Apparatus and methods for controlling distribution of electronic access clients

What is claimed is: 1. A wireless apparatus configured to selectively enable and disable different components included in the wireless apparatus, the wireless apparatus comprising: a wireless interface; and a secure element, wherein the secure element includes: a first secure storage for storing user access control clients that enable the wireless apparatus to access wireless services via the wireless interface, a processor, and a second secure storage configured to store instructions that, when executed by the processor, cause the processor to carry out steps that include: receiving an activation ticket from a manufacturer of the wireless apparatus, wherein the activation ticket includes at least one record, and each record: corresponds to a component included in the wireless apparatus, includes a shared secret associated with the component, and indicates whether to enable or disable the component; and upon verifying the activation ticket: downloading a user access control client, storing the user access control client in the first secure storage, and for each record included in the activation ticket:  causing an enablement or a disablement of the component in accordance with the record and in response to a verification of the shared secret by the component. 2. The wireless apparatus of claim 1 , wherein the different components included in the wireless apparatus are selected from a group that includes: the first secure storage, an application processor, and the wireless interface. 3. The wireless apparatus of claim 2 , wherein the wireless interface includes a first baseband processor and a second baseband processor that is different from the first baseband processor, and the group further includes: the first baseband processor and the second baseband processor. 4. The wireless apparatus of claim 1 , wherein the activation ticket includes a digital signature that is associated with a trusted signatory entity. 5. The wireless apparatus of claim 4 , wherein verifying the activation ticket comprises verifying the digital signature. 6. The wireless apparatus of claim 1 , wherein the wireless interface is configured to communicate with a cellular network, and the user access control client enables the wireless apparatus to authenticate with the cellular network. 7. The wireless apparatus of claim 6 , wherein the manufacturer is appointed as a manager of the wireless apparatus. 8. The wireless apparatus of claim 6 , wherein the user access control client comprises an electronic Subscriber Identity Module (eSIM) that is specific to the cellular network. 9. The wireless apparatus of claim 8 , wherein each of the activation ticket and the user access control client is received via the wireless interface. 10. A hardware secure element included in a mobile device, the hardware secure element comprising: an interface to different components included in the mobile device; a secure processor; a first secure storage configured to store at least one access control client that enables the mobile device to access services provided by a cellular network associated with the at least one access control client; and a second secure storage configured to store instructions that, when executed by the secure processor, cause the secure processor to carry out steps that include: receiving an activation ticket that specifies at least one limitation for operating the mobile device to be enforced by the hardware secure element, wherein the activation ticket includes at least one record, and each record: corresponds to a component of the different components, includes a shared secret associated with the component, and indicates whether to enable or disable the component; and upon verifying the activation ticket: downloading a user access control client, storing the user access control client in the first secure storage, and for each record included in the activation ticket: causing an enablement or a disablement of the component in accordance with the record and in response to a verification of the shared secret by the component. 11. The hardware secure element of claim 10 , wherein the different components included in the mobile device are selected from a group that includes: the first secure storage, an application processor, and a wireless interface. 12. The hardware secure element of claim 11 , wherein the wireless interface includes a first baseband processor and a second baseband processor that is different from the first baseband processor, and the group further includes: the first baseband processor and the second baseband processor. 13. The hardware secure element of claim 10 , wherein the activation ticket includes a digital signature that is associated with a trusted signatory entity. 14. The hardware secure element of claim 13 , wherein verifying the activation ticket comprises verifying the digital signature. 15. The hardware secure element of claim 10 , wherein the at least one user access control client comprises an electronic Subscriber Identity Module (eSIM) that is specific to the cellular network. 16. The hardware secure element of claim 10 , wherein the activation ticket is received in response to issuing, to the cellular network, a request to register to access the services provided by the cellular network. 17. A method for selectively enabling and disabling different components included in a wireless device, the method comprising: at a secure element included the wireless device: transmitting a request for an activation ticket in response to a command issued by a mobile services application, wherein the request includes information associated with a user account of a user of the wireless device; receiving the activation ticket, wherein the activation ticket includes at least one record, and each record: corresponds to one of the different components included in the wireless device, includes a shared secret associated with the component, and indicates whether to enable or disable the component; and upon verifying the activation ticket: downloading a user access control client, storing the user access control client in a first secure storage included in the secure element, and for each record included in the activation ticket: causing an enablement or a disablement of the component in accordance with the record and in response to a verification of the shared secret by the component. 18. The method of claim 17 , wherein the mobile services application executes on a computing device that is in data communication with the wireless device. 19. The method of claim 17 , wherein the mobile services application executes on the wireless device. 20. The method of claim 17 , wherein the request comprises one or more unique identifiers associated with the wireless device. 21. The method of claim 17 , wherein the wireless device includes a wireless interface, and the request specifies a cellular network. 22. The method of claim 17 , wherein the information comprises billing information associated with the user. 23. The method of claim 17 , wherein the different components included in the wireless device are selected from a group that includes: the first secure storage, an application processor, and a wireless interface. 24. The method of claim 23 , wherein the wireless interface includes a first baseband processor and a second baseband processor that is different from the first baseband processo