{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreidzm2lis4q74vznng6fvnorizpnfxfeoqej6n577er3w3sdn55tge",
"uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mj7dvp6gm3k2"
},
"path": "/t/signal-messages-retrieved-from-ios-notification/36475#post_6",
"publishedAt": "2026-04-11T05:59:30.000Z",
"site": "https://discuss.privacyguides.net",
"tags": [
"404 Media – 9 Apr 26",
"FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification...",
"Archive link (No Paywall).",
"@henry-fisher",
"Techlore",
"Mastodon",
"BlueSky",
"Twitter"
],
"textContent": "404 Media – 9 Apr 26\n\n### FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification...\n\nThe case was the first time authorities charged people for alleged “Antifa” activities after President Trump designated the umbrella term a terrorist organization.\n\nArchive link (No Paywall).\n\n**TL;DR:**\n\n> _**The FBI was able to forensically extract copies of incoming Signal messages from a defendant’s iPhone, even after the app was deleted, because copies of the content were saved in the device’s push notification database […]**_\n\n@henry-fisher from Techlore also provided some useful contextualization on his socials:\n\nMastodon\nBlueSky\nTwitter\n\n> _When Signal messages arrive, iOS stores push notification previews locally on the device. Those previews stayed behind even after Signal was uninstalled._\n>\n> _Two things:_\n>\n> * _Only incoming messages were captured this way_\n> * _Disappearing messages that had already vanished inside Signal were still recoverable from the notification cache_\n>\n\n>\n> _This is iOS behavior, not a Signal vulnerability. And likely impacts other apps._\n>\n> _This is a very high threat model concern, though the fix is straightforward:_\n> _Signal → Settings → Notifications → Show → set to “No Name or Content”_\n>\n> _You’ll still get a notification ping, but iOS just won’t cache anything useful._",
"title": "Signal messages retrieved from iOS notification"
}