I think this is conceptually wrong from a layering perspective because youre punching through the abstraction and making it leaky on purpose. This just moves the problem down one layer in the stack - there will be legitimate new use cases for “sim card ID spoofing” and then we’re back to square one. Also from a usability standpoint “getting a new phone” is precisely the wrong time to lock users out of their accounts
A perfect analogy would be trying to implement security with mac addresses but applied to internet. It just makes a mess of an abstraction layer and then you have to rebuild it because those abstractions were useful (mac address spoofing has legitimate uses because mac addresses were used for security and then people realized they needed to be able to transparently swap things out)
A perfect analogy would be trying to implement security with mac addresses but applied to internet. It just makes a mess of an abstraction layer and then you have to rebuild it because those abstractions were useful (mac address spoofing has legitimate uses because mac addresses were used for security and then people realized they needed to be able to transparently swap things out)