FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database

MrGuvernment · Apr 9, 2026

Interesting one, if you allow notifications to show on your iPhone, on lock screen and such, those notifications are actually saved outside of said App....

personally I turn off all app notifications because I hate the distractions..

FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database

https://www.404media.co/fbi-extract...ages-saved-in-iphone-notification-database-2/

FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database

The case was the first time authorities charged people for alleged “Antifa” activities after President Trump designated the umbrella term a terrorist organization.

The FBI was able to forensically extract copies of incoming Signal messages from a defendant’s iPhone, even after the app was deleted, because copies of the content were saved in the device’s push notification database, multiple people present for FBI testimony in a recent trial told 404 Media. The case involved a group of people setting off fireworks and vandalizing property at the ICE Prairieland Detention Facility in Alvarado, Texas in July, and one shooting a police officer in the neck.
The news shows how forensic extraction—when someone has physical access to a device and is able to run specialized software on it—can yield sensitive data derived from secure messaging apps in unexpected places. Signal already has a setting that blocks message content from displaying in push notifications; the case highlights why such a feature might be important for some users to turn on.
“We learned that specifically on iPhones, if one’s settings in the Signal app allow for message notifications and previews to show up on the lock screen, [then] the iPhone will internally store those notifications/message previews in the internal memory of the device,” a supporter of the defendants who was taking notes during the trial told 404 Media. 404 Media granted the person anonymity to protect them from retaliation.
The Prairieland ICE detention center case was the first time authorities charged people for alleged “Antifa” activities after President Trump designated the umbrella term a domestic terrorist organization in September. Supporters of the more than a dozen defendants say the case is political repression.

One of the defendants was Lynette Sharp, who previously pleaded guilty to providing material support to terrorists. During one day of the related trial, FBI Special Agent Clark Wiethorn testified about some of the collected evidence. A summary of Exhibit 158 published on a group of supporters’ website says, “Messages were recovered from Sharp’s phone through Apple’s internal notification storage—Signal had been removed, but incoming notifications were preserved in internal memory. Only incoming messages were captured (no outgoing).”
404 Media spoke to one of the supporters who was taking notes during the trial, and to Harmony Schuerman, an attorney representing defendant Elizabeth Soto. Schuerman shared notes she took on Exhibit 158. “They were able to capture these chats bc [because] of the way she had notifications set up on her phone—anytime a notification pops up on the lock screen, Apple stores it in the internal memory of the device,” those notes read.
The supporter added, “I was in the courtroom on the last day of the state's case when they had FBI Special Agent Clark testifying about some Signal messages. One set came from Lynette Sharp's phone (one of the cooperating witnesses), but the interesting detailed messages shown in court were messages that had been set to disappear and had in fact disappeared in the Signal app.”
Typically when a user receives a Signal message, their phone will display a push notification announcing they have received a message, and display the sender and at least some of the message content. In the Notifications menu under Settings in the Signal app, users can change what Notification Content appears. This includes Name, Content, and Actions; Name Only; and No Name or Content.
The issue of notifications saving some message data is likely not limited to the Signal app, but is a more fundamental friction between secure messaging apps and how Apple stores notifications.
Authorities have turned to push notifications more broadly as an investigative strategy too; in June 404 Media reported Apple gave governments data on thousands of push notifications. Those were legal demands made to Apple, while the Prairieland case was about data from a device authorities had physical access to.
Signal acknowledged a request for comment on March 12, but stopped replying to emails after that. Apple did not respond to a request for comment.
All defendants of the recent trial were found guilty of multiple charges each.

michalrz · Apr 9, 2026

Apple went all the way to the Efff Bee Eyeee

DukenukemX · Apr 9, 2026

Is this a thing on Android as well? This seems like terrible security flaw on iPhone. "Apple gave governments data on thousands of push notifications." It's almost like Apple is doing this intentionally?

MrGuvernment · Apr 9, 2026

DukenukemX said:
Is this a thing on Android as well? This seems like terrible security flaw on iPhone. "Apple gave governments data on thousands of push notifications." It's almost like Apple is doing this intentionally?

But apple cares about your privacy..

This does seem like a major oversight....

But I can see why, some people never clear their notifications, so they sit there forever, guess that has to be saved somewhere..

