Apple has fixed a security bug that allowed law enforcement to access content from deleted Signal messages.
Users who rely on encrypted messaging apps like Signal to evade surveillance were caught off guard when 404 Media reported that Apple was storing push notifications containing portions of encrypted messages for up to a month. This persisted even after the messages were configured to disappear and the Signal app had been deleted from the device.
The issue came to light after 404 Media spoke with multiple sources who attended a court hearing in which the FBI testified that it “was able to forensically extract copies of incoming Signal messages from a defendant’s iPhone, even after the app was deleted, because copies of the content were saved in the device’s push notification database.”
Ashley Belanger for Ars Technica:
On Wednesday, Apple confirmed that it had fixed a bug allowing the FBI to access this content. Affected users concerned about push notifications can update their devices to stop what Apple characterized as “notifications marked for deletion” that “could be unexpectedly retained on the device.”
According to Apple, the push notifications should never have been stored, but a “logging issue” failed to redact data.
On Bluesky, Signal celebrated the update, saying it was “very happy” that Apple did not delay fixing the bug.“We’re grateful to Apple for the quick action here, and for understanding and acting on the stakes of this kind of issue,” Signal’s post said. “It takes an ecosystem to preserve the fundamental human right to private communication.”
In their post, Signal confirmed that after users update their devices, “no action is needed for this fix to protect Signal users on iOS.”
“Once you install the patch, all inadvertently-preserved notifications will be deleted and no forthcoming notifications will be preserved for deleted applications,” Signal said.
MacDailyNews Take: Even with this fix installed, users concerned about their privacy should just turn off message previews (also called notification content or lock screen previews) regardless of app (iMessage, WhatsApp, etc.) or operating system.
Please help support MacDailyNews — and enjoy subscriber-only articles, comments, chat, and more — by subscribing to our Substack: macdailynews.substack.com. Thank you!
Support MacDailyNews at no extra cost to you by using this link to shop at Amazon.
