possibly somebody has already said this, but I wonder why Apple doesn't use two step authentication when people bring in bricked iPhones and other Apple mobile products. If it's got a fraudulent/spoofed UUID/IMEI/serial numbers then the notifications will be sent to the wrong person. If the person returning it claims to not have a second Apple device then ask them to verify through their Apple account… if they say no, "would you please accompany the store manager to this offie and wait for police?"
Tim Cook, if this method gets of the ground, you can send me 10% of the costs saved as Apple hardware for the next two decades. (And replace my lemon of a 2016 MBP that has had personal hot spot hell, unexplainable shutdowns and other issues that 10 different product engineer specialists haven't been able to fix over six years that I'm still pissy about).