Okatis · Apr 9, 2026

Yeah both Google (Google Cloud Messaging) and Apple control the push notification servers used by virtually all apps. Signal never supported any other push implementation, such as UnifiedPush which would have allowed independent servers (see this issue).

Also related article from 2023 about concerns from a senator over potential government surveillance via access to such servers.

4saken · Apr 9, 2026

Just assume you are always compromised and OPSEC/PERSEC accordingly. Nothing is secure, it's just "feel good" these days.

LukeTbk · Apr 9, 2026

Here you do not need to assume much of anything you know for a fact, if you enable notification of signal and able to read you know you gave something else the decrypted string, that what you wanted... no signal local encryption anymore for convenience.

1_rick · Apr 9, 2026

Maybe this is why WhatsApp doesn't show the text when it sends notifications?

Vermillion · Apr 9, 2026

So data can be extracted from a personal device if they had access to a personal device? In other news water is wet!

While not surprising, It is interesting to see this as it's yet another angle to have to protect your privacy. My guess is Signal (and apps like Signal) probably default their notifications to Name Only or no info in the future. They could also use a detailed explanation that if you want to have the message in your notifications you're breaking the encryption chain. I certainly just changed my settings for Signal from name only to No info knowing this. This is also something that can happen on Android (which I use) which is why I changed it. I have nothing to hide but I value my privacy. Looking into doing it with Google Message as well.

sfsuphysics · Apr 9, 2026

I'm always surprised the FBI would even admit to being able to do things like this, would definitely file this under "Shhh don't tell people we can nail them..." category. Kind of like the first guy who was caught with nasty stuff thinking he was safe with "an anonymous" yahoo email

Nobu · Apr 9, 2026

sfsuphysics said:
I'm always surprised the FBI would even admit to being able to do things like this, would definitely file this under "Shhh don't tell people we can nail them..." category. Kind of like the first guy who was caught with nasty stuff thinking he was safe with "an anonymous" yahoo email

Problem is, if you don't tell people how you got that data, people will just say it's fabricated. Well, people will probably say that anyway, and be right. But if they say how they got it, at least there's a somewhat reasonable explanation for them having it.

sfsuphysics · Apr 9, 2026

Nobu said:
Problem is, if you don't tell people how you got that data, people will just say it's fabricated. Well, people will probably say that anyway, and be right. But if they say how they got it, at least there's a somewhat reasonable explanation for them having it.

Well I get needing to disclose in court how said evidence was obtained. Its just the public announcements which LEOs like to have to brag about who they caught. And sure I realize news can go to a trial and learn from that itself and report.

toast0 · Apr 9, 2026

DukenukemX said:
Is this a thing on Android as well? This seems like terrible security flaw on iPhone. "Apple gave governments data on thousands of push notifications." It's almost like Apple is doing this intentionally?

That quote is in reference to something else...

This article is about iPhone retaining notification text on the device (outside app storage). I don't know if Android also does that, but it does have a notification history feature which seems likely to leave a copy elsewhere. (Edit: android notification history is optional; I also don't know if notification texts are retained outside the app with it turned off)

The quote (and separate article) about Apple having data on thousands of push notifications. When you send a push from a server, you can include content or just wake up the app to fetch content and post a notification locally; this applies to both iOS and Android (and pretty much the rest of the mobile platforms with push messaging). Secure messengers don't (or shouldn't) include message content in the server push, often they don't have it anyway: because of E2E encryption, the app has to run to decrypt the message. Lots of other communications tools do include content in push... AFAIK, Apple still discourages push messages without content and strictly limits background execution time when an app gets one, so tradeoffs. Google is less restrictive, so maybe some apps push with content on iOS and push without content ti wake up the app on Android.

MrGuvernment · Apr 10, 2026

Vermillion said:
So data can be extracted from a personal device if they had access to a personal device? In other news water is wet!

While not surprising, It is interesting to see this as it's yet another angle to have to protect your privacy. My guess is Signal (and apps like Signal) probably default their notifications to Name Only or no info in the future. They could also use a detailed explanation that if you want to have the message in your notifications you're breaking the encryption chain. I certainly just changed my settings for Signal from name only to No info knowing this. This is also something that can happen on Android (which I use) which is why I changed it. I have nothing to hide but I value my privacy. Looking into doing it with Google Message as well.

