In a court case, the FBI was able to recover deleted Signal messages from an iPhone using Apple's internal notification database. The case raises questions about data storage on iOS.
Signal is considered one of the most secure messaging apps – end-to-end encrypted and with the option to automatically delete messages. However, a report by 404 Media shows that encryption alone is not enough if the iPhone itself stores message content in its internal notification database. In a US court case, the FBI was able to reconstruct incoming Signal messages – even though the app had already been deleted from the device.
The case involves a trial against several individuals charged with an attack on an ICE detention center in Texas. One of the defendants had deleted Signal before her iPhone was seized. Nevertheless, FBI Special Agent Clark Wiethorn was able to testify in court that incoming Signal messages could be recovered from Apple's internal notification database. Outgoing messages were unaffected—only incoming ones.
How is that technically possible?
iOS stores and caches a wide variety of data locally, including notification content. When an app like Signal sends push notifications with message previews, iOS can store the content of these notifications in an internal database. Crucially, Signal offers a setting that prevents message content from being displayed in the notification preview. The defendant apparently hadn't activated this option – and this is precisely what allowed the content to be stored in the system.
There's another factor to consider: When an app is deleted, its associated push token doesn't immediately become invalid. The server doesn't know if the app is still installed and can continue sending notifications. The iPhone then decides what happens to these notifications – and may even continue to store them in its database.
Exactly how the FBI accessed the data is not entirely clear. Both extraction via a device backup and the use of commercial forensic tools that exploit iOS vulnerabilities to access protected data are possible.
Apple's response – or the lack of one
Neither Apple nor Signal have publicly commented on the case. However, one timing detail is noteworthy: With iOS 26.4, Apple changed the way push notification tokens are validated. Whether this is a direct reaction to this case cannot be proven – but the timing is striking.
What iPhone users can learn from this
This case highlights an often overlooked vulnerability: even the most secure messaging app can be compromised if the operating system stores message content outside the app. Users of Signal or similar apps for confidential communication should disable notification previews in the app settings. In Signal, this option can be found under "Settings" > "Notifications" > "Show message content".
As a general rule, encryption protects data during transmission. What happens on the device itself depends on the operating system's local security mechanisms and the user's settings. For maximum security, users should activate iOS's anti-theft features in addition to configuring their apps to further protect against physical access to the device. (Image: Shutterstock / Nomad_Soul)
- Mac sales grow by 9 percent and outperform the PC market
- OpenAI halves the price of ChatGPT Pro – with a focus on Codex
- macOS 26.4.1 released: Bug fixes for the Mac
- Apple Intelligence vulnerable to prompt injection attacks
- Apple requests Samsung Data in US Antitrust Case
- iOS 26.4.1 activates Theft Protection on Company iPhones
- Self-Service Repair: New parts for MacBook Neo & Co.
- iOS 26.4.1 fixes serious iCloud sync bug
- iPhone dominates Smartphone Ranking: Five Models in the Top 10
- iOS 26.4.1 is here: Apple releases bugfix Update
- Apple ranks last in Repairability – with one exception
- WhatsApp is getting a new CarPlay App with full Functionality
- Apple develops AI Tool for UI Prototypes
- Apple and Anthropic are jointly hunting for Security Vulnerabilities
- Studio Display XDR receives FDA approval for Radiology
- Apple Patent: Vision Pro could become modular and upgradeable
- Steam Link comes natively to the Apple Vision Pro
- Dark Matter Season 2 premieres on August 28th on Apple TV
- Apple Arcade May 2026: Nick Jr. Replay and new Games
- MacBook Neo: Demand exceeds Apple's Chip Supply
- Vision Pro: Insiders report on chaotic Store Launch
- China intensifies attacks on Apple's Chip Manufacturer TSMC
- Class action lawsuit accuses Apple of using YouTube videos for AI training
