FBI Extracted Deleted Signal Messages from a Defendant’s iPhone
So it appears the FBI was able to extract Signal messages from a iPhone even after the app was deleted and messages were set to disappear. This highlights that even encrypted apps can leave traces. Notification databases are often a overlooked privacy risk.
What happened:
- The FBI didn’t break Signal’s encryption or anything like that. They simply accessed the iPhone’s internal notification database, where incoming message previews were stored.
- If Signal (or any other app) is set to show message previews in notifications, those previews are saved in the phone’s memory, regardless of whether the app is deleted or messages are set to disappear.
- So even if you delete Signal or use disappearing messages, anyone with physical access to your unlocked phone could potentially recover message content from notifications.
Recommened steps for better privacy:
- Disable message previews in Signal’s notification settings. Go to Signal Settings > Notifications > Show > and select “No Name or Content” or “Name Only.
- Consider disabling notifications for sensitive apps entirely.
- The phone needs to be unlocked to access the notification database. Always use a strong passcode and consider additional security measures like USB Restricted Mode.
Edit: Just to clarify this post isn’t targeting Signal in anyway or suggesting any flaw in its encryption. I'm trying to raise awareness about how even after an app or messages are deleted, IOS and others devices can store sensitive data. It's just to get everyone to review their settings as no app can protect you if your device is physically compromised.
Stay safe!