Apple fixes bug that cops used to extract deleted chat messages from iPhones

· privacy hardware · Source ↗

TLDR

  • Apple patched a bug where notification content from deleted Signal messages was cached in an iOS database for up to a month, enabling forensic extraction.

Key Takeaways

  • The FBI extracted deleted Signal messages from a seized iPhone using forensic tools because notification text was stored in a local OS database even after messages were deleted inside Signal.
  • Apple’s fix addresses notifications marked for deletion not being removed from the local notification database, including when the source app is uninstalled.
  • The fix was backported to iOS 18, meaning older devices not on iOS 19 also received the patch.
  • Signal president Meredith Whittaker publicly pushed Apple to address the issue after 404 Media broke the original FBI story.
  • Signal’s disappearing messages feature was effectively bypassed not by breaking Signal’s encryption, but by the OS retaining plaintext notification content separately.

Hacker News Comment Review

  • Commenters stressed that the notification storage bug is only part of the problem: the deeper issue is that iOS displays decrypted message text in notifications and logs it to a local database outside the app’s control, a design tension that persists even after this patch.
  • Consensus was that the safest mitigation is enabling Signal’s generic notifications option so message content never appears in the notification text at all, putting the fix in users’ hands rather than Apple’s.
  • Several commenters generalized the issue beyond Signal: OS-level notification and storage databases routinely retain data that apps believe they have deleted, and the problem extends to Notes, iMessage sync across devices, and similar surfaces where deletion semantics are unclear.

Notable Comments

  • @NikolaosC: “Signal deletes the message. Apple keeps the notification… This is exactly the kind of bug that isn’t a bug it’s what happens when privacy is owned by the app but the OS isn’t aligned.”
  • @6thbit: The defendant had deleted the Signal app entirely, which should have triggered notification cleanup – the bug was that iOS failed to purge those records even then.

Original | Discuss on HN

Related coverage