Genuine question, don’t both iPhones and Androids lock out users if they’re unable to provide the password? In that case are most of these stolen phones sold for parts?

That’s a feature to protect user data not to prevent the phone being reused. Wipe the device and it’s brand new (unless the device ID is reported and the phone blacklisted by the networks somehow, but that relies on the owner and the authorities being faster than the thieves, I’d imagine).

You can’t wipe an iPhone that’s locked to an ICloud ID without the password of the account

If you have physical access to a device you can eventually do whatever you want with it, depends how organised the thief is

I would be curious to learn more, as this is a much touted security feature. If it’s that easy to bypass then we need to understand the limitations.

Do you have any more information on this?

The usual tactic is to send a phishing text to a number that calls it pretending to be Apple. They then get your Apple ID credentials and use that to unlock the device.

How do you send a phishing text to a phone you have stolen? The owner would either not get the text, or get it via iMessage which the response wouldn’t appear on the stolen phone. I’m not following this tactic, so I’m obviously missing something.

The owner tries to call the number from another phone, usually a mobile.