IMSI tracking is a consequence of how baseband devices communicate over-the-air, just as WiFi MAC address tracking is a consequence of how 802.11 devices communicate over-the-air.
And it's definitely a vulnerability, because it's used to track end users and reduce their privacy.
So it IS a baseband vulnerability. And IMSI randomization mitigates it to some degree, just as WiFi and Bluetooth MAC randomization mitigate tracking via those identifiers.
I’m arguing that just because a baseband processor is involved that doesn’t mean IMSI tracking is a vulnerability of the baseband processor itself. IMSI provisioning and randomization cannot be done without cooperation with the network operator and has nothing to do with the baseband processor itself.
