Isn't this the same problem either way? The enterprising criminal can take a low level job at Apple rather than a low level job at a carrier, which is presumably one of the reasons it hasn't actually worked.
And if the problem is that each country is using a different IMEI blacklist then that seems like an obvious thing to fix. There are already treaties and agreements which is how the global phone network operates to begin with, or you could have US law enforcement set up a system to submit the IMEI to each of the individual blacklists.
I trust apple to have more intelligent audit controls on their employees than the average carrier.
And the calculation for the carrier is different. There's a inherent incentive on unblocking a phone for the carrier, as this means a billable contract. For Apple there's a inherent incentive in being known as having devices hard to unblock and thus, presumably less attractive for thieves.
> The enterprising criminal can take a low level job at Apple rather than a low level job at a carrier
To my knowledge, Apple has not had any insider compromise of activation lock.
This is why criminals try to phish the credentials from the victim instead.
Yes and even companies that can request it (I worked for one in this role) have to provide extensive documentation.
A phone must be purchased for us (with invoice with serial no) originally, or it must have been enrolled in our corporate MDM before getting locked. And for a while they didn't even accept the latter.
So even if you are at a third party you won't get away with sneaking these through. Which is good, a bit annoying sometimes though when some of our vendors didn't provide serial number invoices. We now require it but during the first years of anti-theft lock it was a bit of an issue and caused a lot of e-waste for us, sadly.
> To my knowledge, Apple has not had any insider compromise of activation lock.
First they would have to get caught.
> This is why criminals try to phish the credentials from the victim instead.
Either method would be effective and not every criminal would have access to an insider, or they would have to pay off the insider for each device and then still prefer to phish the customer if possible to avoid paying the bribe.