9eSIM
eSIM privacy and security: what data leaves the chip, what stays
Short version: an eSIM doesn't see your apps. What it does see is who you're talking to and where. Here's how that compares to a SIM card.
May 13, 2026 · 9eSIM
An eSIM is a small, locked-down computer doing exactly one job: identify itself to a tower. It does not see app content, browser data, or messages. What it does see:
- IMSI — your network identity (effectively, "this phone, on this carrier")
- Location — the towers you connect to. The network logs this for billing and lawful intercept; the chip itself doesn't store it.
- Authentication exchanges — proof that this profile is allowed on the network.
Same as a regular SIM card. No more, no less.
Where eSIMs are slightly more private than SIMs
- No physical card means no shoulder-surfing of an ICCID when you swap cards.
- Multiple profiles let you compartmentalize. Throw-away profile for protest journalism, permanent profile for everything else.
- No SIM swap fraud surface — eSIM activation requires the original eUICC chip in your device, which is harder to social-engineer than a number-port request.
Where eSIMs are slightly worse
- Carrier visibility into device identity — eSIM provisioning includes the device's EID, which is unique per chip. A determined adversary correlating across carriers could link profiles to the same chip. (In practice, your IMEI is way easier to track.)
- Vendor lock-in risk — if the eSIM provisioning service goes down, you can't install new profiles. This is what made vendor-lock-in a real issue when 5ber's parent company went bust in 2024 — phones with their cards installed kept working, but couldn't load new profiles. Programmable physical cards mitigate this by accepting profiles from any standards-compliant provider.
What apps see
Independent of the eSIM, apps continue to see whatever your OS gives them: IP address (which leaks coarse location), advertising id, and whatever permissions you grant. eSIM doesn't change any of that.
Practical hygiene
- Disable advertising ID on iOS and Android.
- Run a VPN for actually-sensitive traffic.
- Keep your home line's number off social profiles you don't want crawled by data brokers.
- If you cross borders frequently, consider a dedicated "travel phone" with a fresh eSIM profile each trip — your home number stays out of border-control databases.