Quick mirror — you asked four clean things. Let me match them tight before going deep:
Feasibility? → No, not the way you’re imagining. The data doesn’t exist at the telecom layer.
Legit APIs? → Twilio Lookup v2, Telnyx, NumVerify, NeutrinoAPI — all return line type, none return device hardware.
What’s legally extractable from a number alone? → Carrier, MCC/MNC, line type, validation, SIM-swap date, port history, reassigned-number status.
Compliance gates? → TCPA ($500–$1,500/message statutory damages), state SMS statutes, FCRA permissible-purpose gating for any device-typed broker append.
Now the part nobody mentions until you’ve already paid for the wrong tool:
iMessage availability ≠ iPhone.
Apple’s own support page on phone numbers in Messages and FaceTime confirms a single phone number can route iMessage simultaneously to iPhone + iPad cellular + Mac + cellular Apple Watch under one Apple ID. So even a perfect probe of Apple’s IDS infrastructure fires identically for any of those devices.
The signal you’re chasing doesn’t carry the answer you want.
What I run for actual list hygiene
Twilio Lookup v2’s line_type_intelligence field — about $0.005 per call.
Useful for |
Useless for |
| Filtering landlines before SMS send |
iPhone vs Android |
| Filtering non-fixed-VoIP (fraud signal) |
Device hardware |
| OTP delivery routing |
OS detection |
| Saving budget on undeliverables |
Anything iMessage-related |
Every carrier-mobile number returns type: "mobile" regardless of the device behind it. That’s the ceiling of what carrier metadata tells you.
🪤 Why pre-screen iPhone detection isn't a sustainable vendor category — read this before paying anyone
Could someone reverse-engineer Apple’s iMessage protocol and probe it at scale?
Yes. pypush is the open-source community library that does exactly that, with the protocol writeup published here. Its commercial proof-of-concept was Beeper Mini.
The Beeper Mini timeline
Dec 5, 2023 ┃ Beeper Mini launches commercially ($1.99/mo)
┃
Dec 8, 2023 ┃ Apple shuts it down ─────────────────► 4 days
┃
Dec 11, 2023 ┃ Beeper pivots to Mac-based workaround
┃
Dec 21, 2023 ┃ CEO concedes publicly ──────────────► 3 weeks
┃
Late Jan 2024┃ Apple bans linked Apple IDs ────────► 7 weeks
┃
▼
STRATEGIC RETREAT
“Each time that Beeper Mini goes ‘down’ or is made to be unreliable due to interference by Apple, Beeper’s credibility takes a hit. It’s unsustainable. As much as we want to fight for what we believe is a fantastic product that really should exist, the truth is that we can’t win a cat-and-mouse game with the largest company on earth.”
— Eric Migicovsky, Beeper CEO (December 21, 2023)
Sources: TechCrunch · Dec 8 — TechCrunch · Dec 11 — Beeper retreat blog · Dec 21
The takeaway
Open-source. Well-funded. Technically working. Broadly publicized. And Apple cut it off in days.
That’s the structural ceiling for any vendor pitching “bulk iMessage probing” or “iPhone detection at scale” today. Their sales cycle is longer than their service half-life.
Vendor smell-test: if a pitch claims they detect iPhones from a cold list, ask for two things — an audited accuracy benchmark and a reference customer with 24+ months of continuous service. Watch them change the subject.
🎯 Which legitimate lane your actual use case probably fits — pick yours
SMS marketing segmentation (iMessage vs SMS routing)
- The lane → Send-time routing, post-consent
- How it works → Postscript / Attentive / Klaviyo / Sakari / Salesmsg detect iMessage delivery via the carrier’s per-send delivery callback; SMS fallback is automatic
- Prerequisite → Prior express written consent under TCPA, documented per-consumer-per-seller, before the first send
- The trap → Trying to pre-screen the list. Detection happens at send-time. You’d be doing at list-prep what the platform already does in real-time.
Fraud detection / KYC at signup
- The lane → Defensive use of telecom signals
- How it works → Sift / Alloy / Persona / Socure ingest line_type + sim_swap + port_history as inputs to synthetic-identity scoring
- Useful signals → Line type (filter non-fixed-VoIP), SIM-swap recency (recent swap = fraud-risk flag), port history (synthetic-identity tell)
- The honest part → These vendors don’t claim to know device hardware either. Money-on-the-line keeps them honest.
Regulated recovery (debt collection, repossession, locate services)
- The lane → FCRA permissible-purpose
- How it works → LocateSmarter / MicroBilt / TLO / TransUnion DataExpress sell phone-with-device-type-appended records — but only to entities with documented FCRA permissible purpose under FDCPA / GLBA carve-outs
- Eligibility → You need to be in this legal category first. General consumer marketing doesn’t qualify; legitimate locate services do.
General cold-list consumer marketing
- The lane →
Productized device-segmentation capability → doesn’t exist sustainably
- TCPA per-message liability → $500–$1,500
- State SMS statutes → FL, OK, MD are particularly aggressive (private rights of action)
- The 2024 FCC consent-revocation rule → “STOP / OPT OUT / CANCEL” trigger 10-business-day honor windows
- Lead Generator Loophole closure → vacated by the Eleventh Circuit in early 2025, but every other consent rule stands
One Twilio field nobody talks about
sms_pumping_risk (in the Lookup v2 docs) flags numbers associated with SMS-pumping fraud — toll-revenue-share scams that abuse OTP flows.
If your underlying concern is “filter out problematic numbers before sending,” this field + line_type_intelligence does more useful work than any iPhone-detection workflow you were considering.
The pattern — send-time routing solves segmentation for free, but only after the consent layer is built. If pre-screen feels necessary, that’s usually the consent layer flagging itself as the actual problem to solve first.
📜 Compliance map at a glance
| Regime |
Covers |
What you owe |
TCPA (federal) |
Autodialed/prerecorded calls + texts; private right of action |
Prior express written consent per seller · honor opt-outs in 10 business days · $500–$1,500/message statutory damages |
State SMS statutes (FL · OK · MD) |
Private rights of action; sometimes broader than federal |
Counsel review for any SMS marketing in those jurisdictions |
CCPA + state privacy laws |
Right to know / delete / opt out of sale |
Documented consent provenance for any purchased phone data |
FCRA (data broker context) |
Permissible purpose gates use |
You need permissible-purpose status to buy device-typed phone records |
Apple Acceptable Use |
Any iMessage probing or non-Apple-device registration |
Beeper Mini timeline = the structural half-life; bulk probing burns Apple IDs fast |
India TCCCPR 2018 / DLT |
Carrier-enforced consent registry (predictive of US direction) |
Not directly applicable to US ops, but worth studying — US 10DLC + T-Mobile Brand Trust Score is reinventing parts of this 3 years late |
Honest answer
The productized version of “identify iPhones in this list” doesn’t exist.
The closest-available signal (iMessage availability) doesn’t actually answer it — iMessage routes to every Apple device under one Apple ID, not just iPhones.
What does exist → line-type lookup APIs that filter your list to mobile-eligible numbers so your SMS budget doesn’t waste on landlines.
What protects you → building consent before the first send, not segmenting by device after.
The seven-week half-life Beeper Mini lived through is the structural answer to anyone pitching otherwise.
Save the budget for the consent layer.
The device-segmentation question solves itself at send-time once that’s built right.