Court documents reveal that the FBI successfully retrieved deleted Signal messages from a suspect's iPhone by accessing notification data stored by Apple, exposing a privacy gap in encrypted messaging apps that many users don't know exists.

Signal markets itself as the gold standard for private communication, trusted by journalists, activists, and anyone who needs truly secure messaging. But there's a hole: iPhone notifications. The encryption works perfectly until iOS logs your messages anyway.

According to court testimony, "Messages were recovered from Sharp's phone through Apple's internal notification storage—Signal had been removed, but incoming notifications were preserved in internal memory." The key vulnerability: Signal notifications contained full message previews because the defendant hadn't enabled Signal's setting that prevents message content from appearing in notifications.

iOS caches notification data locally for system functionality, storing it even after the originating app is deleted. Several factors enable this vulnerability: push notification tokens aren't immediately invalidated when apps are deleted, servers continue sending notifications even after app removal, and the system stores cached data locally, trusting encryption and access controls to keep it secure.

Law enforcement tools can exploit iOS vulnerabilities to extract notification databases from device backups or directly from devices, bypassing the end-to-end encryption that makes Signal secure in the first place.

The fix is straightforward but not obvious. Users should enable notification privacy settings in Signal that disable message previews, so notifications don't display content. They should understand that app deletion doesn't immediately stop server notifications or clear cached data. And they should stay updated—Apple modified iOS notification token validation in version 26.4, suggesting awareness of such vulnerabilities.

But here's the broader problem: most Signal users have no idea this gap exists. They've been told Signal is secure, that end-to-end encryption protects their messages, that even Signal itself can't read their conversations. All of that is true—until iOS caches the messages in notification storage that law enforcement can access.

Signal can't completely solve this. The notification system is controlled by Apple, and Signal can only suggest users disable previews. But users deserve to know about this gap. The promise of secure communication breaks down when the operating system keeps copies of your messages after you've deleted the app.

For anyone using Signal for truly sensitive communications: check your notification settings now. Turn off message previews. And understand that secure encryption on the app level doesn't mean security on the system level.