Apple Compensates Victim of iMessage Bug for Breach of Privacy - MacRumors
Skip to Content

Apple Compensates Victim of iMessage Bug for Breach of Privacy

by

In December, an apparent bug appeared in Apple's iMessage service that allowed iMessages to be sent to a stolen iPhone. The messages can, apparently, continue to be sent and received from the stolen phone after a remote wipe and a SIM card deactivation. This is obviously an unintended action, and though Apple explains the solution to be "toggle iMessage on and off" in the Settings app, that is an impossible act to perform remotely on a stolen phone.

The Next Web today reports of the case of an anonymous Apple customer who had her iPhone stolen and the lengthy discussions she had with Apple afterwards.

imessage400
After her iPhone was stolen, Customer K had her SIM card deactivated. However, her friends told her that iMessages they sent continued to be delivered to the stolen iPhone because she hadn't invoked Find My iPhone's Remote Wipe feature. Apple's technical support personnel suggested a wide variety of solutions to prevent her messages from being sent to the other iPhone.

Suggestions to reset her Apple ID password, insert her SIM card into another iOS device, among others, made sense. One request, that she contact her friends and tell them to stop sending her iMessages, Customer K thought was completely unreasonable -- not to mention impractical.

Eventually, nearly 6 weeks after her phone was initially stolen, Apple did finally figure out a unique solution:

Apple was finally able to remotely push ‘code’ out to the stolen iPhone in order to make the problem stop. This was a result of an Apple Engineering Team weighing in on how to solve the issue.

After the problem was finally solved, the customer continued to push Apple on the issue of compensation and was directed to Apple's legal department. She informed Apple Legal that she was troubled by the length of time that it took to prevent the iMessages from going to the stolen phone and wanted compensation for the extensive breach of privacy.

Eventually, after a phone discussion with Apple legal, K was offered an iPod Touch as compensation for her trouble. Apple claimed it would give her a device with which to receive iMessages.

Apple has still not commented on the matter, but one theory is that the iMessage servers permanently link the UDID number of a particular handset to an Apple ID, so it knows what handset to deliver iMessages to. Messages continue to be sent to a stolen iPhone until iMessage is manually toggled on and off — a task that is impossible to perform on a stolen phone.

Popular Stories

Dynamic Island iPhone 18 Pro Feature

11 Reasons to Wait for the iPhone 18 Pro

Monday May 11, 2026 9:01 am PDT by
We're only four months out from the launch of Apple's premium next-generation smartphone lineup, and while we're not expecting a sea change in terms of functionality, there are still several enhancements rumored to be coming to the iPhone 18 Pro and iPhone 18 Pro Max. One thing worth noting is that Apple is reportedly planning a major change to its iPhone release cycle this year, adopting a...
Read Full Article35 comments
iOS 26

iOS 26.5 Features: Everything New in iOS 26.5

Monday May 11, 2026 5:09 pm PDT by
Apple released iOS 26.5 after a few months of beta testing, and while it doesn't have the Siri features we were hoping for since those are being held until iOS 27, there are a handful of useful changes worth knowing about. Subscribe to the MacRumors YouTube channel for more videos. End-to-End Encryption for RCS Support for end-to-end encryption (E2EE) for RCS messages between iPhone and...
Read Full Article65 comments
General Apps Reddit Feature

Reddit Starts Blocking Mobile Website, Pushing Users to App Instead

Monday May 11, 2026 6:10 am PDT by
Social network Reddit recently began blocking mobile visitors to its website while pushing them to download the official Reddit app, and it's fair to say that the move is not going down well with users. If you visit reddit.com on your iPhone today, you may see a new popup that can't be dismissed, asking you to "get the app to keep using Reddit." A Reddit spokesperson told Ars Technica...
Read Full Article125 comments

Top Rated Comments

BanterClaus Avatar
BanterClaus
186 months ago
This needs fixing. A simple option on iCloud.com to unlink devices from your iMessages is what should be done in my opinion.
Score: 28 Votes (Like | Disagree)
K
kolax
186 months ago
Should have compensated her with a new iPhone instead of iPod touch. Or if she had already bought a new one, refunded what she paid with an Apple Gift Card.

"Here's an iPod touch so you can receive iMessages again, but don't lose it! We don't want to go through all this again!"
Score: 27 Votes (Like | Disagree)
A
Andronicus
186 months ago
I would've told them an iPad 2 can get iMessages too!
Score: 21 Votes (Like | Disagree)
A
ABernardoJr
186 months ago
I'm sick and tired of all these crybabies blaming others for their mistakes. Customer K lost her phone...boo hoo. Deal with it. Call your friends. Tell them you lost your phone and that you aren't receiving their messages. Get a new phone. Don't always try to make someone else responsible for your mistakes. Apple didn't lose your phone...you did. Compensation from Apple? You must be joking.
The phone was clearly stated to have been "stolen" quite a few times in the article. Should she have told the thief not to steal her phone? :confused: I don't imagine that going over particularly well.
Score: 18 Votes (Like | Disagree)
S
ski1ski1
186 months ago
this story makes absolutely no sense to me..




if her sim card is deactivated, that means her phone number is no longer associated with the sim card. how are messages being sent to the device?
Because unlike regular txt messages, iMessage is linked to the UDID of your phone, not not sim card. This is how it works even via wifi. The phone number or iTunes email address is used as an ID to send/receive iMessages. But there is a major design flaw. Apple uses to the sim card to verify the phone number for iMessage. But it only verifies the sim card upon initial iMessage activation. If the sim card is removed, deactivated, or replaced with a different sim, the Apple servers will still send iMessages to the phone via wifi. Or cellular data, if it has another valid sim card. Even one with a different number. This is because the iMessage phone number is linked on Apple's servers to the UDID of the phone, not the sim. This link on Apple's servers will remain until iMessage is manually deactivated in the phone's settings. Which is impossible if you lose your phone, or already sold it. Apple has known about this design flaw for over two months. I don't understand why Apple still has not fixed this major privacy issue.
Score: 18 Votes (Like | Disagree)
M
Maltz
186 months ago
It's a slippery slope though, what if I sold my iPhone on craigslist, then file that police report?

Filing a false police report is a good way to end up in jail. Doing what you describe is a good way to get caught filing a false police report. lol
Score: 15 Votes (Like | Disagree)
Read All Comments