Apple has fixed a security flaw that let notifications marked for deletion stay on a device longer than expected.
Summary
- Apple patched an iPhone flaw that kept deleted Signal message previews stored inside notification databases.
- Federal investigators reportedly recovered readable Signal previews after the app was deleted from iPhones later.
- Signal said Apple’s latest iOS release fixed bugs that retained deleted message notifications on devices.
In security notes for iOS 26.4.2 and iOS 18.7.8, Apple said the issue affected Notification Services and described the problem this way:
“Notifications marked for deletion could be unexpectedly retained on the device.” The company said it fixed the bug with “improved data redaction.”
The patch followed reports that the flaw exposed readable Signal message previews in an iPhone notification database. Apple did not name Signal in its advisory, but the update came after public reporting linked the retained notifications to a federal investigation. The fix is now available through Apple’s latest iPhone and iPad software releases.
Court evidence drew attention to the flaw
The issue became public after court testimony in a Texas federal case showed that investigators recovered Signal message previews from an iPhone’s notification database. According to that report, the FBI forensically extracted incoming Signal messages from a defendant’s iPhone even after the app had been deleted because message content remained in the phone’s push notification database.
The recovered data covered incoming messages, not outgoing ones. Apple’s update addressed an issue where deleted notifications could stay on the device, though Apple did not directly connect the patch to that case in its own advisory. That reporting helped place the court evidence and Apple’s fix on the same timeline.
Signal says the latest iOS update addresses the issue
Signal said Apple’s latest update fixed the bugs behind the problem. In a post on X, the messaging app wrote, “Apple’s advisory confirmed that the bugs that allowed this to happen have been fixed in the latest iOS release.” That statement came hours after Apple published its security notes.
Signal and outside reporting both pointed to a device-level storage issue, not a break in Signal’s end-to-end encryption. The message content appears to have been exposed through notification previews stored by the operating system. That meant the privacy gap came from how the phone handled alerts rather than from Signal’s core encryption system.
Furthermore, the case renewed focus on how message previews appear on locked screens and in local notification logs. Reporting on the incident said users who allow full notification previews may leave more readable content stored on a device, even when the messaging app itself uses strong encryption.
