IMEI - Introduction

The International Mobile Equipment Identity or IMEI (pronounced /ami/) is a number unique to every GSM and UMTS mobile phone. It is usually found printed on the phone underneath the battery and can also be found by dialing the sequence *#06# into the phone.

The IMEI number is used by the GSM network to identify valid devices and therefore can be used to stop a stolen phone from accessing the network. For example, if a mobile phone is stolen, the owner can call his or her network provider and instruct them to "ban" the phone using its IMEI number. This renders the phone useless, regardless of whether the phone's SIM is changed.

Unlike the Electronic Serial Number or MEID of CDMA and other wireless networks, the IMEI is only used to identify the device, and has no permanent or semi-permanent relation to the subscriber. Instead, the subscriber is identified by transmission of an IMSI number, which is stored on a SIM card which can (in theory) be transferred to any handset. However, many network and security features are enabled by knowing the current device being used by a subscriber.

Structure of the IMEI and IMEISV

The IMEI (14 digits plus check digit) or IMEISV (16 digits) includes information on the origin, model, and serial number of the device. The structure of the IMEI/SV are specified in 3GPP TS 23.003. The model and origin comprise the initial 8-digit portion of the IMEI/SV, known as the Type Allocation Code (TAC). The remainder of the IMEI is manufacturer-defined, with a Luhn check digit at the end (which is never transmitted).

As of 2004, the format of the IMEI is AA-BBBBBB-CCCCCC-D, although it may not always be displayed this way. The IMEISV drops the Luhn check digit in favour of an additional 2 digits for the Software Version Number (SVN) in the format AA-BBBBBB-CCCCCC-EE

Prior to 2002, the TAC was 6 digits long and followed by a two-digit Final Assembly Code (FAC), which was a manufacturer-specific code indicating the location of the device's construction.

For example the IMEI code 35-209900-176148-1 or IMEISV code 35-209900-176148-23 tells us the following:

TAC: 352099 so it was issued by the BABT and has the allocation number 2099

FAC: 00 so it was numbered during the transition phase from the old format to the new format (described below)

SNR: 176148 - uniquely identifying a unit of this model

CD: 1 so it is a GSM Phase 2 or higher

SVN: 23 - The 'software version number' identifying the revision of the software installed on the phone. 99 is reserved.

The format changed from April 1, 2004 when the Final Assembly Code ceased to exist and the Type Approval Code increases to eight digits in length and became known as the Type Allocation Code. From January 1, 2003 until this time the FAC for all phones was 00.

The Reporting Body Identifier is allocated by the Global Decimal Administrator; the first two digits must be decimal (ie less than 0xA0) for it to be an IMEI and not an MEID.

The new CDMA Mobile Equipment Identifier (MEID) uses the same basic format as the IMEI.

Retrieving IMEI information from a GSM device

On many devices the IMEI number can be retrieved by entering *#06#. The IMEI number of a GSM device can be retrieved by sending the command AT+CGSN. For more information refer the 3GPP TS 27.007, Section 5.4 /2/ standards document.

Retrieving IMEI Information from a Sony or Sony Ericsson handset can be done by entering these keys: Right * Left Left * Left * (Other service menu items will be presented with this key combination).

The IMEI information can be retrieved from most Nokia mobile phones by pressing *#92702689# (*#WAR0ANTY#), this opens the warranty menu in which the first item is the serial number (the IMEI). The warranty menu also shows other information such as the date the phone was made and the life timer of the phone.

The IMEI can frequently be displayed through phone menus, under a section titled 'System Information', 'Device', 'Phone Info' or similar. Many phones also have the IMEI listed on a label in the battery compartment.

The IMEI will display on the device page of iTunes for an iPhone after syncing.

On refurbished phones the IMEI may be different for the software and the actual phone itself. You can check this by looking behind the phone where the battery is placed (phone IMEI) and by pressing *#06# on your phone (software IMEI)

IMEI and the law

Many countries have acknowledged the use of the IMEI in reducing the effect of mobile phone theft, which has increased exponentially over the last few years[citation needed]. For example, in the United Kingdom under the Mobile Telephones (Re-programming) Act, changing the IMEI of a phone, or possessing equipment that can change it, is considered an offence under some circumstances.

There is a misunderstanding amongst some regulators that the existence of a formally allocated IMEI number range to a GSM terminal implies that the terminal is approved or complies with regulatory requirements. This is not the case. The linkage between regulatory approval and IMEI allocation was removed in April 2000 with the introduction of the European R&TTE Directive. Since that date, IMEIs have been allocated byBABT (acting on behalf of the GSM Association) to legitimate GSM terminal manufacturers without the need to provide evidence of approval.

Other countries use different approaches when dealing with phone theft. For example, mobile operators in Singapore are not required by the regulator to implement phone blocking or tracing systems, IMEI-based or other. The regulator has expressed its doubts on the real effectiveness of this kind of systems in the context of the mobile market in Singapore. Instead, mobile operators are encouraged to take measures such as the immediate suspension of service and the replacement of SIM cards in case of loss or theft.

Blacklist of stolen devices

When mobile equipment is stolen or lost, the operator or owner will typically contact the Central Equipment Identity Register (CEIR) which blacklists the device in all operator switches so that it will in effect become unusable, making theft of mobile equipment a useless business.

The IMEI number is not supposed to be easy to change, making the CEIR blacklisting effective. However this is not always the case: IMEI may be easy to change with special tools and operators may even flatly ignore the CEIR blacklist.

Difficulties

• "New IMEIs can be programmed into stolen handsets and 10% of IMEIs are not unique." According to a BT-Cellnet spokesman quoted by the BBC.
  
  
  
•  Facilities do not exist to unblock numbers listed in error on all networks. This is possible in the UK, however, where the user who initially blocked the IMEI must quote a password chosen at the time the block was applied.
  

Computation of the Check Digit

The last number of the IMEI is a check digit calculated using the Luhn algorithm.

According to the IMEI Allocation and Approval Guidelines,

The Check Digit is calculated according to Luhn formula (ISO/IEC 7812). See GSM 02.16 / 3GPP 22.016. The Check Digit shall not be transmitted to the network. The Check Digit is a function of all other digits in the IMEI. The Software Version Number (SVN) of a mobile is not included in the calculation. The purpose of the Check Digit is to help guard against the possibility of incorrect entries to the CEIR and EIR equipment. The presentation of Check Digit (CD) both electronically and in printed form on the label and packaging is very important. Logistics (using bar-code reader) and EIR/CEIR administration cannot use the CD unless it is printed outside of the packaging, and on the ME IMEI/Type Accreditation label. The check digit shall always be transmitted to the network as "0".

The check digit is validated in three steps:

1. Starting from the right, double every even-numbered digit (e.g. 7 → 14)

2. Sum the digits (e.g. 14 → 1 + 4)

3. Check if the sum is divisible by 10 Conversely, one can calculate the IMEI by choosing the check digit which would give a sum divisible by 10. For the example IMEI 49015420323751?,