Now, could someone somehow change this and do something nefarious because it'll mismatch with what the network things? Maybe. But what's stopping someone from iMessage takeover by messing with the SIM and sending a spoofed message to the shortcode?
But someone could send any info to the shortcode indirectly. Not sure how apple encodes the info its sending, or if it's just sending a signature that authenticates the message.
But the phone could also wait until wifi is lost to send its 'ping' to Apple for the new number to associate with the phone because it could only be for SMS backup message reception purposes I would think. This would also permit it to backoff sending SMS to the old number if out of range of wifi range. (Is there a DoS case against this? I don't know).
I'm reading that article as the SIM only has an IMSI, and the MSISDN routing is all on the provider end, the SIM doesn't know or care.
This has also been my experience when traveling and using local SIM cards. My phone has a space to show your own phone number, and a rare few SIM cards have this pre-filled out but usually you have to enter your own phone number yourself, the phone doesn't know.
What usually happens is that the app on the phone (whether a legit one or a sneaky one) sends a message to a shortcode. The message has the sender ID when collected by the server. That's how the app can be informed of the phone number. Some encryption is usually done to the info sent to prevent spurious messages going to the shortcode.
> it could only be for SMS backup message reception purposes
Of course the iMessage service needs to know your phone number before marking your number as iMessage-capable and routing messages directed at your phone number to you.
I'm only guessing at the SMS' contents. I can't see the message my own damn phone sent.