Apple fixes iOS bug that let FBI recover Signal previews

Apple issued a fix in the latest iOS release for a vulnerability that allowed readable previews of Signal messages to remain in a device notification database after the Signal app was deleted and disappearing messages were enabled.

In a security advisory released Wednesday, Apple said the bug caused “notifications marked for deletion” to be “unexpectedly retained on the device.” The company advised users to update to the newest iOS version to receive the patch.

Unsealed court documents in a Texas federal case tied to a July attack on the Prairieland ICE Detention Facility show that FBI forensic examiners extracted cached, readable previews of incoming Signal messages from an iPhone notification database. The previews were recoverable even after a user enabled disappearing messages and removed the Signal app.

Signal confirmed the issue is addressed. On the platform X, the company wrote that Apple’s advisory “confirmed that the bugs that allowed this to happen have been fixed in the latest iOS release.”

Signal president Meredith Whittaker posted that “notifications for deleted messages shouldn’t remain in any OS notification database.” Pavel Durov, co-founder of competitor Telegram, argued on his platform that apps should enforce the absence of notification previews on both ends of a conversation.

Signal uses end-to-end encryption to protect messages while they travel between devices. The retained previews were created for push notifications, which typically include short text snippets so users can see messages on the lock screen or in the notification center.

Apple’s advisory did not identify which agency recovered the previews but acknowledged the retained notifications represented a failure to remove data marked for deletion. The company recommended that users install the latest iOS update to apply the security fix.