The Delicate Art of the Network Unlock on a Smartphone

Unlock is a term in our business that often means several different things to the customer, but most people understand that in order to use their carrier branded smartphone or tablet somewhere else it requires an unlock. In this article, it means a network unlock. All major carriers in the US, except Verizon, have network locked smartphones. Yes, you can actually put another SIM card in a recent Verizon smartphone like the Galaxy S8, or Moto X that will work on other carriers like T-Mobile, with one catch: some do require a little more configuration in settings, than just popping in your SIM card. But that’s it. Nonetheless, if you were to purchase a smartphone from a carrier, Verizon would be your best choice, because it’s unlocked and it will work worldwide right out of the box. Some countries around the world lock their carrier branded smartphones too, so this locked status isn’t just confined to the US. Now that we got that out of the way, let’s take a quick look at unlocking smartphones, past, present, and future.

A short history of the locked smartphone

Now, before we talk more in depth about unlocking phones in 2017, let’s talk history. I remember one of the first phones that I unlocked was an iPhone. It required a jailbreak and unlock tweak from Cydia, which is nearly impossible now because it is iOS specific. Even most R-SIMS, which are attached to SIM cards in the iPhone and spoof the network so that it shows as unlocked, do not work anymore, either. However, most unlocks come in the form of removing a network lock that exist in the smartphone. For iPhone, it’s an activation policy that is communicated from the server to the iPhone; in the Android, the lock is stored directly on the phone itself. Carriers in the US and some countries have been blocking use of any services by other providers from the very beginning of the smartphone, all in an effort to keep the customer paying high monthly bills and financed smartphone premiums.

Since the locks were installed by the manufacturer, it was clear they could be removed. It wasn’t that hard really. Back then, I remember the famous Galaxy S3 Dialer code unlock that could unlock the Galaxy S3 in just minutes, I made a lot of money on that one. As time went on though, the word got back to the carriers, and those simple unlocks were patched; then we found more dialer codes to expose shortcuts, and service menus to get your phone unlocked.

Fast forward to today and things become a bit more sophisticated. Through the years the locks have become harder to crack and more expensive for the consumer. For example, T-Mobile’s security is now an app on the phone which will only remove the network lock once the device is eligible; or the phone may have a MSL (Manufacturer Subsidiary Lock) that must be decrypted in order to remove the lock.

What options do unlockers have these days?

These days unlocking a smartphone really comes down to this: if you’re unlocking iPhone from one of the carriers that lock them, then you need to locate a vendor who has the ability to remove the activation policy.

How do they do it? Well, that has been up for debate for a while. Our contacts in the industry tell us that the vendor pays someone who has access to the carrier accounts to remove that lock, an inside hook up if you will. They mark up what they are being charged and send lists to that contact weekly. We have also noticed that the service decreases considerably, and prices change. That somewhat supports the claims from our industry contacts.

I have another theory that may be a little far-fetched, but maybe, and just maybe, due to the sheer volume of smartphones that are sold every year, it is likely that the carrier is providing these services through a vendor to prevent a bottleneck. In either case, both would be probably be illegal and would be breaking the law, whether it is an employee unlocking without permission and charging money for it, or a company that is operating unfairly.

The point is these vendor unlocks are provided on a worldwide scale to support cell phone repair shops that either do not have trained staff using commercial unlocking equipment, or the devices that need to be unlocked are not supported by the equipment yet. The best choice for a shop to maximize profit is to have both.

The tools of the trade

We briefly covered vendor unlocks. Now let’s talk about the tools of the unlocking trade. They go by names like Octoplus, Furious Gold, GC Pro Key, and the world famous Z3X, to name a few. These are what we call commercial unlocking tools, or boxes and dongles. In some cases, they even pack it all onto one tiny flash drive. If you do any kind of repair on smartphones, and you’re not providing unlocking services, then you really are missing out on big revenue streams every month. Fortunately, if you’re reading this article and you would like to, Phonlab provides training on all of the top boxes and dongles through our smartphone technician training program at E-Campus.

The equipment itself is very convenient in that it normally supports at least one major OEM, but the current trend with companies like GC Pro Key or BST Dongle is to support several or more. The cost is relatively low: dongles or flash drive type dongles cost around $150 and the premium boxes from $200-300, depending on where you purchase them. The return on investment is a no-brainer, because you can net anywhere between $50-150 per unlock or repair with these tools.

This equipment also has another benefit over a custom hack or bypass: UART. You say, “What?” UART or “Universal Asynchronous Transmitter Receiver” bypasses security through a COM/PORT connection. This allows you write to Samsung smartphones. It sounds a bit technical because it is.

You see, Samsung has consistently blocked our methods of unlocking through unconventional processes. This is one of them, well sort of. The unlocking box would use a UART cable which looks like an old telephone plug with a micro USB tip on the other end to plug into the phone. These boxes also contain every command that is used to bypass, unlock, and essentially hack into smartphones. It doesn’t just stop with unlocking the network; in some cases they also remove FRP and screen locks, and rewrite or repair IMEI numbers with another IMEI, in the event you have a blacklisted device.

Trust me when I tell you, if you are running a high volume shop, invest in the equipment and training now. You’ll thank me later. There is one more thing with commercial unlocking equipment: they support Android only because Android is open source. Apple iPhone has been a closed source, and is much harder to work with. Why? Remember I mentioned above about the iPhone.

What does the future hold?

Well, if you wait long enough and you pay off that contract or financed smartphone, the carrier will unlock it for you by request, unless you’re with Sprint. In the US, they will automatically unlock your device through an over-the-air update once it is eligible. The future of unlocking will undoubtedly get harder as time goes on. I can attest to that. But the good thing is that no matter how hard it gets, through research and the occasional insider tip, we manage to achieve that network unlock. It seems unfair and it is. The competition for business has become that way from one carrier to the next. Whether they use words like “freedom” or “uncarrier” in their advertising, the truth is this: you are not truly free unless your smartphone is unlocked from its original carrier, so that you can use it somewhere else. In our case that may be a good thing, because we provide those services to the customer, and we do it it quickly and we do it well.

MJ Nale

Founder, Phonlab