Apple has released a security update to address a significant flaw that permitted the FBI to access deleted Signal messages from an iPhone's notification database. The bug allowed for "notifications marked for deletion" to be "unexpectedly retained on the device."
This vulnerability meant that even after a Signal user deleted messages or the app itself, the FBI could still extract readable previews from the phone's push notification data. Signal confirmed that Apple's latest iOS release resolves this issue.
The security flaw was initially reported by 404 Media, detailing how court documents revealed the FBI's ability to forensically retrieve Signal messages from a defendant's iPhone notification database. These cached previews remained accessible despite disappearing messages being enabled and the app being removed.
Signal President Meredith Whittaker had called on Apple to fix the issue, stating that "notifications for deleted messages shouldn't remain in any OS notification database." The incident serves as a reminder that messaging encryption alone may not guarantee data protection on certain devices or operating systems.