Mobile phones identify themselves to the mobile network through a number called the IMEI. IMEI cloning is not particularly difficult nor does it require exotic equipment. This means that it is relatively easy for an attacker to be able to spoof your phone to a mobile network, for example, to receive SMS messages with one time passwords.
Cloning your IMEI has nothing to do with the data that is on your phone, so if someone clones your IMEI it does not mean that they have access to any of the apps or data that is on your phone.
IMEI or IMSI? I think it is the subscriber identity that is on the SIM that needs to be cloned, not the hardware identifier of the device (ie its the IMSI that matters, not the IMEI).
SIMs and SIM burners can be purchased trivially on the open market, and cloned without too much difficulty. Although, a social engineering attack on the employee at the cellphone store is a superior method since it automatically gives you a "known good" SIM with the operator's keys, etc.
Neither the IMEI nor the IMSI is used for authentication. The IMSI is slightly closer to the truth (while still missing by a mile), but without the per-IMSI authentication key (which is never transmitted over the air interface, whether in plaintext or encrypted), it's useless as well.
That's completely wrong. The IMEI doesn't play any role in GSM/UMTS/LTE/5G authentication (if it's recorded, that's usually for debugging or tracking purposes).
While there are weaknesses, every mobile phone standard since GSM (not sure about the equivalent for the CDMA world) uses cryptographic authentication, many of which have been subsequently broken, but it's just not true that simple knowledge of a bearer token, transmitted over the air interface, grants you sufficient access to receive somebody else's SMS.
Most practical attacks actually focus on either attacking the core network via SS7 (and making it deliver SMS to the attacker instead of the actual recipient) or on breaking the air interface encryption, which requires you to be physically close to the legitimate recipient while they receive the SMS over the air.
You can change your IMEI to mine right now, and absolutely nothing would happen (other than maybe our phone operator getting mildly confused, if we share one and they're tracking IMEIs for whatever reason).
Cloning your IMEI has nothing to do with the data that is on your phone, so if someone clones your IMEI it does not mean that they have access to any of the apps or data that is on your phone.