diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/DeviceController.java b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/DeviceController.java
index 154039e23..af54cca87 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/DeviceController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/DeviceController.java
@@ -134,7 +134,8 @@ public DeviceInfoList getDevices(@ReadOnly @Auth AuthenticatedDevice auth) {
   @Path("/{device_id}")
   @ChangesLinkedDevices
   public void removeDevice(@Mutable @Auth AuthenticatedDevice auth, @PathParam("device_id") byte deviceId) {
-    if (auth.getAuthenticatedDevice().getId() != Device.PRIMARY_ID) {
+    if (auth.getAuthenticatedDevice().getId() != Device.PRIMARY_ID &&
+        auth.getAuthenticatedDevice().getId() != deviceId) {
       throw new WebApplicationException(Response.Status.UNAUTHORIZED);
     }
 
diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/DeviceControllerTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/DeviceControllerTest.java
index b8364817a..a313d714c 100644
--- a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/DeviceControllerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/DeviceControllerTest.java
@@ -810,6 +810,46 @@ void unlinkPrimaryDevice() {
     }
   }
 
+  @Test
+  void removeDeviceBySelf() {
+    final byte deviceId = 2;
+
+    when(accountsManager.removeDevice(AuthHelper.VALID_ACCOUNT_3, deviceId))
+        .thenReturn(CompletableFuture.completedFuture(AuthHelper.VALID_ACCOUNT));
+
+    final Response response = resources
+        .getJerseyTest()
+        .target("/v1/devices/" + deviceId)
+        .request()
+        .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID_3, deviceId, AuthHelper.VALID_PASSWORD_3_LINKED))
+        .header(HttpHeaders.USER_AGENT, "Signal-Android/5.42.8675309 Android/30")
+        .delete();
+
+    assertThat(response.getStatus()).isEqualTo(204);
+    assertThat(response.hasEntity()).isFalse();
+
+    verify(accountsManager).removeDevice(AuthHelper.VALID_ACCOUNT_3, deviceId);
+  }
+
+  @Test
+  void removeDeviceByOther() {
+    final byte deviceId = 2;
+    final byte otherDeviceId = 3;
+
+    try (final Response response = resources
+        .getJerseyTest()
+        .target("/v1/devices/" + otherDeviceId)
+        .request()
+        .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID_3, deviceId, AuthHelper.VALID_PASSWORD_3_LINKED))
+        .header(HttpHeaders.USER_AGENT, "Signal-Android/5.42.8675309 Android/30")
+        .delete()) {
+
+      assertThat(response.getStatus()).isEqualTo(401);
+
+      verify(accountsManager, never()).removeDevice(any(), anyByte());
+    }
+  }
+
   @Test
   void checkVerificationToken() {
     final UUID uuid = UUID.randomUUID();