| iOS iMessage service provides the potential for the exposure of private and possibly sensitive DoD information. When a DoD iOS device is transferred to a new user or disposed of, the device may still receive iMessages sent to the previous DoD user. iMessage phone numbers on a specific iOS device can persist after a SIM has been removed from the phone. For example, SIM A is placed in phone, activated on iMessage, and then swapped out for SIM B. That phone will receive iMessages bound for the phone numbers on both SIM A and B until the iMessage service on the phone has been turned off and then back on again. This vulnerability exists for GSM devices but not for CDMA devices. When the original device user receives messages via their iMessage account, the message will be displayed on their old iOS device. The wipe procedure for the iOS device must include specific procedures (outlined in the STIG Overview) to mitigate this risk.