A stolen physical SIM in Brazil gives a thief a window to intercept SMS-based 2FA codes before you can cancel the card. That window is why eUICC-based eSIM is the correct architecture choice for high-theft travel environments. TL;DR eSIM stores credentials in eUICC hardware soldered to the motherboard; no physical extraction possible GSMA RSP handles over-the-air profile provisioning via SM-DP+ server with TLS mutual auth Physical SIM theft enables SMS 2FA interception; eSIM theft does not Profile transfer requires device PIN plus carrier authentication HelloRoam provisions Brazil eSIM profiles on TIM 5G; QR activation takes 30 to 90 seconds GSMA Remote SIM Provisioning (RSP) uses three components working in sequence: SM-DP+ Server (Subscription Manager Data Preparation Plus) | | TLS mutual authentication | LPA (Local Profile Assistant, the phone eSIM manager UI) | | Encrypted profile package download | eUICC (embedded chip, hardware-bound to motherboard) The SM-DP+ server generates an encrypted profile package. The eUICC authenticates using its embedded certificate (EID). The LPA handles the QR scan on the user side. No plaintext credentials cross the wire at any point in the flow. # Read your device EID (eUICC hardware identity, 32 digits) # iOS: Settings > General > About > EID # Android ADB method: adb shell service call iphonesubinfo 11 # Parse the output to extract the 32-digit EID string # Validate active eSIM profiles on Android: adb shell dumpsys telephony.registry | grep -i 'euicc' Attack Vector Physical SIM eSIM (eUICC) Device stolen SIM removable instantly Profile stays in hardware SIM-swap fraud 2FA intercept window opens No extraction possible Carrier social engineering Possible without device Requires device plus PIN Airport kiosk exposure High (visible public swap) None (QR pre-activation) Signal on landing Kiosk or retail required Immediate, pre-configured At Guarulhos (GRU) and Galeão (GIG), arrivals zones see regular distraction theft. A visible SIM swap in a crowded arrivals hall signals device possession while attention is split. eSIM removes that exposure entirely. # Conceptual GSMA RSP activation sequence (simplified) def activate_esim_profile(activation_code, device_eid): # activation_code: QR-encoded SM-DP+ address + matching ID # device_eid: 32-digit EID from device hardware session = sm_dp_plus.authenticate( eid=device_eid, activation_code=activation_code ) if session.status == 'authenticated': profile = sm_dp_plus.download_profile(session.token) return euicc.install_profile(profile) # encrypted, hardware-bound return False # Provisioning takes 30 to 90 seconds on a stable connection City Coverage Level Key Zones São Paulo Full 5G urban Jardins, Pinheiros, Vila Madalena Rio de Janeiro Full 5G urban Ipanema, Leblon, Centro Brasília Full 5G urban Plano Piloto Florianópolis Partial 5G Centro, Lagoa da Conceição Rural corridors LTE Band 28 700MHz fallback nationwide Q: What is an EID and why does it matter for eSIM security? Q: Can I run two eSIM profiles simultaneously in Brazil? Q: What happens if an eSIM profile install fails mid-download? Get Brazil eSIM coverage details at helloroam.com/esim-brazil. Ready to stay connected on your next trip? Check out HelloRoam eSIM