Apple Fixes Bug That Let FBI Extract Deleted Signal Messages

Key Takeaways

• Apple patched a bug that cached notification content for up to a month, even after messages were deleted
• The FBI used this flaw to extract deleted Signal messages from an iPhone using forensic tools
• Signal's disappearing messages feature was effectively bypassed by the iOS notification system

Apple released a software update on Wednesday that closes a security hole law enforcement had been using to extract deleted messages from iPhones. The bug affected how iOS handled notifications from messaging apps like Signal.

The problem: when a notification displayed a message's content, iOS cached that content in a device database. The cache persisted for up to a month. Deleting the message inside the app did nothing to remove it from the notification database.

In its security notice, Apple confirmed that "notifications marked for deletion could be unexpectedly retained on the device." The company backported the fix to users still running the older iOS 18 software.

How the FBI Exploited the Flaw

The issue came to light earlier this month when 404 Media reported that the FBI had successfully extracted deleted Signal messages from someone's iPhone. Agents used forensic tools to pull the cached notification content. The messages had been displayed in notifications before the user deleted them or before Signal's auto-delete timer kicked in.

This matters because Signal and similar apps offer disappearing messages as a core privacy feature. Users can set timers that automatically delete messages after a set period. The feature exists specifically to protect conversations if authorities seize a device.

The iOS notification cache created a backdoor around that protection. Even if a message vanished from Signal, its content lived on in the notification database.

Signal's Response

Signal president Meredith Whittaker publicly called on Apple to address the issue after the 404 Media report.

“Notifications for deleted messages shouldn't remain in any OS notification database.”

— Meredith Whittaker, Signal president, via Bluesky

Apple has not explained why notification content was being logged in the first place. The company did not respond to TechCrunch's request for comment on that question. The fact that Apple released a fix suggests the retention was unintentional.

Why Privacy Advocates Are Alarmed

Disappearing messages are not just for people with something to hide. Journalists protecting sources, activists in hostile regimes, executives discussing sensitive business matters, and abuse survivors all rely on these features.

When a security feature can be bypassed through an OS-level bug, those users face real risk. They believe their messages are gone. They are not.

The FBI's ability to extract this data using forensic tools shows that the vulnerability was not theoretical. It was actively exploited in at least one real investigation.

What Users Should Do

If you use Signal, WhatsApp, or any app with disappearing messages, update your iPhone or iPad immediately. The fix is available in the latest iOS and iPadOS releases, and Apple has also pushed it to users on iOS 18.

• Go to Settings > General > Software Update
• Install any available updates
• Consider disabling notification previews for sensitive messaging apps (Settings > Notifications > [App] > Show Previews > Never)

Disabling notification previews does not eliminate all forensic risks, but it reduces the data available in caches and logs.

Frequently Asked Questions

What iOS bug allowed the FBI to extract deleted messages?

iOS was caching notification content in a database for up to a month, even after the messages were deleted in apps like Signal. Forensic tools could access this cache.

Has Apple fixed the deleted messages bug?

Yes. Apple released a fix on Wednesday, April 22, 2026. The patch is available for current iOS and iPadOS versions, and Apple backported it to iOS 18.

Does this affect Signal's disappearing messages feature?

It did. The bug meant messages could be recovered from the notification cache even after Signal's auto-delete timer removed them from the app.

How can I protect my iPhone messages from forensic extraction?

Update to the latest iOS immediately. You can also disable notification previews for sensitive apps by going to Settings > Notifications > [App] > Show Previews > Never.

Why was Apple caching notification content?

Apple has not explained. The fact that they released a fix suggests it was a bug, not intended behavior.

Source: TechCrunch / Lorenzo Franceschi-Bicchierai

Specific OS Version and Scope of Exposure Revealed

The new source identifies the specific software update as iOS 26.4.2 and provides the technical clarification that only incoming messages were stored in the database, meaning the sender's own outgoing messages remained secure. It also attributes the original investigation to 404 Media.