I think this goes a little further, that one would assume when they delete an app from their device, all associated data is also deleted.

So, is this on Signal now, or is it an Apple thing. If the Apple device knows an app has been removed, it should also delete any associated data saved outside of said app, certainly if it is stored with in Apple's own systems, as Signal would not have access, I presume, to remove said data..

StevenJamesBorchard · Apr 10, 2026

My fischer random meme's and old cartoon metaphors aren't safe!!

Shoganai · Apr 10, 2026

You can bypass this by either turning off notification previews per app, or by disabling them globally. This is a convenience versus tradeoff thing, but it is massively stupid. Companies like Signal should warn the user about this front and center the moment they open the app for the first time.

MrGuvernment said:
I think this goes a little further, that one would assume when they delete an app from their device, all associated data is also deleted.

So, is this on Signal now, or is it an Apple thing. If the Apple device knows an app has been removed, it should also delete any associated data saved outside of said app, certainly if it is stored with in Apple's own systems, as Signal would not have access, I presume, to remove said data..

It's both. App data remnants should not be left behind when an app is completely removed. The only way to get rid of this push notification data is a factory reset of the phone, which shouldn't be necessary.

RanceJustice · Apr 10, 2026

This seems to be an issue with Apple and how this person configured their iPhone. Still, it seems that Apple should not let notification info sit around on the phone for a long time after the notification has been swiped away - that's just bad, insecure design even if the user chooses to enable notification data on the lock screen. As the article says, there are many ways to prevent this not least of all is that Signal specifically has an option to prevent notification content of any kind to be displayed as a preview on the lock screen. I can't speak for iOS, but Android also has some fairly granular controls overall about lock screen, notification, and other elements, at least on a Pixel type device running a recent Android build. Still, it may very well be that Android does not "keep" the notification preview data for an extended time the way iOS does; this reminds me to look into the differences here.

As far as hypothetical push notification vulnerability on the server side, such as Google or Apple's, that's is a concern of gov't subpoenaing the company to act as a MITM attacker. Now something like Signal should in theory still be clear thanks to the end-to-end encryption setup. Its worth mentioning there are also other ways to use non-GCM / FCM notifications with Signal though some take a bit of configuration (microG, Prism), or just using other Signal forks (Molly, Signal-JW, Signal-FOSS). Of course, even on a default Signal install you can can simply turn off push notifications entirely if that is a concern and instead 'pull' notifications having it check on an interval or demand if desired; it uses marginally more battery power or resources depending how frequently you ask it to check, but that's the tradeoff. At least so far we've not had to deal with Google / Apple turning over meaningful data through push notification servers, especially with regards to E2EE or otherwise secure messaging apps but its still a good idea to keep aware of new developments.

Ultimately it seems like there are enough ways to preven this particular issue, but neither Apple nor Google should be leaving a large cache of 'used' notification text laying around past the point of usefulness, in a way tha can be extracted like this. Doubly so if the app itself has been uninstalled. I'm not assuming this was necessarily a malicious motivation behind the issue - its probably more of a "left hand not knowing what right hand is doing" thing where that data is now in the central notifications data vs that particular app's data, but it seems that uninstalling an app should make a request to purge any temporary data like notifications previews that are related to it

Shoganai · Apr 10, 2026

RanceJustice said:
This seems to be an issue with Apple and how this person configured their iPhone. Still, it seems that Apple should not let notification info sit around on the phone for a long time after the notification has been swiped away - that's just bad, insecure design even if the user chooses to enable notification data on the lock screen. As the article says, there are many ways to prevent this not least of all is that Signal specifically has an option to prevent notification content of any kind to be displayed as a preview on the lock screen. I can't speak for iOS, but Android also has some fairly granular controls overall about lock screen, notification, and other elements, at least on a Pixel type device running a recent Android build. Still, it may very well be that Android does not "keep" the notification preview data for an extended time the way iOS does; this reminds me to look into the differences here.

