Did you happen to notice the brand of phone he had? If it was the same as yours (
any of your paired phones), that might increase the odds of the Bluetooth addresses being accidentally duplicated at the factory, which might help explain this. If his phone happened to duplicate the Bluetooth address of a phone that's paired to your car and set up as a key, but that was not the phone you tried to use, then that might also explain why yours couldn't unlock his car. Another possible explanation for this point is if his phone lacked cell or WiFi service but yours had it (because of different carriers, for instance). In that case, given what
@stopcrazypp and
@father_of_6 say, it's possible that your phone didn't attempt to fall back to Bluetooth but the other Tesla owner's phone did.
In fact, a simple experiment seems worth doing, involving two friends with Teslas: Person A disables WiFi and cell service on their phone, approaches Person B's Tesla (within Bluetooth range), and uses Person A's phone's Tesla app to try to unlock the car, pop the trunk, open the charge port, etc. It's conceivable that this fallback for manual unlocking was written with much-too-lax security and will work on any Tesla, much like any Supercharger, Wall Connector, or Mobile Connector will open the charge port on any Tesla. If this is the case, it's a jaw-dropping security flaw, so I hope it's not what's happening.