iMessages reportedly still sent to stolen iPhones (Updated)
Update: Daring Fireball pointed to this recommendation from Jesse Hollington: set a SIM PIN code, which will prevent your phone from registering with the cellular network after a reset or a SIM swap until/unless the PIN is entered. Be extremely careful, however, as the iPhone settings UI can be confusing and you may get locked out if the phone thinks you're entering an existing PIN incorrectly. Macworld now recommends a three-step deactivation process, including calling your carrier to make sure your phone SIM is turned off.
Update 2: Our colleague Michael Jones reports that there are situations where the 'stickiness' of location services can work in your favor: "My wife's iPhone 3GS was stolen in mid-September. By the time the iPhone 4S was released, there had been no sign of the 3GS and so we went ahead and replaced the phone, figuring that there would be no way to locate the old phone once it was deactivated. A couple of days before Thanksgiving, however, I received an email from Find My iPhone that the 3GS had been located, and briefly reported its location at a grocery store that does not have any open Wi-Fi networks in the area. A few days later, I received another alert as the thief had again turned the phone on at a different location, and the police were able to recover the phone."
A troubling issue with iMessages being sent to stolen iPhones has been reported by Ars Technica. According to the article, the issue was brought up by Ars reader David Hovis whose wife's iPhone was recently stolen. She replaced her phone, changed her Apple ID password and moved on.
While she was enjoying her new iPhone, the stolen handset was sold to an unsuspecting third-party who was using the phone on their wireless account. Incredibly, the stolen phone, which she deactivated with her carrier and remote wiped, was still sending and receiving iMessages on her behalf. She is only one example. If you search MacRumors or Apple's support forum, you will find several more examples.
Part of the problem may reside with Apple's authentication system for iMessage. According to a thread at Ask Different, Apple stores the device ID (UDID) and the Apple ID or mobile number for each device that uses iMessage. An iMessage is apparently sent to Apple's servers, which look at the destination email address or phone number of an incoming message. The server looks in its database for the UDID that's associated with the recipient's phone number or Apple ID. The server then uses this information to redirect the message to the correct phone.
It's possible, in the case above, that the UDID of a stolen phone remains in Apple's database and is not replaced by the UDID of the new phone. A message sent to the phone number of the person whose phone was stolen would go to the UDID of the stolen phone and not the new phone. The owner of the stolen phone can then respond back.
I've experienced a similar issue with FaceTime on the iPhone 4. I activated my phone and setup FaceTime on one phone number and then switched it to another phone number about a month later. The UDID remained attached to the original phone number and was not automatically updated by Apple. When I tried to make a FaceTime call, the recipient would see my old number. If they tried to FaceTime me with my new number, it wouldn't work. People could only contact me by FaceTime calling my old number. I was able to force Apple to update my UDID in its system by resetting my phone using iTunes according to Apple's instructions.
The iMessage issue appears to be similar to the FaceTime issue noted above, but it's not identical. While FaceTime can be corrected by erasing your phone, the iMessages issue is not corrected by a similar remote wipe procedure. I'm not sure why a remote wipe wouldn't fix the iMessage issue; maybe there's a difference between a remote wipe and an iTunes reset or Apple's servers are configured slightly different for the two services. Regardless, the iMessage issue is a serious one that Apple hopefully will address.
Share
Update: Daring Fireball pointed to this recommendation from Jesse Hollington: set a SIM PIN code, which will prevent your phone from...
Add a Comment
Let's talk about the fact that phone companies like AT&T continue to do business with people stealing, buying and using stolen phones even if they are reported stolen and they have the IMEI number or whatever they cal the numbers these days on file.
December 22 2011 at 8:47 PM Report abuse Permalink rate up rate down ReplyIt sounds like that the same thing can happen when an iPhone is replaced at the Apple store? I recently replaced my phone. I am wondering if a new owner who might buy a refurbished phone which was originally mine, then s/he can get/send messages of mine? I have no idea whether or not refurbished phones have new UUID. Is there anyone knows about this?
December 21 2011 at 5:41 PM Report abuse Permalink rate up rate down ReplyWe've been battling with this iMessage issue, not through the stolen phone problem but from the number switch that Kelly describes. It only appeared after the IOS 5 update. No joy so far in fixing it despite trying all the suggested techniques.
December 21 2011 at 6:22 AM Report abuse Permalink rate up rate down Replyi wonder how many are freaked out by this.
i disabled my iMessage immediately after reading this.
There are plenty of instant messaging client out there. And I can still send text messages.
I spent hours on the phone with AppleCare over this same issue. There is no way to turn off the shared iMessaging, and they insist it's a great new feature. Even among my OWN devices, in my own house, I don't want private text message conversations to be visible on all devices. This weird sort of "IMAP-esque" messaging is a TREMENDOUS mistake! It's just terrible!
I did everything they asked during a tech call.. I removed the SIM from my old iPhone, I removed my AppleID... nothing stops the messages from coming to the old device.
Further, I've got clients who are physicians, and now they've had confidential patient information sent to them by text message, appearing on their iPads for the whole family to consume at home. This is a HUGE violation of HIPAA, and a federal crime. I don't mean in the figurative sense, I mean an actual federal crime.
You couldn't have picked a better time to post about this, honestly-- I'm about to port my number to an Android phone on T-Mobile, now that AT&T has withdrawn their plan to buy them. (If the iPhone were available on a $30/month plan with 5 gigs of HSPA+ data and 100 minutes of talk time, I might have made a different decision...)
If I hadn't known to turn off iMessage before porting the number, nobody with an iPhone running iOS 5 would be able to text me on the new phone once it's been ported-- the number would be forever stuck in limbo on Apple's servers.
Honestly, I'm quite shocked that Apple doesn't offer a way to deactivate a number by logging in to iCloud with your Apple ID. Seems like a rather problematic omission, given how often used phones are sold.
Deals of the Day
more deals- Acoustic Research Digital Photo Frame with iPod Dock for $50 + free shipping
- Apple iPhone 4 8GB for Verizon, AT&T, or Sprint for $50 + pickup at Best Buy
- Unlocked iPhone 4S 16GB for GSM (AT&T, T-Mobile) for $619 + free shipping
- Apple iMac Core i7 Quad 3.4GHz 27" w/ 24GB RAM, 2TB HDD for $2,677 + $29 s&h
- Used Apple Magic Mouse for $36 + $4 s&h
- Skullcandy Riot Earbud Headphones for $10 + free shipping
Software Updates
more updatesFeatured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
6 Comments