As far as hypothetical push notification vulnerability on the server side, such as Google or Apple's, that's is a concern of gov't subpoenaing the company to act as a MITM attacker. Now something like Signal should in theory still be clear thanks to the end-to-end encryption setup. Its worth mentioning there are also other ways to use non-GCM / FCM notifications with Signal though some take a bit of configuration (microG, Prism), or just using other Signal forks (Molly, Signal-JW, Signal-FOSS). Of course, even on a default Signal install you can can simply turn off push notifications entirely if that is a concern and instead 'pull' notifications having it check on an interval or demand if desired. At least so far we've not had to deal with Google / Apple turning over meaningful data through push notification servers, especially with regards to E2EE or otherwise secure messaging apps but its still a good idea to keep aware of new developments.

Ultimately it seems like there are enough ways to preven this particular issue, but neither Apple nor Google should be leaving a large cache of 'used' notification text laying around past the point of usefulness, in a way tha can be extracted like this.

As of the latest version of Android, the notification issue is actually much worse than iOS because the way notifications can be stored is massively fragmented. There's no single way to just disable previews like on iOS so you'd have to research how to prevent his on a per app basis ... if the issue can even be addressed at all.

Vermillion · Apr 10, 2026

MrGuvernment said:
I think this goes a little further, that one would assume when they delete an app from their device, all associated data is also deleted.

So, is this on Signal now, or is it an Apple thing. If the Apple device knows an app has been removed, it should also delete any associated data saved outside of said app, certainly if it is stored with in Apple's own systems, as Signal would not have access, I presume, to remove said data..

My understanding is it's an Apple/Google thing.

The way I understand how Signal (and apps like it) work, they send a ping that an encrypted message has been delivered which triggers the PUSH notification. If you choose no info in the notification settings in Signal then nothing get shared. You just get a notification that says you have a new message. If you have name or name and context enabled then that is shared with Apple/Google for notification history. Now on Google my notification history is turned off and I don't remember ever turning it off. So maybe it defaults to off? I don't really know.

It appears that Apple doesn't seem to allow the user to turn off that history so it's stashed somewhere locally. This means that data could be or is included in an iCloud backup as well. I could be wrong but that's how I understand this issue.

I would bet money Apple pretty quickly allows users to disable that history though if my understanding is correct.

EDITED: For clarity.

Shoganai · Apr 10, 2026

Vermillion said:
My understanding is it's an Apple thing.

The way I understand how Signal (and apps like it) work, they send a ping that an encrypted message has been delivered which triggers the PUSH notification. If you choose no info in the notification settings in Signal then nothing get shared. You just get a notification that says you have a new message. If you have name or name and context enabled then that is shared with Apple/Google for notification history. Now on Google my notification history is turned off and I don't remember ever turning it off. So maybe it defaults to off? I don't really know.

It appears that Apple doesn't seem to allow the user to turn off that history so it's stashed somewhere locally. This means that data could be or is included in an iCloud backup as well. I could be wrong but that's how I understand this issue.

I would bet money Apple pretty quickly allows users to disable that history though if my understanding is correct.

The issue occurs on both Apple and Android.

sleepeeg3 · Apr 10, 2026

DukenukemX said:
Is this a thing on Android as well? This seems like terrible security flaw on iPhone. "Apple gave governments data on thousands of push notifications." It's almost like Apple is doing this intentionally?

Apple has given master keys to government agencies before.

This why I run on an open source OS and limit app installations/permissions. Expect no privacy from any smartphone vendor.

Vermillion said:
My understanding is it's an Apple thing.

The way I understand how Signal (and apps like it) work, they send a ping that an encrypted message has been delivered which triggers the PUSH notification. If you choose no info in the notification settings in Signal then nothing get shared. You just get a notification that says you have a new message. If you have name or name and context enabled then that is shared with Apple/Google for notification history. Now on Google my notification history is turned off and I don't remember ever turning it off. So maybe it defaults to off? I don't really know.

It appears that Apple doesn't seem to allow the user to turn off that history so it's stashed somewhere locally. This means that data could be or is included in an iCloud backup as well. I could be wrong but that's how I understand this issue.

I would bet money Apple pretty quickly allows users to disable that history though if my understanding is correct.

Yes, I believe Shoganai is right. They say they're extracting from the physical push database on an iPhone. While that may be unencrypted and unsecure, the messages are encrypted on an Android and still stored locally. Signal would need an internal lock mechanism to prevent local access. Even if the DB is deleted, it is only secured by a PIN, which could easily be cracked.

