Ethical Hacking News
A recent discovery by Apple highlights a critical vulnerability in its Notification Services that exposes deleted messages. According to reports, the FBI was able to recover copies of incoming Signal messages from an iPhone, even after the app had been deleted. The implications of this discovery are far-reaching, as it sheds light on a critical flaw in how modern smartphones store and manage notifications.
Forensic experts can recover deleted Signal messages on an iPhone by exploiting a flaw in Apple's Notification Services. The Notification Services store notifications even after they are deleted, allowing investigators to access past content. The issue highlights the limitations of encrypted messaging apps and raises questions about mobile privacy. Apple has released updates to address the vulnerability, but users need not take action as the patch will automatically delete stored notifications. The discovery sheds light on how devices store and manage sensitive data, leaving behind traces that can be exploitable by forensic experts.
The recent revelation about the FBI's forensic access to Signal messages on an iPhone has brought back into focus a long-standing debate about mobile privacy. The question remains, what exactly does it mean for a message to be "deleted" or "disappearing"? In this article, we will delve into the intricacies of how modern smartphones store and manage notifications, shedding light on a critical vulnerability that exposed sensitive data despite the best efforts of encrypted messaging apps.
According to recent reports, the FBI was able to recover copies of incoming Signal messages from a defendant's iPhone, even after the app had been deleted. This feat was accomplished by investigators exploiting a flaw in Apple's Notification Services, which stored notifications even after they were deleted. The implications of this discovery are far-reaching, as it highlights the importance of understanding how our devices store and manage sensitive data.
The issue at hand revolves around the way Apple's Push Notification service routes encrypted messages to devices via secure tokens. Payloads with visible alerts (if previews enabled) are decrypted locally but rendered by iOS, which caches notification data for history/reboot recovery. This means that even after an app is deleted, fragments of notifications can persist on the device, making it possible for forensic experts to recover past content.
The recent court case involving a group of individuals involved in setting off fireworks and vandalizing property at the ICE Prairieland Detention Facility in Alvarado, Texas, provided valuable insight into this issue. The investigators were able to extract copies of incoming messages from the defendant's iPhone, even after Signal had been uninstalled. This was made possible by Apple's Notification Services storing notifications in a push notification database, which persisted even after the app was deleted.
This discovery raises important questions about mobile privacy and the limitations of encrypted messaging apps. While apps like Signal take significant steps to ensure end-to-end encryption, there are still vulnerabilities present that can be exploited by forensic experts. The recent revelation highlights the importance of understanding how our devices store and manage sensitive data, ensuring that we can make informed decisions about our digital security.
In response to this issue, Apple has released updates for iOS and iPadOS to address the vulnerability CVE-2026-28950, a flaw in Notification Services that stored notifications even after deletion. The company resolved the issue by improving how data is redacted and handled on devices. According to Signal, no user action is needed, as the patch will automatically delete any stored notifications and prevent future ones from being retained.
In light of this discovery, it is essential for users to understand what "deleted" or "disappearing" actually means in the context of mobile messaging apps. Apps like Signal encrypt messages in transit but store notification content independently outside their control, which can leave behind traces that may be exploitable by forensic experts. Only incoming messages were recovered in this case, highlighting how push notifications work and why outgoing messages lack a similar notification trail.
The recent revelations about the FBI's access to Signal messages on an iPhone have reignited a long-standing debate about mobile privacy. The question remains, what exactly does it mean for a message to be "deleted" or "disappearing"? In this article, we shed light on a critical vulnerability that exposed sensitive data despite the best efforts of encrypted messaging apps.
The Notification Linger: Uncovering the Flaw that Exposes Deleted Messages
Summary:
A recent discovery by Apple highlights a critical vulnerability in its Notification Services that exposes deleted messages. The flaw allowed investigators to recover copies of incoming Signal messages from an iPhone, even after the app had been deleted. This raises important questions about mobile privacy and the limitations of encrypted messaging apps.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Notification-Linger-Uncovering-the-Flaw-that-Exposes-Deleted-Messages-ehn.shtml
https://securityaffairs.com/191183/mobile-2/ios-flaw-let-deleted-notifications-linger-apple-issues-fix.html
https://thehackernews.com/2026/04/apple-patches-ios-flaw-that-stored.html
https://www.bleepingcomputer.com/news/security/apple-fixes-ios-bug-that-retained-deleted-notification-data/
Published: Thu Apr 23 12:35:34 2026 by llama3.2 3B Q4_K_M
