering your eSIM can take a few extra steps compared to moving a physical SIM to a new phone. Some carriers let you re-download your eSIM via a QR code or app, although some may require you to get in touch with customer support.
Depending on your carrier, you may face limits as to how often you can re-download or transfer an eSIM to a new device. Some phones restrict reusing an eSIM profile once it’s deleted, which can be frustrating.
How to use eSIMs safely
eSIMs are generally very secure, offering strong protection against physical theft as well as casual cloning. Despite this, it’s still important to follow best practices to protect your number, data, and mobile account. Here are some simple steps you can take to use eSIMs safely:
1. Secure your carrier account
Most SIM swap attacks don’t involve hacking your phone. Instead, they target your mobile account. This makes protecting your carrier account all the more essential. Of course, this requires using a strong and unique password. You can use a password manager to securely store passwords without needing to remember them all. If your carrier offers it, make use of two-factor authentication for an extra layer of security.
2. Keep your activation details safe
When you activate an eSIM, you’ll usually receive a QR code or activation code from your carrier or provider. This acts as a kind of digital key to download your eSIM profile. You’ll want to store this securely, preferably using encrypted cloud storage. If you accidentally delete or lose your eSIM, or simply switch devices, you may need it to reinstall the profile.
3. Lock your device
If someone gains access to your phone, they could potentially remove or replace an eSIM profile. For this reason, you should always use a screen lock, be it a PIN, passcode, fingerprint, or face ID. Enable remote tracking and wipe options like Find my iPhone (iOS) or Find my Device (Android) in the event that your phone is lost or stolen.
4. Stick with trusted providers
Only install eSIM profiles from reputable carriers or providers. There are many legitimate travel eSIM companies, but also some shady apps or services that offer deals that are simply too good to be true. Check for reviews and a proper website with clear ways to get in touch with support. If in doubt, buy directly from your carrier or a known eSIM marketplace.
5. Understand the recovery process
It’s well worth knowing how your carrier handles the reactivation or transferral of eSIMs. Search their website or get in touch with support to ask whether you can re-download the SIM profile from your account, whether you’ll need to contact support if you lose your device, and if there are any limits on how often you can transfer the eSIM to a new phone.
eSIM safety: FAQs
Can an eSIM be hacked?
An eSIM can be hacked but it’s very difficult to do. An eSIM benefits from strong encryption and is securely integrated into your device’s hardware. This makes it less vulnerable to cloning than a physical SIM. There’s no physical card to remove so an eSIM can’t be stolen or swapped without your knowledge.
The real risk comes from how your mobile account is managed. As with traditional SIM cards, attackers can still try to perform a SIM swap attack where they trick your carrier into transferring your number to a new device or an eSIM that they control. This doesn’t involve breaching the eSIM, but rather using social engineering to gain access through your carrier. Secure your carrier account using a strong password and two-factor authentication.
What happens if I lose my phone with an eSIM?
If you lose your phone with an eSIM, you’ll need to take a few steps to protect your account and get connected again. The first is to contact your mobile carrier for them to remotely suspend or deactivate the eSIM. This prevents anyone from using your number or plan. You can then have the eSIM reissued to a new device when you’re ready. When activated, remote tracking or wipe features can help you lock or erase your device if needed.
Can eSIMs be tracked?
Yes, eSIMs can be tracked, but they are no more vulnerable to tracking than physical SIM cards. Mobile tracking generally relies on GPS-based location services, carrier networks, and IMEI numbers rather than the SIM card.
Whether using a regular SIM or eSIM, you have some control over mobile tracking. Turn off location services, exercise caution when using apps, and consider using a VPN to help maintain your privacy.
Can I use an eSIM and a physical SIM at the same time?
Yes, most modern smartphones support dual SIM functionality and it can prove very useful. When you have an eSIM as well as a physical SIM on your device at the same time, you can have two mobile plans active. This lets you keep personal and work numbers private, keep your main number active while using a local eSIM for data while traveling abroad, and combine a cheap SIM with your regular SIM for better savings. Each SIM can be set up to handle different functions, such as calls on one and data on the other.