What happened with Apple and deleted Signal messages?

Apple fixed a bug that allowed deleted Signal messages to remain accessible through an iPhone’s notification database. Law enforcement could retrieve readable previews even after messages were set to disappear and the app was deleted. The issue has now been patched in the latest iOS update.

How was the FBI able to read deleted Signal messages?

Federal Bureau of Investigation accessed cached notification data stored on the device. These notifications contained message previews that were not properly deleted. This created a workaround that bypassed Signal’s disappearing message feature.

Does this mean Signal’s encryption was broken?

No, Signal’s end-to-end encryption was not compromised. The vulnerability existed at the device level, specifically in how iOS handled notifications. This shows that strong encryption does not fully protect data if the operating system leaks information.

Why is this bug important for privacy and security?

The bug highlights a key weakness in mobile security: sensitive data can persist outside encrypted apps. Even if messages are deleted or encrypted, metadata or previews can still be exposed. This raises concerns about how much control users really have over their data.

What exactly did Apple fix in the update?

Apple fixed an issue where “notifications marked for deletion” were still being stored on the device. These retained notifications allowed message previews to remain accessible. The fix ensures that such data is properly removed going forward.

How did this issue come to light?

The flaw was revealed through court documents reported by 404 Media. The documents showed how investigators extracted Signal messages from a suspect’s iPhone. This triggered public scrutiny and pressure on Apple to respond.

What are experts saying about this vulnerability?

Signal President Meredith Whittaker said deleted message notifications should never persist in operating systems. Pavel Durov added that disabling message previews entirely may be the safest approach. Both comments highlight broader concerns about device-level privacy.

Does this affect other messaging apps besides Signal?

Potentially yes, as the issue was tied to how iOS handled notifications, not just Signal itself. Any app displaying message previews could be affected by similar behaviour. This makes it a system-wide privacy concern rather than an app-specific flaw.

Apple fixes bug exposing deleted signal messages

Written by Mahathir BayenaPublished Apr. 23 2026Last Updated Apr. 23 2026

Apple has fixed a security flaw that allowed law enforcement to access deleted Signal messages through an iPhone’s notification database.

The bug caused notifications marked for deletion to remain stored on the device, enabling the Federal Bureau of Investigation to retrieve readable message previews even after the app was removed.

“Apple's advisory confirmed that the bugs that allowed this to happen have been fixed in the latest iOS release,”

Signal said.

The issue was uncovered through court documents showing investigators extracted cached notification data despite Signal’s disappearing message feature being enabled.

Signal president Meredith Whittaker had previously urged Apple to address the flaw, warning that deleted message notifications should not persist in operating system databases.

The case highlights broader security risks at the device level, where encrypted messaging apps may still expose data through system-level storage or notification handling.

It also prompted commentary from Pavel Durov, who argued that disabling notification previews entirely may be necessary to ensure user privacy.