01 · The Problem
Device financing economics are brutal. Installment phone sales depend on the assumption that the device is the collateral — but most enforcement tools fail the moment a defaulting customer attempts a bypass. Software-only MDM is regularly defeated by recovery mode bypass. Factory reset clears the policy controller on most pre–Android Enterprise devices and on any device where the DPC was installed as a profile owner rather than device owner. SIM swap fraud disables phone-number-based locking. Knox-reseller approaches limit OEM coverage to Samsung. Google DLC partner-program approaches lock operators to three certified integrators sharing roadmaps and pricing.
For a BNPL operator deploying across five Latin American countries with default rates north of 12% on subprime device contracts, none of these enforcement models are adequate. The financing math only works if the device can be remotely locked, the lock survives the obvious bypass attempts, and the integration with the billing system is reliable enough to be fully automated end-to-end.
02 · Lockia's Approach
Reset-resistant device control at multiple AOSP and TEE layers. Cipher Protocol — Lockia's patent-pending architecture (USPTO 63/940,826) — binds device identity to the Trusted Execution Environment and enforces lock state across multiple AOSP Device Owner layers. Recovery mode and factory reset bypass paths are blocked at hardware-attested checkpoints.
OEM-independent. Lockia Cipher DPC runs on any device supporting Android Enterprise Device Owner mode — which is every major Android OEM shipping into regulated markets. We are not a Knox reseller (Samsung-only), not an AMAPI wrapper (Google-certified), and not bound to three certified integrators. Portfolio coverage spans Samsung, Motorola, Xiaomi, Realme, HONOR, Infinix, TECNO, and emerging-market local OEMs.
Customer-controlled policy plane. Lock decisions are driven by your billing system, integrated with Lockia's policy server via webhook or REST API. The policy server is operated by Lockia in your required deployment region — not by a third-party SaaS arbitrating which payment status produces which enforcement action. For iOS, Lockia operates a self-hosted MDM server (Lockia Cipher MDM) integrated with each customer's Apple Business Manager tenant via Apple's published MDM protocol. APNs is mandatory infrastructure for any iOS MDM; what is removed is the additional layer of third-party MDM SaaS between you and Apple.
The platform exposes eight progressive enforcement levels — from gentle notification to full device wipe — that you tie to your delinquency stages via API or webhook. The default escalation pattern is configurable per customer cohort, geography, or product line.
03 · How It Works
For multi-country operators, each device is tagged with deployment region, regulatory framework, and currency at enrollment. Lock policies vary per region without requiring separate platform deployments. The same Lockia backend serves all your geographies; policy configuration handles the regulatory delta.
Enrollment
Devices enroll via QR (Android) or Apple Business Manager DEP (iOS). Cipher Protocol activates at the TEE layer at first boot.
Identity handshake
Lockia backend exchanges a hardware-attested device identity with your policy server, binding device to customer cohort.
Billing integration
Your billing or collections system sends payment status updates to Lockia via webhook or REST API on the cadence you control.
Progressive enforcement
Eight levels — Notice, Warning, Soft Lock, Hard Lock, Full Lock, Brick, Wipe — trigger based on payment status thresholds you configure per cohort.
Restoration
Customer pays. Restoration command propagates globally in under 200ms. Device returns to the prior policy state automatically.
04 · Compared To
These are architectural facts, not marketing claims. Trustonic is a Google DLC certified integrator; PayJoy is a DPC wrapper; NuovoPay is multi-tenant cloud SaaS; Google DLC is a partner program with three certified integrators. The comparison reflects what each vendor builds, not how each vendor positions.
| Lockia | Trustonic | PayJoy | NuovoPay | Google DLC | |
|---|---|---|---|---|---|
| Architecture | Sovereign UEM (AOSP DPC + Lockia-hosted MDM) | Google DLC certified integrator | DPC wrapper (Android-only) | Cloud SaaS (multi-tenant) | Google partner program |
| OEM coverage | All Android Enterprise OEMs + iOS via ABM | Google DLC partner-certified devices | Android OEMs supporting DPC Device Owner | Android OEMs + limited iOS | Google-certified devices only |
| Reset resistance | Multi-layer AOSP + TEE (patent-pending) | TEE-anchored (Trustonic TEE) | DPC-level (software) | DPC-level (software) | Google DPC (varies by partner) |
| iOS support model | Lockia-hosted Cipher MDM via ABM | Limited (Android-focused) | Limited (Android-focused) | Cloud MDM SaaS | Android only |
| Customer data path | Lockia-hosted, customer-region | Trustonic cloud + Google | PayJoy cloud | NuovoPay cloud SaaS | Google + certified integrator cloud |
05 · Deployment Patterns
Anonymized patterns from active deployments. Specific operator names, contract sizes, and confidential metrics are omitted; the patterns are detailed enough to be credible without identifying the customer.
A seven-country LATAM BNPL operator deploying across Mexico, Colombia, Peru, and four other markets. The operator manages a fleet spanning four banking regulators and four currencies. Lockia's policy plane handles regional rules — KYC strictness, lock-stage thresholds, restoration grace periods — without separate platform deployments per country. The operator reports reduced default rates on Cipher-enrolled cohorts compared to prior software-only MDM cohorts, with the largest deltas in the highest-default subprime segments.
A Caribbean retailer financing both iPhone and Android handsets. Mixed-platform fleets are a common Latin American retail pattern. Lockia's progressive enforcement runs identically on both sides of the device estate — graduated lock states tied to payment status — via Cipher DPC on Android and Cipher MDM (ABM-integrated) on iPhone. The retailer treats both platforms as one operational workflow rather than maintaining separate financing programs per OS.
A Mexican multi-product retailer with motorcycles, appliances, and phones in one financing portfolio. Smartphones are typically the most-defaultable item in a multi-product portfolio because they are the easiest to factory-reset and resell. Lockia's enforcement layer eliminates the smartphone-specific recovery risk, allowing the retailer to underwrite phones at the same risk tier as their other product lines and expand the financing portfolio without expanding the underwriting cost.
06 · One of Many
Device financing is the wedge vertical — the contractual context where reset-resistant device control delivers immediate measurable economic value — but it is one configuration of Lockia's Sovereign UEM platform, not the platform itself. The same enforcement layer powers carrier subsidy protection, OEM pre-configuration, and public-sector fleet operations. The same Cipher DPC runs on the same AOSP APIs. The same Lockia-hosted Cipher MDM operates the same Apple Business Manager integration. What changes per vertical is the policy configuration, the integration partner, and the operational workflow.
For a financing operator, this matters strategically: the platform you deploy for installment lock-and-restore is the same platform you would deploy if you later acquired a carrier business, an OEM relationship, or a public-sector contract. The architectural commitment is once. Vertical expansion is policy configuration.