Apple Releases Patch for the Signal Notification Issue That Allowed Recovery of Deleted Messages

Apple has released iOS 26.4.2, which fixes the notification bug that allowed the FBI to extract Signal messages from a defendant’s iPhone.

The update is available now to all iOS and iPadOS users with devices that support iOS and iPadOS 26.

The relevant text from the changelog reads:

Impact: Notifications marked for deletion could be unexpectedly retained on the device

Description: A logging issue was addressed with improved data redaction.

Signal has responded to the update:

According to them, it’s confirmed that the update fixes the vulnerability. They even congratulate Apple on their “quick action.“

According to Signal, no user action is needed and once you install the update, “all inadvertently-preserved notifications will be deleted and no forthcoming notifications will be preserved for deleted applications.”

Signal prides itself on protecting user privacy through end-to-end encryption, meaning no one except you and the people you message can read your messages.

But each “end“ is a device with its own vulnerabilities that can be exploited by a bad actor with physical possession of the device.

Sometimes, apps like Signal need to use features of the OS like notifications in order to provide functionality that users expect.

“We learned that specifically on iPhones, if one’s settings in the Signal app allow for message notifications and previews to show up on the lock screen, [then] the iPhone will internally store those notifications/message previews in the internal memory of the device,” a person present at a trial where this technique was used told 404 Media.

“Messages were recovered from Sharp’s phone through Apple’s internal notification storage—Signal had been removed, but incoming notifications were preserved in internal memory. Only incoming messages were captured (no outgoing),” says a website made by supporters of the defendant.

Messages that had been set to disappear in the Signal app did just that, and the same happened when the app was deleted: all the data contained in the Signal app is gone.

Now with this update, message content that should be deleted will now be properly deleted.

It’s still important to go through your notification settings and make sure they’re set to not appear on the lock screen if you don’t want people being able to see them without unlocking your phone.

You can also change the content of notifications from within Signal itself, so if you don’t want private chats popping up on your phone screen, you should restrict it to no name or content.