Apple has fixed a security bug that, it turns out, was basically leaving a back door open for law enforcement to snoop on deleted Signal messages. Whoops.
For those who thought using encrypted apps like Signal meant their secrets were safe, here’s the kicker: Apple was storing push notifications containing parts of those messages for up to a month. That’s right - even after you set the message to self-destruct or deleted the app entirely, a digital ghost remained in the notification database, just waiting for a subpoena.
The issue came to light thanks to 404 Media, which spoke to attendees of a hearing where the FBI testified it had “forensically extract[ed] copies of incoming Signal messages from a defendant’s iPhone, even after the app was deleted, because copies of the content were saved in the device’s push notification database.” The case in question? The first time authorities charged people for alleged “Antifa” activities after President Trump designated the term a terrorist organization. Because of course that’s the case.
On Wednesday, Apple confirmed it had fixed the bug. Affected users can update their devices to stop what Apple described as “notifications marked for deletion” that “could be unexpectedly retained on the device.” According to Apple, the push notifications should never have been stored, but a “logging issue” failed to redact the data. So it was less a malicious plot and more a bureaucratic fumble - small comfort if you were the defendant.
Over on Bluesky, Signal celebrated the fix, saying it was “very happy” Apple didn’t drag its feet. “We’re grateful to Apple for the quick action here, and for understanding and acting on the stakes of this kind of issue,” the post read. “It takes an ecosystem to preserve the fundamental human right to private communication.” Signal confirmed that after users update their devices, “no action is needed for this fix to protect Signal users on iOS. Once you install the patch, all inadvertently-preserved notifications will be deleted and no forthcoming notifications will be preserved for deleted applications.”
But not everyone is ready to high-five. On Signal’s thread, users debated whether the update is enough. Some argued the real takeaway is to disable message previews entirely, a sentiment echoed by Signal president Meredith Whittaker, who previously advised users to set notifications to “Show ‘No Name or Content'” to avoid privacy concerns. One Bluesky user, LofiTurtle, summed it up: “By having message previews in notifications, you’re giv[ing] the OS access to that content without being sure how it will handle those messages. This patch removes one known method, but for full assurance you should just turn off previews so the OS never sees it in the first place.”
Another user, Alexndr, wondered what else might be lurking in iOS notification caches: “The notification content surviving app deletion is the wild part. Glad it’s patched but makes you wonder what else is sitting in iOS notification caches.”
A more charitable take came from Coyote, who noted Apple’s blog clarified it was a logging issue, not a caching one: “Notification content wasn’t supposed to make it into diagnostic logs but sometimes did. Specifically happened when you get a notification the phone can’t handle, like when the app it is for has been deleted.”
Still, questions linger. Apple made headlines last year for pulling end-to-end encryption in the UK to avoid a law that made it easier for officials to spy on encrypted chats. And 404 Media noted that globally, law enforcement has increasingly relied on push notifications as an investigative strategy. Last year, Apple caved to legal demands that “gave governments data on thousands of push notifications.” So maybe don’t get too comfortable.