When a Name Like “true” Locks Your iCloud: Lessons in Input Validation

The “true” Naming Bug

An Apple user named Rachel True applied for iCloud services, but the application was rejected and her Apple ID was locked for six months. The problem stemmed from the surname "true" being interpreted by Apple’s backend as the Boolean literal true rather than a string, causing the system to fail when assigning the value to the lastName variable.

Because the system treated the input as a Boolean, the iCloud registration process terminated, and Apple’s defensive mechanisms—likely designed to prevent malicious SQL injection—flagged the account as abnormal. The user spent hours appealing to Apple Support while still being charged for iCloud storage she could not use.

Workarounds include surrounding the name with quotes during entry or, more drastically, changing the name entirely.

Names Even Harder Than “true”

Similar issues arise with other names that clash with programming keywords or literals, such as "Bobby Tables" (a classic SQL‑injection joke), "Root", "Self", "Null", or surnames containing spaces like "van Os". When these strings are not properly sanitized, they can break scripts, cause database errors, or expose security vulnerabilities.

These cases underscore the critical need for robust input sanitization and validation in software development to prevent accidental code execution or injection attacks.

Source: 量子位