Can a carrier ever surreptitiously lock an unlocked phone, or is it only on phones financed or purchased through the carrier? For example, if I bought an unlocked phone and attached it to my Verizon plan, could Verizon lock it?
Historically phone locking was done at the modem level via an NCK code - if a phone is supplied by a carrier the modem will come pre-locked and will only be unlocked upon entry of an NCK code which the carrier has the secret key to generate (hash(secret+imei)). With this system if the phone is not locked to begin with I am not aware of any way to toggle this mechanism remotely.
With smartphones however, the game has changed. Apple for example no longer locks their modems at all and instead rely on a software-level check as part of the "activation" process (at first boot where it also gets its client certificates/etc to talk to Apple services) - said activation policy can be changed remotely, and Apple are very cagey about their full capabilities. I have read of some vendors selling iPhones that would be unlocked at first but lock themselves to the first carrier they see.
It's unlikely Apple would ever enforce or change an activation policy on a phone purchased directly from them, so you should be safe. But technically, it's up to the phone manufacturer. I am not sure what the Android situation is in comparison.
> I have read of some vendors selling iPhones that would be unlocked at first but lock themselves to the first carrier they see.
Yeah, there's no official documentation, but that's how the Best Buy ones are. I've seen it called "US Reseller Flex" and "SIM Out" policies. There are some shady websites that have a GSX login that will report the policy name, anti theft lock status, and service history if you put in the IMEI. The intent is to prevent having to keep separate stocks of identical hardware pre-assigned to each carrier you sell for.
IIRC, Best Buy isn't supposed to sell you a phone without at least adding it to an existing carrier account. They act as an agent of the carrier, not selling the phone standalone like Apple does. It's possible that someone could then resell it while in-box as a scam, but that's not what Apple/carrier intended.
If you don't have the key, how? I browsed XDA forums a lot in the past to try and ulock and old phone, and there didn't seem to be any way. All of the guides ended up being nonsense.
Someone above said you need the NCK code which is generated from a secret only the carrier has - how does having root get around this?
The lock is basically implemented as an "is the SIM's carrier on a whitelist" check, which can obviously be patched out or modified arbitrarily once you have full access to the firmware which root does. It's important to remember that the lock is entirely on the phone's side, to prevent it from connecting to any other carrier than the one it's locked to. A carrier can implement an "official" unlocking method essentially as an app that runs on the phone to validate the unlock code, but that is no obstacle to root.
If you jailbreak an iPhone, the lock is also easily removable in the same manner.
If we're talking NCKs it means the modem is locked, so you need a modem/baseband-level exploit. Root helps you talk to said modem but doesn't directly allow you to modify its firmware without some other exploit.
Not really familiar with other platforms, but on Mediatek platforms the modem firmware is just loaded from the filesystem --- which you have full access to as root.
Can you recommend any good guides to read more about this? I was trying to unlock a Boost phone a few years ago, which was perfectly good and compact but unusable outside of Boost. I no longer have the need but still have the curiosity.
