Insights from Vox Carrier

VOX Insights | Networks Audit Report for South Africa

Network audit South Africa

Mobilesquared most recent SMS A2P databook indicates 22% SMS A2P gray routes in South Africa. A VOX360 network audit of South Africa in 2020 also revealed that there were several clear areas of vulnerability which MNOs should look to improve. These network vulnerabilities negatively impact customer service and also act as significant barriers to MNOs being able to increase their revenue.

South Africa is the southernmost country on the continent of Africa. It is served by five Mobile Network Operators. There are roughly 45 million active mobile subscribers in the country, supported by LTE penetration of over 99% in the three major cities. South Africa’s ARPU by unique mobile subscriber is USD 5.00.

In Q2 of 2020 Vox Carrier Solutions commissioned a detailed network analysis of South Africa. We will share the findings in this article and show that there are a number of areas of network vulnerability that concerned MNOs in South Africa should address if they wish to ensure customer retention and increased profits.

SIM-box Threat Analysis

Sim farms are an active problem in many markets. In a small number of countries, this type of activity is considered illegal, but in most cases, sim farms do not break any laws. However, they do compromise MNO service levels and expose customers to fraudulent activity. These reasons alone should be powerful enough to motivate affected MNOs to root out this behavior.

“Signs of Sim-box activity in South Africa was 49%”

We found that signs of Sim box activity in South Africa stood at 49% of traffic. By comparison, another African country, Ghana, had Sim box activity of 28%. South Africa’s sim-box threat level is very high by any measure. It’s no exaggeration to call it a crisis that requires immediate attention.

International A2P Traffic Sources

When assessing how robust a network is, high traffic from international networks can be a vulnerable area for the bypassing of firewalls. Malicious traffic could come from international origins and bypass network safeguards, compromising an MNO’s ability to control and optimize their traffic.

“Total estimated volume of international A2P SMS fraud was 84%”

For South Africa, we identified that the total estimated volume of international A2P SMS fraud was 84%. This showed a very high possibility of bypass from international sources. As with other warning signals, this high percentage would require an investigation.

But what can be done about sim farms?

There is a reason why the evidence of sim farm activity and international A2P traffic sources are such a concern. In the example of South Africa, the high chances of sim activity (49%) and the estimated volume of international A2P SMS fraud (84%) mean that MNOs can stand to lose loyal customers and miss out on huge opportunities for revenue.

But MNOs are not helpless. According to a case study by the Mobile Ecosystem Forum, Telefonica in Germany identified numerous sim farm providers terminating SMSs within its network and decided to do something about it. These were the steps that they took as an organization committed to removing the problem:

  • They set up a testing process to analyze sending patterns of their SMS traffic
  • The sim farm operators were discovered to be using an app that was freely available off the Google app store. It enabled consumers to share their SIM cards through the app and effectively sell their flat-rated SMSs. Telefonica advised Google that the app was breaching their contractual terms and asked Google to remove it
  • Telefonica also put legal pressure on the app provider to end their service as it was allowing customers to breach the MNO’s contractual terms

These efforts were ultimately successful and the SIM farm app was stopped. This validates the opinion of Vox Carrier CEO Ehsan Ahmadi who says:

“To fight SIM farms, MNOs need to continuously invest in technology, expertise, and intelligence.” – Vox Carrier CEO Ehsan Ahmadi

Testing results for fraudulent activity in South Africa

As with many businesses, low pricing often requires a second look to ensure that everything is above board. With South Africa, we found that the bottom 13% of their SMS traffic was sold at 2.5 times lower than traffic at the top end. 

“The bottom 13% of South Africa’s SMS traffic was sold at a price as much as 2.5 times lower than the most expensive traffic”

This is not a worrying number for now, as pricing in other markets can sometimes be much worse. By comparison, in Ghana, we found that the lowest pricing was 50 times lower than the highest pricing! 

Messages Analysed for Manipulated Content

Manipulated content shows up when a consumer receives an SMS showing text alterations. These alterations indicate that someone with malicious intent has tampered with the message. 

“5.5% of SMS traffic showed evidence of manipulated content”

For South Africa, we found that 5.5% of SMS traffic carried traces of manipulated content, meaning there is a likelihood of ongoing fraudulent activity. This may appear to be a low number, but any evidence or manipulated content is a concern as it can be a gateway for a bigger problem

Legality issues are linked to customer issues

Standard sim farms do not breach data protection legislation such as the EU’s GDPR (General data protection regulation), or the POPI (Protection of personal information) Act in South Africa. But given their low-overhead business model, it is highly unlikely that a sim farm operator has taken the time to understand or abide by operator terms and conditions. 

Often, sim farms originate in distant territories such as China and Africa with very different privacy regulations. This is exactly why message originator businesses and MNOs need to understand the SMS delivery chain so they know who has access to their customers’ sensitive personal data. Any time a customer’s information is compromised, the MNO stands to lose that customer and the revenue they generate.

When asked if it is a good idea for MNOs to be mindful of data protection and consumer protection legislation and pursue legal options if required, Vox Carrier SVP of Operations, Marius Rosca says, “It should be done, but it’s often a long and bumpy road.” But on the evidence of the Telefonica case, it is best combined with powerful network analysis, monitoring, and testing.


South Africa’s network infrastructure has some areas of vulnerability. When businesses want to optimize costs, it becomes very difficult to take control of the quality of the messaging channel as it is open to exploitation. 

Responsible businesses should be on the lookout for easy-to-spot red flags such as low pricing and sim farm signatures. In response, they should monitor and test their networks more regularly in order to take control of their customer service experience, which will result in better customer retention and increased profits.

Insights from Vox Carrier

Updates on our activities, market insights and presence in international events