FBI Extracts Deleted Signal Messages from iPhone Notification Database

404 Media reports (alternate site):

The FBI was able to forensically extract copies of incoming Signal messages from a defendant’s iPhone, even after the app was deleted, because copies of the content were saved in the device’s push notification database….

The news shows how forensic extraction—­when someone has physical access to a device and is able to run specialized software on it—­can yield sensitive data derived from secure messaging apps in unexpected places. Signal already has a setting that blocks message content from displaying in push notifications; the case highlights why such a feature might be important for some users to turn on.

“We learned that specifically on iPhones, if one’s settings in the Signal app allow for message notifications and previews to show up on the lock screen, [then] the iPhone will internally store those notifications/message previews in the internal memory of the device,” a supporter of the defendants who was taking notes during the trial told 404 Media.

Tags: , , , ,

Posted on April 23, 2026 at 7:05 AM8 Comments

Comments

Liar Liar April 23, 2026 9:23 AM

Idaho LOYA Raymond D. Schild, as well as John Prior, as well as Jonathan D. Loschi MUST BE DISBARRED for receiving BRIBES TO DELIBERATELY NOT DEFEND THEIR CLIENTS that they were RETAINED TO DEFEND.

They are the CANCER TO THE INNOCENT PEOPLE.

Ramayla Duratovic, a Bosnian Muslim, a Shriner in Boise Idaho,
as well as Christina Martinez, a real estate agent in Boise Idaho, another Shriner – MUST BE LOCKED UP FOR ARRANGING AND FUNNELING BRIBE MONEY TO Raymond Schild and John Prior TO DELIBERATELY NOT DEFEND THEIR CLIENT WHO RETAINED THEM (by not filing direct appeal, DELIBERATELY missing filing deadlines in Federal Court, lying to the court and filing FALSE STATEMENTS IN ORDER TO DAMAGE THEIR CLIENT DELIBERATELY, etc…etc…)….

You CANNOT HIDE THE TRUTH FOREVER, SEE BELOW:

s

h

o

r

t

u

r

l

.

a

t

/

f

E

v

m

w

Copy the link above to see what kind of human g@rb@g3 walks this Earth!

Gheese April 23, 2026 10:30 AM

The same essentially applies to Android, even GrapheneOS, IF the notification history is enabled (Settings > Notifications > Notification history).

I do not want to endorse or shame Android/iOS/GrapheneOS, I took this as a wake-up call, to check the settings on my devices.

Clive Robinson April 23, 2026 1:18 PM

@ Anonymous, ALL,

404 Media lets you see the article title.

Cut and paste this into DuckDuck or similar and you will usually get a link to MSM.

However the link appears locked to you (which is why I’ve not posted the one I got given).

But you will get other links like,

https://www.msn.com/en-us/news/technology/how-the-fbi-extracted-deleted-signal-messages-from-a-defendants-iphone/ar-AA20zeaP

That may work for others.

In this case it’s not the original 404 Media article but one that explains it.

Put simply what the FBI did was not by a failing of Signal but using it in the Apple OS.

Put simply “screen alerts” get put in a “Client Side Database” that is part of the OS and it can be scanned, as well as holding data in a persistent way.

I’ve warned in the past that “secure message apps” are not secure unless the system they are used in is secure. In this case the Apple OS is very far from secure hence once the app had produced “Client side plaintext” it was “snagged, tagged and bagged” by the OS and any place it copied the plaintext Database to.

I’ve mentioned several times in the past that neither Signal or WhatsApp are in any way “secure” when built into an “insecure system”

It’s why I advise doing message encryption/decryption off of the device that does “communications” by using an “Energy Gap”.

Judging by the comments I’ve had these past few days, it’s probably the right time for our host @Bruce to write a piece about the fact E2EE and Secure Messaging Apps really don’t give you any real “Privacy” and in all honesty they actually paint a big fat target on your back, even after you think you’ve removed them from your device…

In the past I’ve posted comments on this blog explaining the individual parts and why they can go wrong and ways to avoid them.