RanceJustice · Apr 10, 2026

Shoganai said:
As of the latest version of Android, the notification issue is actually much worse than iOS because the way notifications can be stored is massively fragmented. There's no single way to just disable previews like on iOS so you'd have to research how to prevent his on a per app basis ... if the issue can even be addressed at all.

Is it? I mean, I know there are more options and thus more settings and places to toggle them, but we still don't know that Android is basically leaving used notifications just sitting around (there's an option specifically to recall notification history, but that's off by default) the way that Apple does that led to the issue above. That said, its possible to simply remove notifications from the lock screen in a single click (as well as more granular permissions such as the degree of notification content is present, the ability to allow general apps to have lock screen notifications but deny those flagged as 'sensitive' etc), and there are both global notification options and those that are per-app. Signal alone has an internal option to not send notification previews, but you can also use all the Android settings either specific to Signal or in general. It looks like there are multiple tools that can fix the potential issue, even if we assume that Android is both saving and vulnerable the same ways iOS seems to be.

Vermillion · Apr 10, 2026

Shoganai said:
The issue occurs on both Apple and Android.

sleepeeg3 said:
Apple has given master keys to government agencies before.

This why I run on an open source OS and limit app installations/permissions. Expect no privacy from any smartphone vendor.

Yes, I believe Shoganai is right. They say they're extracting from the physical push database on an iPhone. While that may be unencrypted and unsecure, the messages are encrypted on an Android and still stored locally. Signal would need an internal lock mechanism to prevent local access. Even if the DB is deleted, it is only secured by a PIN, which could easily be cracked.

Apologies for making it seem like I meant Apple only with that first sentence. I edited the post for clarity. This is an issue with both which is why I mentioned Google and how my notification history is off by default. That should mitigate this issue on Android devices. But if history is enabled then Android devices are susceptible to this as well.

The comment about how Signal and apps like Signal work though stands. If you have history enabled, but Signal is configured to show no info, then all history has is that Signal received a message with no information about that message.

MrGuvernment · Apr 10, 2026

note then, if you are wanting to make sure you do not get caught, after doing something questionable, factory reset your phone as well after uninstalling an app like Signal

sfsuphysics · Apr 10, 2026

MrGuvernment said:
note then, if you are wanting to make sure you do not get caught, after doing something questionable, factory reset your phone as well after uninstalling an app like Signal

Was going to say if I'm going to do something that could get me in trouble I'm using a cheap burner phone and then tossing it into a shredder after used, not relying on an everyday phone to be secure on such a level just because I use a 4 digit pin.

Now if I'm worried about the government doing some illegal Watergate stuff, then yeah that's completely different, but at the end of the day having my constitutional rights violated isnt a really high concern for me

Shoganai · Apr 10, 2026

MrGuvernment said:
note then, if you are wanting to make sure you do not get caught, after doing something questionable, factory reset your phone as well after uninstalling an app like Signal

A factory reset should fix the issue. That shouldn't have to be necessary, but here we are.

sleepeeg3 said:
Apple has given master keys to government agencies before.

This is verifiably false. In fact ... they've been so adamant about their privacy features, that instead of complying (most recently the UK), they've literally just removed the privacy feature entirely. It sucks for the users in the UK, but they'd rather not have a feature in a country than have a backdoor to the rest of the phones they sell on planet earth. Apple is also one of the few companies that have integrated post quantum encryption (PQ3) at scale. Does Apple comply with government agencies? Obviously ... but only with data they actually have access to. And if you have ADP on, that becomes exceedingly low. They don't put backdoors into their operating systems.

pioruns · Apr 11, 2026

Vermillion said:
I have nothing to hide but I value my privacy.

That's spot on. Couldn’t agree more.

Shoganai · Apr 11, 2026

pioruns said:
That's spot on. Couldn’t agree more.

Yes, both can be true at once. It's scary how many people say the first and ignore the latter.

MrGuvernment · Apr 11, 2026

Shoganai said:
Yes, both can be true at once. It's scary how many people say the first and ignore the latter.

Until people are personally impacted by something, they tend to ignore the advice of others...

until their identity is stolen from a breach, and loans taken out or something else, they think it is all hype and would never happen to them..

