FBI Retrieves Deleted Signal Messages via iPhone Notification Data
What Happened — A recent court filing reveals that the FBI was able to recover messages deleted from the Signal app by extracting them from iPhone notification logs, which retain message previews even after the user deletes the conversation.
Why It Matters for TPRM —
- Confidential communications thought to be deleted can still be exposed through device‑level data, increasing privacy risk for third‑party relationships.
- Organizations that mandate Signal for secure collaboration must reassess its effectiveness on iOS devices.
- The finding highlights a broader challenge: endpoint data‑retention mechanisms can undermine vendor‑provided encryption guarantees.
Who Is Affected — Any sector that relies on Signal for sensitive internal or client communications (e.g., healthcare, financial services, legal, government, and technology firms).
Recommended Actions —
- Review and restrict the use of Signal on iOS devices where notification data cannot be fully cleared.
- Deploy mobile device management (MDM) policies that disable or purge notification previews for high‑risk apps.
- Consider alternative end‑to‑end encrypted messaging solutions that store no residual data on the endpoint.
- Conduct user awareness training on iOS notification behavior and data‑privacy implications.
Technical Notes — The recovery leveraged iOS’s notification service, which caches message snippets in the notification center. No specific CVE was involved; the issue stems from the operating system’s design. Affected data includes message content, timestamps, and sender/receiver metadata. Source: HackRead