Breaking: FBI Retrieves Signal Chats Deemed Deleted by Users
The FBI has successfully extracted copies of incoming Signal messages from a defendant’s iPhone—even after the app was deleted—by accessing the device’s push notification database. This technique reveals that secure messaging apps may leave forensic traces in unexpected places, undermining user expectations of complete deletion.
The extraction was performed during a criminal investigation where physical access to the device allowed specialized software to scan internal storage. The case, first reported by 404 Media, highlights a critical loophole in iPhone’s handling of encrypted messaging notifications.
Background
Signal is widely considered one of the most secure messaging platforms, offering end-to-end encryption and self-destructing messages. However, its notifications feature—which displays message previews on the lock screen—creates a vulnerability.
When a Signal user receives a message, the iPhone’s operating system saves a cached copy of the notification content in the device’s push notification database. Even if the user deletes the Signal app, these cached previews remain on the device and can be forensically recovered.
A supporter of the defendants, who took notes during the trial, told 404 Media: “We learned that specifically on iPhones, if one’s settings in the Signal app allow for message notifications and previews to show up on the lock screen, [then] the iPhone will internally store those notifications/message previews in the internal memory of the device.”
What This Means
This discovery underscores the gap between user perception and digital forensics capabilities. Many people assume that deleting an app removes all associated data, but forensic extractions can recover remnants from notification logs, even after app deletion.
Signal already offers a setting to block message content from appearing in push notifications. This case makes clear why users concerned about privacy should enable that feature—it prevents the iPhone from storing message previews in the first place.
Apple has since patched this vulnerability, according to an update on April 24. However, older devices that have not received the latest iOS update remain exposed. The FBI’s technique serves as a stark reminder that forensic tools can mine data from secure apps through unintended data stores.
This is a developing story. Check back for updates.