Until they see their insurance rates go up because of car makers selling data to brokers and insurance companies, it will happen one of these days, they just wont admit that is why...

DukenukemX · Apr 11, 2026

MrGuvernment said:
Until people are personally impacted by something, they tend to ignore the advice of others...

until their identity is stolen from a breach, and loans taken out or something else, they think it is all hype and would never happen to them..

Until they see their insurance rates go up because of car makers selling data to brokers and insurance companies, it will happen one of these days, they just wont admit that is why...

Just ask Kash Patel. His health insurance now knows he smokes the finest Cuban Cigars.

View: https://youtu.be/riw2TavBLTM?si=Thpt-nXEmWyLtzY8

TrunksZero · Apr 11, 2026

Shoganai said:
A factory reset should fix the issue. That shouldn't have to be necessary, but here we are.

This is verifiably false. In fact ... they've been so adamant about their privacy features, that instead of complying (most recently the UK), they've literally just removed the privacy feature entirely. It sucks for the users in the UK, but they'd rather not have a feature in a country than have a backdoor to the rest of the phones they sell on planet earth. Apple is also one of the few companies that have integrated post quantum encryption (PQ3) at scale. Does Apple comply with government agencies? Obviously ... but only with data they actually have access to. And if you have ADP on, that becomes exceedingly low. They don't put backdoors into their operating systems.

The OS itself no. But anything and everything stored on iCloud and tied to your AppleID... yes, because of how the laws work.

Shoganai · Apr 11, 2026

TrunksZero said:
The OS itself no. But anything and everything stored on iCloud and tied to your AppleID... yes, because of how the laws work.

This response makes no sense to what I just said. What point are you trying to make?

idiomatic · Apr 11, 2026

If your threats include nation states... good luck bro. But also this one is on signal for exporting anything, even a notification, to the OS because even a raw notification is time stamped and that will cook you.

DukenukemX · Apr 12, 2026

idiomatic said:
If your threats include nation states... good luck bro. But also this one is on signal for exporting anything, even a notification, to the OS because even a raw notification is time stamped and that will cook you.

The problem is that "threats" are now entirely based on interpretation, which seems to have been driven to insane levels for the past two years. In this case they used this method against someone who is labeled as "Antifa". We do know what Antifa stands for right? This is why you don't want the government involved in your business because you don't know what's going on behind closed doors.

sfsuphysics · Apr 12, 2026

Shoganai said:
Yes, both can be true at once. It's scary how many people say the first and ignore the latter.

You have to also understand there are layers of "privacy" that people find acceptable. Facebook showed a long time ago there are a lot of aspects of "privacy" people are freely willing to give away, and when the shoe dropped that Facebook was selling there information, and the mass exodus of people left the site because of this intrusion in what they thought was private.... yeah that last part really didn't happen at all.

Plenty of people are also more than willing to ignore things like the 5th and 6th amendment of the Constitution when it comes to criminals depending on the crime, e.g. someone accused of diddling kids how long does that line get of those who want them shot and dead right away, or put in a torturous environment?

So as mentioned, unless it happens to you, a lot of people don't see it as much of an issue.

DukenukemX · Apr 12, 2026

sfsuphysics said:
You have to also understand there are layers of "privacy" that people find acceptable. Facebook showed a long time ago there are a lot of aspects of "privacy" people are freely willing to give away, and when the shoe dropped that Facebook was selling there information, and the mass exodus of people left the site because of this intrusion in what they thought was private.... yeah that last part really didn't happen at all.

Ignorance is bliss. What people don't know, they won't react to. Before age verification nobody thought twice about entering their age. Now that the government requires it, I'm avoiding entering my age in. It's best to never draw attention to terrible actions, because once people are aware they will react negatively towards it.

Plenty of people are also more than willing to ignore things like the 5th and 6th amendment of the Constitution when it comes to criminals depending on the crime, e.g. someone accused of diddling kids how long does that line get of those who want them shot and dead right away, or put in a torturous environment?

So as mentioned, unless it happens to you, a lot of people don't see it as much of an issue.

Don't mention this to the ADL because they would consider this antisemitic. Seriously, look up the story of Leo Frank. The situation you mentioned is the reason why the ADL was created.

