Solutions · Device Financing
Reset-resistant device control for retailers, banks, and e-commerce operators running device financing programs. Built on Lockia's Sovereign UEM platform — financing is one of many verticals our platform serves.
01 · The Problem
Device financing economics are brutal. Installment phone sales depend on the assumption that the device is the collateral — but most enforcement tools fail the moment a defaulting customer attempts a bypass. Software-only MDM is regularly defeated by recovery mode bypass. Factory reset clears the policy controller on most pre–Android Enterprise devices and on any device where the DPC was installed as a profile owner rather than device owner. SIM swap fraud disables phone-number-based locking. Knox-reseller approaches limit OEM coverage to Samsung. Google DLC partner-program approaches lock operators to three certified integrators sharing roadmaps and pricing.
Default rates in subprime device financing commonly exceed industry-average consumer-credit rates, and none of these enforcement models are adequate at the scale operators run portfolios. The financing math only works if the device can be remotely locked, the lock survives the obvious bypass attempts, and the integration with the billing system is reliable enough to be fully automated end-to-end.
02 · Lockia's Approach
Reset-resistant device control built on patent-pending hardware-anchored architecture. Cipher Protocol — Lockia's patent-pending architecture (USPTO provisional 63/940,826) — provides reset-resistant enforcement. Standard bypass paths — recovery mode, factory reset — are blocked at hardware-attested checkpoints.
OEM-independent. Lockia Cipher DPC runs on any device supporting Android Enterprise Device Owner mode — which is every major Android OEM shipping into regulated markets. We are not a Knox reseller (Samsung-only), not an AMAPI wrapper (Google-certified), and not bound to three certified integrators. Portfolio coverage spans Samsung, Motorola, Xiaomi, Realme, HONOR, Infinix, TECNO, and emerging-market local OEMs.
Customer-controlled policy plane. Lock decisions are driven by your billing system, integrated with Lockia's policy server via webhook or REST API. The policy server is operated by Lockia in your required deployment region — not by a third-party SaaS arbitrating which payment status produces which enforcement action. For iOS, Lockia operates Cipher MDM in your deployment region — no third-party MDM SaaS in your data path. Your Apple Business Manager tenant federates with the Lockia-operated MDM. APNs is mandatory infrastructure for any iOS MDM; what is removed is the additional layer of third-party MDM SaaS between you and Apple.
The platform exposes progressive enforcement levels configurable per cohort — from gentle notification through graduated lock states — that you tie to your delinquency stages via API or webhook. The default escalation pattern is configurable per customer cohort, geography, or product line.
Five-minute tenant. Not 90-day implementation. Lockia provisions a working tenant in five minutes. No on-premises server installation. No multi-thousand-dollar setup fee. No 90-day integration cycle. The operator integrates with Lockia's APIs; Lockia operates the platform underneath.
This is the architectural consequence of Lockia being operated by Lockia rather than installed at the customer site. Conventional MDM vendors require the customer to stand up a server, negotiate procurement cycles measured in weeks to months, pay setup fees that create capital-expenditure barriers smaller operators cannot absorb, and maintain the server through the contract term. The Lockia architecture inverts that: the platform is multi-tenant infrastructure Lockia operates; the operator integrates by API; the only operator-side infrastructure cost is the developer time to wire the integrations.
03 · How It Works
For multi-country operators, each device is tagged with deployment region, regulatory framework, and currency at enrollment. Lock policies vary per region without requiring separate platform deployments. The same Lockia backend serves all your geographies; policy configuration handles the regulatory delta.
Enrollment
Devices enroll via QR (Android) or Apple Business Manager DEP (iOS). Cipher Protocol activates at the TEE layer at first boot.
Identity handshake
Lockia backend exchanges a hardware-attested device identity with your policy server, binding device to customer cohort.
Billing integration
Your billing or collections system sends payment status updates to Lockia via webhook or REST API on the cadence you control.
Progressive enforcement
Configurable enforcement levels trigger based on payment status thresholds you set per cohort.
Restoration
Customer pays. Restoration command propagates to the device. Device returns to the prior policy state automatically.
04 · Compared To
These are architectural facts, not marketing claims. Trustonic is a Google DLC certified integrator; PayJoy is a DPC wrapper; NuovoPay is multi-tenant cloud SaaS; Google DLC is a partner program with three certified integrators. The comparison reflects what each vendor builds, not how each vendor positions.
| Lockia | Trustonic | PayJoy | NuovoPay | Google DLC | |
|---|---|---|---|---|---|
| Architecture | Sovereign UEM (AOSP DPC + Lockia-operated MDM, in your deployment region) | Google DLC certified integrator | DPC wrapper (Android-only) | Cloud SaaS (multi-tenant) | Google partner program |
| OEM coverage | All Android Enterprise OEMs + iOS via ABM | Google DLC partner-certified devices | Android OEMs supporting DPC Device Owner | Android OEMs + limited iOS | Google-certified devices only |
| Reset resistance | Multi-layer AOSP + TEE (patent-pending) | TEE-anchored (Trustonic TEE) | DPC-level (software) | DPC-level (software) | Google DPC (varies by partner) |
| iOS support model | Lockia-operated Cipher MDM via ABM | Limited (Android-focused) | Limited (Android-focused) | Cloud MDM SaaS | Android only |
| Customer data path | Lockia-operated, in your deployment region | Trustonic cloud + Google | PayJoy cloud | NuovoPay cloud SaaS | Google + certified integrator cloud |
05 · Operational patterns
Multi-country installment phone operators use Lockia's policy plane to handle region-specific rules — KYC strictness, lock-stage thresholds, restoration grace periods — without separate platform deployments per country. The same Lockia backend serves all geographies; policy configuration handles the regulatory delta. The architectural benefit is one integration cycle, one operational workflow, multiple markets.
Mixed-platform retail fleets (iPhone + Android in one financing portfolio) are a common pattern in LATAM consumer retail. Lockia's progressive enforcement runs identically on both sides of the device estate — graduated lock states tied to payment status — via Cipher DPC on Android and Cipher MDM (ABM-integrated) on iPhone. One operational workflow rather than two separate financing programs per OS.
Multi-product financing portfolios that include smartphones alongside other product categories consistently see smartphones as the most-defaultable line item, because phones are the easiest to factory-reset and resell on secondary markets. Reset-resistant device control eliminates the smartphone-specific recovery risk, making it possible to underwrite phones at the same risk tier as other product lines.
06 · One of Many
Device financing is the wedge vertical — the contractual context where reset-resistant device control delivers immediate measurable economic value — but it is one configuration of Lockia's Sovereign UEM platform, not the platform itself. The same platform serves retailers, banks, e-commerce operators, and resellers running device programs, and is designed for additional verticals including carriers and public sector currently in conversations. The same Cipher DPC runs on the same Android Enterprise APIs. The same Lockia-operated Cipher MDM serves the same Apple Business Manager integration. What changes per vertical is the policy configuration, the integration partner, and the operational workflow.
For a financing operator, this matters strategically: the platform you deploy for installment lock-and-restore is the same platform retailers and banks use for their other device programs. The architectural commitment is once. Vertical expansion is policy configuration.