A serious privacy issue was recently discovered in Apple’s iOS system, and it has now been fixed. Reports revealed that this flaw allowed investigators, including the FBI, to recover deleted messages from the Signal app. This raised concerns because Signal is known for strong end-to-end encryption. However, the problem was not in Signal itself. It was related to how the iPhone handled certain background data.
The main issue was linked to Apple’s notification system. When a message is received, a preview of that message appears in notifications. These previews were being stored in a local database inside the device. Even after a user deleted the message or removed the app, some of this data remained. This created a hidden privacy risk that most users were not aware of. The stored data could still be accessed later.
This flaw came into the spotlight after reports showed that investigators were able to extract this stored data. Using forensic tools, they accessed the notification database on the device. From there, they recovered message content that should have been deleted. This process did not break Signal’s encryption at all. Instead, it used leftover system data that was unintentionally saved.
An important detail is that only incoming messages were affected by this issue. Outgoing messages were not stored in the same way in the notification system. This means the recovered data mainly included messages received by the user. The exposure depended on whether message previews were enabled. If previews were off, the risk was significantly lower.
Further analysis showed that the data came from notification previews shown on the lock screen or notification center. If previews were enabled, parts of the message were cached by the system. In some cases, this cached data stayed even after messages were deleted. Even disappearing messages could leave traces behind. This made the issue more serious than it first appeared.
Apple responded by releasing security updates, including iOS 26.4.2 and iPadOS 26.4.2. These updates fixed how notification data is handled and stored on devices. The company confirmed that some notifications marked for deletion were being retained. The fix ensures that such data is now properly removed. This reduces the chances of recovery in the future.
The vulnerability has been officially tracked as CVE-2026-28950. Apple stated that the issue was fixed by improving data redaction processes. Although Apple did not directly mention the FBI case, the timing suggests a strong connection. This highlights how small system flaws can lead to major privacy risks. It also shows how forensic tools can use unintended data traces.
Overall, this incident shows that even secure apps can have risks outside their control. The weakness was not in Signal, but in how the operating system handled data. It proves that “deleted” does not always mean completely erased. Some information can remain hidden in system layers. This is why keeping devices updated and managing settings properly is very important.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
