FBI Extracts Deleted Signal Messages from iPhone Notification Database, Raising Encryption Questions

FBI Extracts Suspect Deleted Signal Messages from iPhone Notifications

The FBI has successfully extracted Signal messages from a defendant iPhone by accessing the phone notification database, where incoming message content was viewable even after the Signal app was deleted, according to an investigation by 404 Media.

How It Works

Signal is widely considered one of the most secure messaging apps, offering end-to-end encryption. However, the exploit does not break Signal encryption itself:

1. Notification previews: By default, iOS displays message previews in notifications
2. Notification database: iOS stores notification content in a system database that persists even after the app is deleted
3. No encryption required: Since the notification database is a system-level iOS feature, it is accessible to anyone with device access

The Implications

This is not a Signal vulnerability but a platform-level issue:

• iOS notification system: The weak link is iOS notification handling, not Signal encryption
• Device access: The FBI already had physical access to the phone
• Default settings: The exploit relies on default notification settings that show message content

What Users Should Do

Signal users can protect themselves by:

• Enabling message content hiding in Signal notification settings
• Using device-level encryption (strong passcode, Face ID)
• Disabling notification previews system-wide in iOS settings

Broader Impact

This case highlights a fundamental tension in security: the strongest end-to-end encryption is useless if the plaintext is exposed at the notification layer. The lesson applies to all encrypted messaging apps, not just Signal.

Source: 404 Media / The Verge — April 9, 2026