Apple Fixes Bug That Let FBI Extract Deleted Signal Messages
Key Takeaways
- Apple patched a bug that cached notification content for up to a month, even after messages were deleted
- The FBI used this flaw to extract deleted Signal messages from an iPhone using forensic tools
- Signal's disappearing messages feature was effectively bypassed by the iOS notification system
Apple released a software update on Wednesday that closes a security hole law enforcement had been using to extract deleted messages from iPhones. The bug affected how iOS handled notifications from messaging apps like Signal.
The problem: when a notification displayed a message's content, iOS cached that content in a device database. The cache persisted for up to a month. Deleting the message inside the app did nothing to remove it from the notification database.
In its security notice, Apple confirmed that "notifications marked for deletion could be unexpectedly retained on the device." The company backported the fix to users still running the older iOS 18 software.
How the FBI Exploited the Flaw
The issue came to light earlier this month when 404 Media reported that the FBI had successfully extracted deleted Signal messages from someone's iPhone. Agents used forensic tools to pull the cached notification content. The messages had been displayed in notifications before the user deleted them or before Signal's auto-delete timer kicked in.
This matters because Signal and similar apps offer disappearing messages as a core privacy feature. Users can set timers that automatically delete messages after a set period. The feature exists specifically to protect conversations if authorities seize a device.
The iOS notification cache created a backdoor around that protection. Even if a message vanished from Signal, its content lived on in the notification database.
Signal's Response
Signal president Meredith Whittaker publicly called on Apple to address the issue after the 404 Media report.
“Notifications for deleted messages shouldn't remain in any OS notification database.”
— Meredith Whittaker, Signal president, via Bluesky
Apple has not explained why notification content was being logged in the first place. The company did not respond to TechCrunch's request for comment on that question. The fact that Apple released a fix suggests the retention was unintentional.
Why Privacy Advocates Are Alarmed
Disappearing messages are not just for people with something to hide. Journalists protecting sources, activists in hostile regimes, executives discussing sensitive business matters, and abuse survivors all rely on these features.
When a security feature can be bypassed through an OS-level bug, those users face real risk. They believe their messages are gone. They are not.
The FBI's ability to extract this data using forensic tools shows that the vulnerability was not theoretical. It was actively exploited in at least one real investigation.
What Users Should Do
If you use Signal, WhatsApp, or any app with disappearing messages, update your iPhone or iPad immediately. The fix is available in the latest iOS and iPadOS releases, and Apple has also pushed it to users on iOS 18.
- Go to Settings > General > Software Update
- Install any available updates
- Consider disabling notification previews for sensitive messaging apps (Settings > Notifications > [App] > Show Previews > Never)
Disabling notification previews does not eliminate all forensic risks, but it reduces the data available in caches and logs.
Logicity's Take
Another case where device and data security intersected with law enforcement
Frequently Asked Questions
What iOS bug allowed the FBI to extract deleted messages?
iOS was caching notification content in a database for up to a month, even after the messages were deleted in apps like Signal. Forensic tools could access this cache.
Has Apple fixed the deleted messages bug?
Yes. Apple released a fix on Wednesday, April 22, 2026. The patch is available for current iOS and iPadOS versions, and Apple backported it to iOS 18.
Does this affect Signal's disappearing messages feature?
It did. The bug meant messages could be recovered from the notification cache even after Signal's auto-delete timer removed them from the app.
How can I protect my iPhone messages from forensic extraction?
Update to the latest iOS immediately. You can also disable notification previews for sensitive apps by going to Settings > Notifications > [App] > Show Previews > Never.
Why was Apple caching notification content?
Apple has not explained. The fact that they released a fix suggests it was a bug, not intended behavior.
Need Help Implementing This?
Source: TechCrunch / Lorenzo Franceschi-Bicchierai
Specific OS Version and Scope of Exposure Revealed
The new source identifies the specific software update as iOS 26.4.2 and provides the technical clarification that only incoming messages were stored in the database, meaning the sender's own outgoing messages remained secure. It also attributes the original investigation to 404 Media.
Huma Shazia
Senior AI & Tech Writer
Related Articles
Browse all
Robotaxi Companies Are Hiding How Often Humans Take the Wheel
Autonomous vehicle firms like Waymo and Tesla are under scrutiny for refusing to disclose how often remote operators step in to control their self-driving cars. A Senate investigation reveals major gaps in transparency, raising safety and accountability concerns.
Wisconsin Governor Throws a Wrench in Age Verification Plans
Wisconsin Governor Tony Evers has vetoed a bill that would have required residents to verify their age before accessing adult content online, citing concerns over privacy and data security. This move comes as several other states have already implemented similar age check requirements. The veto has significant implications for the future of online age verification.
Apple's App Store Empire Under Siege: The Battle for the Future of Tech
The long-running feud between Apple and Epic Games has reached a boiling point, with Apple preparing to take its case to the Supreme Court. The tech giant is fighting to maintain control over its App Store, while Epic Games is pushing for more freedom for developers. The outcome could have far-reaching implications for the entire tech industry.
Tesla's Remote Parking Feature: The Investigation That Didn't Quite Park Itself
The US auto safety regulators have closed their investigation into Tesla's remote parking feature, but what does this mean for the future of autonomous driving? We dive into the details of the investigation and what it reveals about the technology. The National Highway Traffic Safety Administration found that crashes were rare and minor, but the investigation's closure doesn't necessarily mean the feature is completely safe.
Also Read
Honor Launches 4 Earbuds Globally, Including a Mouse-Case Hybrid
Honor has rolled out four earbud models to global markets at a Malaysia event. The lineup ranges from $50 budget buds to a $125 open-ear design, plus a quirky product that stores earbuds inside a wireless mouse.
Google Pixel Battery Drain Fix: 5 Tips That Work Until May Update
A bug in the April 2026 Android update prevents Pixel phones from entering deep sleep, draining batteries even while idle. Google has acknowledged the issue and promised a fix in May. Until then, these workarounds can help you reclaim your battery life.
4 Terminal Tools That Make the Command Line Less Scary
The terminal's reputation for being intimidating is deserved, but a handful of modern tools can flatten the learning curve. From AI assistants that translate plain English into shell commands to smarter file managers, these utilities help new users get productive faster without memorizing hundreds of commands.