Apple fixed a security bug that made it possible for cops to access content from deleted Signal messages.
Vulnerable users hoping to evade law enforcement surveillance often use encrypted apps like Signal to communicate sensitive information. That’s why users felt blindsided when 404 Media reported that Apple was unexpectedly storing push notifications displaying parts of encrypted messages for up to a month. This occurred even after the message was set to disappear and the app itself was deleted from the device.
404 Media flagged the issue after speaking to multiple people who attended a hearing where the FBI testified that it “was able to forensically extract copies of incoming Signal messages from a defendant’s iPhone, even after the app was deleted, because copies of the content were saved in the device’s push notification database.” The shocking revelation came in a case that 404 Media noted was “the first time authorities charged people for alleged ‘Antifa’ activities after President Trump designated the umbrella term a terrorist organization.”
On Wednesday, Apple confirmed that it had fixed a bug allowing the FBI to access this content. Affected users concerned about push notifications can update their devices to stop what Apple characterized as “notifications marked for deletion” that “could be unexpectedly retained on the device.”
According to Apple, the push notifications should never have been stored, but a “logging issue” failed to redact data.
On Bluesky, Signal celebrated the update, saying it was “very happy” that Apple did not delay fixing the bug.
“We’re grateful to Apple for the quick action here, and for understanding and acting on the stakes of this kind of issue,” Signal’s post said. “It takes an ecosystem to preserve the fundamental human right to private communication.”
In their post, Signal confirmed that after users update their devices, “no action is needed for this fix to protect Signal users on iOS.”
“Once you install the patch, all inadvertently-preserved notifications will be deleted and no forthcoming notifications will be preserved for deleted applications,” Signal said.
Ars could not immediately reach Apple or Signal for additional comments.
User panic remains
On Signal’s thread, however, users debated whether the update was sufficient, with some urging that best practice is likely still to disable message previews entirely to limit device access to sensitive chats. Previously, Signal president Meredith Whittaker had posted on Bluesky to remind users that they can update Signal settings to “Show ‘No Name or Content’” in push notifications and avoid privacy concerns. Some users agreed that enabling message previews on any kind of device—not just Apple’s—seemed unwise in light of 404 Media’s reporting.
“By having message previews in notifications, you’re giv[ing] the OS access to that content without being sure how it will handle those messages,” a Bluesky user “LofiTurtle” wrote. “This patch removes one known method, but for full assurance you should just turn off previews so the OS never sees it in the first place.”
Another Bluesky user, “Alexndr,” speculated that Apple’s update suggested there may be other concerning content stored in ways that might frustrate other app users.
“The notification content surviving app deletion is the wild part,” Alexndr wrote. “Glad it’s patched but makes you wonder what else is sitting in iOS notification caches.”
Somewhat defending Apple, a Bluesky user, “Coyote,” emphasized that Apple’s blog made it clear that it wasn’t a caching issue, but a logging issue.
“Notification content wasn’t supposed to make it into diagnostic logs but sometimes did,” Coyote suggested. “Specifically happened when you get a notification the phone can’t handle, like when the app it is for has been deleted.”
For Apple users, questions likely remain since governments seem keen to access encrypted chats however they can. Apple made headlines last year for pulling end-to-end encryption in the United Kingdom to avoid complying with a law that made it easier for government officials to spy on encrypted chats. 404 Media noted that globally, law enforcement has increasingly relied on “push notifications more broadly as an investigative strategy.” Last year, Apple caved to legal demands that “gave governments data on thousands of push notifications,” 404 Media reported.