However in almost all cases the “Secure Privacy” is not “Convenient” so the average user goes about things the wrong way… Thus ends up on the sharp end of a very expensive court appearance that could lead to life imprisonment and the taking away of all assets they have. And in the US, UK, Australia and many other countries the legislation is quite deliberately stacked against you so you in effect “have no lawful defence”…

lurker April 23, 2026 1:50 PM

@Gheese, ALL

I’ve just been through the torture of a new phone, where everything is turned ON by default. It’s a tedious chore to turn off Notifications app by app, and some users won’t know or be bothered to do it. Android depends on the device maker’s ROM whether Notification History is global or by individual app,

Chris R April 23, 2026 2:23 PM

@Clive, secure messaging services exist to serve a more general audience that in practice will not jump through what you’re describing as an “Energy Gap” process to communicate with any degree of security; all that’ll be achieved by that is making any degree of secure messaging unattainable.

Signal, and other secure messaging services, exist on a continuum of security; they address many of the threats to user privacy that might exist, but are not and cannot be perfect. Your argument seems to suggest that unless perfection can be achieved, it only makes sense to simply not try and I just flat out reject that claim.

Clive Robinson April 23, 2026 5:36 PM

@ ALL,

Apparently Signal asked Apple to fix the issue…

And there is an update or two coming down the pipeline,

https://techcrunch.com/2026/04/22/apple-fixes-bug-that-cops-used-to-extract-deleted-chat-messages-from-iphones/

@ Chris R,

With regards your comment of,

“secure messaging services exist to serve a more general audience that in practice will not jump through what you’re describing as an “Energy Gap” process to communicate with any degree of security; all that’ll be achieved by that is making any degree of secure messaging unattainable.”

Very secure messaging has followed the “energy gap” principle between the “Communications End Point” and the “Security End Point” for longer than even very primitive computers have existed.

Prior to the use of computers maintaining an “energy gap” was trivial thus a high degree of security was easily possible. Later named by Claude Shannon (1949) as “Perfect Secrecy” it was not just possible, but easily achieved.

Thus became the “gold standard” by which all other systems were measured. Importantly it was also easily obtained and during WWII used for the protection of SOE and other “behind the lines” operators,

“Shannon didn’t just invent a new code; he established the mathematical laws that govern all codes. He gave us a way to measure security, defined what “unbreakable” truly means, and laid the foundation for the secure communication we rely on for everything from online banking to private messaging.

The Holy Grail: Defining Perfect Secrecy

The cornerstone of Shannon’s work is a concept called perfect secrecy. It’s the ultimate standard for security a system so strong that the encrypted message gives an attacker zero new information about the original message. Even with infinite computing power, the attacker is no closer to guessing the message than they were before.”

https://www.linkedin.com/pulse/what-perfect-secrecy-guide-claude-shannons-theory-encryption-qhvkc

As it is trivial to obtain such levels of security, one has to wonder why you think,

“Signal, and other secure messaging services, exist on a continuum of security; they address many of the threats to user privacy that might exist, but are not and cannot be perfect. Your argument seems to suggest that unless perfection can be achieved, it only makes sense to simply not try and I just flat out reject that claim.”

As I have said, repeatedly “perfect security” can be trivially obtained with just a “pencil, paper and match”. So your “Strawman Argument” of,

“unless perfection can be achieved”

Is an invented nonsense by you.

So people should ask why do you think that “a continuum of security” should be accepted?

“Just because computers are used”

It is that type of thinking that makes “insecure standard” by practice. Which has been the aim of “Authoritarian Guard Labour” working in right wing if not fascist environments since the 1970’s.

Which begs the second question,

“Why do you want to be an apologist for such people as the current US Executive administration and appointed leaders of the US DOJ, FBI, ICE and worse”?

When informing people how to avoid such is “trivially possible”?

Let’s be generous and say,

“Maybe you are not as informed as you think you are…”

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.