View: https://youtu.be/A1koez6Nrdg?si=KoaGBVdEGaB0wcLj

TrunksZero · Apr 13, 2026

Shoganai said:
This response makes no sense to what I just said. What point are you trying to make?

By default, the access to your iPhone will be stored with your AppleID. So the OS being backdoor'ed, doesn't matter as the AppleID can grant access. Furthermore, by default it will backup allot your data to your iCloud... making the need for a backdoor into the OS less of an issue. So while you can fairly easily hardern an iOS device... its not inherently more secure.

Shoganai · Apr 13, 2026

TrunksZero said:
By default, the access to your iPhone will be stored with your AppleID. So the OS being backdoor'ed, doesn't matter as the AppleID can grant access. Furthermore, by default it will backup allot your data to your iCloud... making the need for a backdoor into the OS less of an issue. So while you can fairly easily hardern an iOS device... its not inherently more secure.

You're conflating two separate security layers. Apple's encryption means they literally cannot access your data even if they wanted to ... that's the entire point. Whether someone else can access your iCloud account is a separate authentication problem, not an encryption problem. Those are different threats. If you don't trust Apple ID security, that's a valid concern to raise. But that doesn't refute the fact that Apple has no cryptographic access to your encrypted data. Those are not the same thing. Apple can't give away something they don't have access to ... regardless of it being tied to your Apple ID.

MrGuvernment · Apr 30, 2026

Apple released a fix:
https://www.404media.co/apple-fixes...ted-signal-messages-after-404-media-coverage/
https://web.archive.org/web/2026042...ted-signal-messages-after-404-media-coverage/

While Apple described the issue as a bug, it is one that the FBI has leveraged multiple times to recover the content of Signal messages, according to court records.

“We are very happy that today Apple issued a patch and a security advisory. This comes following 404 Media reporting that the FBI accessed Signal message notification content via iOS despite the app being deleted,” Signal posted on social media on April 22.

Apple’s advisory, which the company sent to 404 Media on the same day, is focused solely on the saved messages issue. It says, “A logging issue was addressed with improved data redaction.” In a follow-up email, Apple said it identified a bug that could cause iPhones to unexpectedly save notifications that were marked for deletion, and that the new patch also retroactively purges any of those saved notifications. Apple said it is the company’s policy to remove any associated notifications when a user has deleted an app.

The case 404 Media covered was related to the ICE Prairieland Detention Facility in Alvarado, Texas, in which a group of people set off fireworks and vandalized property, and one person shot a police officer in the neck. It was the first time authorities charged people for alleged “Antifa” activities after President Trump designated the umbrella term a domestic terrorist organization in September.

404 Media spoke to two people who were present for the testimony of FBI Special Agent Clark Wiethorn during a related trial. They both said the FBI was able to recover incoming Signal messages; that was even though the user had deleted the Signal app from her phone. Harmony Schuerman, an attorney representing defendant Elizabeth Soto, shared notes she took with 404 Media. “They were able to capture these chats bc [because] of the way she had notifications set up on her phone—anytime a notification pops up on the lock screen, Apple stores it in the internal memory of the device,” she wrote in those notes.

A supporter of the defendants said, “We learned that specifically on iPhones, if one’s settings in the Signal app allow for message notifications and previews to show up on the lock screen, [then] the iPhone will internally store those notifications/message previews in the internal memory of the device.” 404 Media granted this person anonymity to protect them from retaliation.

404 Media also highlighted another case in which the FBI was able to recover incoming Signal messages saved in an iPhone’s notification database. A court record in that case included a long list of Signal messages, and said, “Phone notifications that captured incoming Signal messaging.” Some of those messages were several lines long, indicating that the iPhone’s notification database captured not just a small preview of incoming messages, but their entire content.

Signal’s social media post added: “Note that no action is needed for this fix to protect Signal users on iOS. Once you install the patch, all inadvertently-preserved notifications will be deleted and no forthcoming notifications will be preserved for deleted applications.”

“We’re grateful to Apple for the quick action here, and for understanding and acting on the stakes of this kind of issue. It takes an ecosystem to preserve the fundamental human right to private communication,” it concluded.

FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database

Fully [H]