Apple patched an iOS/iPadOS bug where notification content from deleted Signal messages was cached locally for up to a month, enabling forensic extraction by law enforcement.
Key Takeaways
The bug: iOS stored notification text in an on-device database and failed to purge it when the originating app (Signal) was deleted or its messages expired.
FBI used commercial forensic tools to recover deleted Signal messages from a seized iPhone via this notification cache, exposing disappearing-message users.
Apple backported the fix to iOS 18, not just iOS 19, suggesting the retention behavior affected a wide installed base.
Signal president Meredith Whittaker publicly called on Apple to fix it; the patch arrived weeks after 404 Media broke the original story.
Disappearing-message features in Signal and WhatsApp are rendered unreliable if the underlying OS retains notification plaintext independently of the app.
Hacker News Comment Review
Commenters drew a hard line between two distinct issues: the deletion bug Apple fixed (notifications not purged on app removal) and the broader unfixed issue (notification content stored in a plaintext OS database at all).
Consensus: the real systemic risk is OS-level notification logging that operates outside the app’s control – Signal can delete its own data but cannot control what iOS logs via notification APIs, a fundamental trust boundary problem.
Practical mitigation discussed: enabling Signal’s “no message preview” notification setting so the OS notification DB never receives plaintext content in the first place; this requires the receiver to configure it, not the sender.
Notable Comments
@NikolaosC: “This is exactly the kind of bug that isn’t a bug – it’s what happens when privacy is owned by the app but the OS isn’t aligned.”
@6thbit: Clarifies the specific trigger – deleting the Signal app marks its notifications for removal, and the bug was that iOS failed to honor that deletion from the local DB.
@Canada: Broadens the pattern: OS and app storage layers routinely retain data users believe deleted; device-level forensic hygiene is effectively impossible short of a full wipe.
