The FBI has successfully recovered deleted Signal messages from a defendant's iPhone, even after the messaging app was removed from the device. Investigators accessed the phone's notification database, where alerts containing incoming messages were stored.
This method allowed the FBI to retrieve messages the user had received, despite the app's end-to-end encryption and the user's attempt to delete them. The vulnerability stems from how iOS stores message previews in its notification system. Any app with permission to display alerts on the Lock Screen can potentially expose message content if not properly configured.
Signal offers a security setting that can mitigate this risk. Users can enable an option to block message content from appearing in notifications, revealing only that a message has been received. This setting, found under Signal's Notification Content options, must be manually activated to prevent unauthorized access to message previews.