U.S. investigation shows that received content may remain stored in the iPhone’s notification database, even after disappearing from the app
The use of end-to-end encrypted apps such as Signal is widely seen as one of the safest ways to communicate digitally. However, a recent case in the United States has reignited debate over the limits of that protection after the FBI managed to recover deleted messages from the app on an iPhone.
According to information revealed during a court case and reported by 404 Media, investigators were able to extract Signal messages from the iPhone’s internal notifications database. The most striking detail is that the app had already been removed from the device, yet part of the content was still accessible through the system.
The case involves a group accused of vandalism and of using fireworks against the Prairieland ICE detention center in the United States. During the court proceedings, it emerged that apps authorized to display alerts and message previews on the lock screen may leave those snippets stored in the device’s internal memory.
In practice, this means that messages received through apps such as Signal may remain logged in the iPhone’s notifications, even if they were set to disappear within the app itself. According to reports from the case, the FBI was not able to recover messages sent by the user, but it did gain access to incoming messages that had passed through the iOS notification system.
This discovery does not point to a flaw exclusive to Signal. The issue appears to be linked to how notifications work on the iPhone. Any app that displays message previews or alerts on the lock screen may leave that content exposed to forensic extraction if someone has access to the proper tools to examine the device.
The episode reinforces an important point about digital security: encryption protects a message while it is being sent and received, but it does not completely prevent information from being found on the device itself, especially when it appears in notifications.
To reduce this risk, Signal itself offers a specific setting that prevents message content from being shown in alerts. When this option is enabled, the notification only indicates that a new message has arrived, without revealing the sender’s name or the text received.
To enable this protection, simply open Signal, tap the profile icon in the upper-left corner, go to Settings, and find the notification content option. There, the user can select “No Name or Content” to fully hide the details shown in alerts. There is also a “Name Only” option, which hides the message but still reveals who sent it.
The case serves as a warning for users who rely on encrypted apps for sensitive conversations. Although tools like Signal are still considered secure, privacy can be compromised by features of the operating system itself, such as notifications displayed on the lock screen.
Source: 404 Media
