Tech giant Apple has fixed a security flaw that had allowed the FBI to access a Signal user’s deleted messages through their phone’s push notification database, despite the app being deleted and messages being set to disappear.
In a security advisory released on Wednesday, Apple said it had fixed a bug that allowed “notifications marked for deletion” to be “unexpectedly retained on the device.”
In an X post on Wednesday, Signal said the update fixed the issue that made a user’s messages retrievable by law enforcement.
“Apple’s advisory confirmed that the bugs that allowed this to happen have been fixed in the latest iOS release,” Signal said.
Signal uses end-to-end encryption to secure messages between its users. The bug is a reminder that messaging encryption may not be enough to keep data protected when using certain devices or operating systems.
FBI found a backdoor to private messages
This security flaw was first highlighted by independent technology news website 404 Media, which reported on April 9 that documents recently unsealed in Texas federal court related to an FBI case over an attack on the Prairieland ICE Detention Facility last July.
The court proceedings showed that the FBI was able to forensically extract a defendant’s Signal messages from the iPhone’s notification database, which contained cached, readable previews of incoming Signal messages even after disappearing messages were enabled and the app was deleted.
Related: X rolls out smart cashtags in US, Canada in step toward ‘everything app’
Following the 404 Media report, Signal President Meredith Whittaker called on Apple to quickly fix the issue, noting in an April 14 X post that “notifications for deleted messages shouldn’t remain in any OS notification database.”
Pavel Durov, the co-founder of competing privacy messaging app Telegram, also commented on the report, arguing in an April 14 Telegram post that the only way to truly stay safe was for the app to “force an absence of notification previews” on both ends of a conversation.
Magazine: How to fix suspected insider trading on Polymarket and Kalshi