[adolph]

Essentially, the OS has a backdoor to allow commands from the SIM. I wonder what other uses are there for this method?

[lxgr]

Is it still a backdoor if it is publicly documented?

Also, the API is somewhat limited. "Installing applications" here means "downloading code to the SIM card", which arguably has always been the phone provider's property.

It's definitely not possible to install apps on the application processor OS via SIM-OTA. That would be OS-based carrier profiles, which the OS vendor has deliberately implemented.

[ghostDancer]

You may know there is one but you still don't know how to open/use it.

[b112]

The more important question is, can the SIM itself be remotely updated.

If so, any entity with a court order, can install anything it wants on your phone.

Alternatively, any entity it wants can use the sim itself to track beyond the norm...

[lxgr]

Not really updated, but new applications can be remotely installed and then interact with the baseband and (to a limited extent) the smartphone OS.

It‘s not "any entity", though – the provider’s keys are needed to do this, and they can already do much of that tracking using other, network-side means.

If the signing keys are compromised, though, bad things can happen: https://www.srlabs.de/bites/rooting-sim-cards

[boppo1]

Couldn't installations be observed though?

[lxgr]

They could (using a setup like the one in the article), but the payload is usually encrypted in addition to being authenticated, and such OTA updates are done for legitimate reasons all the time.