diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/DeviceController.java b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/DeviceController.java
index 7c9c8575b..e0c424fe5 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/DeviceController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/DeviceController.java
@@ -141,6 +141,10 @@ public class DeviceController {
       throw new WebApplicationException(Response.Status.UNAUTHORIZED);
     }
 
+    if (deviceId == Device.MASTER_ID) {
+      throw new ForbiddenException();
+    }
+
     final CompletableFuture<Void> deleteKeysFuture = keys.delete(account.getUuid(), deviceId);
 
     messages.clear(account.getUuid(), deviceId).join();