finn voorhees

August 28th, 2024

Apple Repaired My iPhone Screen, but Now My Social Media Account Is Banned

An error message stating "SS06: Device banned"

I recently dropped my iPhone down a flight of concrete stairs and, to my surprise, ended up with a cracked back glass and a broken volume button. Thankfully, the accidental damage was covered under AppleCare, so I booked a repair and took my iPhone to an Apple Authorized Service Provider™.

Initially, I was told they would replace the glass and fix the button. However, later that day, I received a call informing me that they would be replacing the phone entirely due to a few scratches on the front glass. A few days later, I returned to the store and walked out with a brand-new replacement phone for €99.

After restoring from a backup and beginning to log back into all my accounts, I encountered an unexpected problem. When trying to log in to Snapchat, I received an “SS06: Device Banned” error message. This was surprising, as I had no issues signing in on a different device. According to Snapchat’s support documentation, the SS06 error code indicates that the device has been banned due to abuse or repeated violations of their Community Guidelines. The support document also stated that Snapchat Support cannot unban a device once it has been banned.

I began to suspect that Apple had given me a refurbished iPhone as a replacement, and the previous owner had been banned for violating Snapchat’s guidelines. Searching the web led me to various forum posts from people who had been banned for posting pictures of illegal drugs, and contacting Snapchat support led to automated messages saying I was banned for violating guidelines and they cannot lift device bans.

As an iOS developer, I know that Apple has cracked down on any API that developers can use to track users. Developers can’t access a device’s serial number, and the identifierForVendor resets when the user deletes all of a vendor’s apps. So, how could Snapchat still recognize the device?

After a bit more research, I remembered the DeviceCheck framework. DeviceCheck allows developers to set and query two bits of data per device, which persist across app deletions, reinstalls, factory resets, and even device transfers between users. Apple’s documentation suggests using this for limiting free trials to once per user or banning devices with known fraudulent activity. They even mention that developers are responsible for resetting these bits when a device changes ownership, but it’s unclear how developers could verify that this has occurred.

This realization was alarming. If you happen to use apps that overlap with the previous owner’s usage, you could miss out on free trials or, worse, be banned from using certain apps. This was not a stolen iPhone purchased off Facebook Marketplace; it was a replacement iPhone, covered under AppleCare, provided by Apple.

After hitting a dead end with Snapchat support, I contacted Apple support. To their credit, they were very understanding and helpful, acknowledging that this was a new issue they hadn’t encountered before. After about two hours on the phone and some back-and-forth, they offered to just replace my phone again. While there is absolutely a possibility that the new phone could have the same issue, I accepted their offer.

While I don’t use Snapchat extensively and could live without being able to use the app, the broader concern is that Apple replaced my phone with a device previously flagged for fraudulent activity. At any point, I could download a new app, attempt to create an account, and discover that my iPhone is banned from using the service.

My immediate reaction was to blame Snapchat. Despite their claims that they cannot unban devices, they could theoretically reset the “banned” bit—if I could ever reach an actual human at Snap Inc., which seems highly unlikely. The real issue, however, is that while a refurbished iPhone is reset to factory settings, it is not completely restored to the state of a new iPhone. Apple support said that as the ban was not implemented by Apple, they have no ability to lift it. They could absolutely, however, reset all DeviceCheck bits associated with a device’s serial number when refurbishing an iPhone, since they control api.devicecheck.apple.com.

My takeaway from this process is a PSA to all app developers: Do not use DeviceCheck for anything other than verifying that a request is coming from an official Apple device. There is no reliable way to determine if the same person is still using the phone.