Skip to content
Tech News
← Back to articles

FBI used iPhone notification data to retrieve deleted Signal messages

2026-04-09 | original
read original get Signal Encrypted Messaging Device → more articles
Why This Matters

The FBI's ability to recover deleted Signal messages from an iPhone's notification database highlights potential privacy vulnerabilities, even when users delete messages or disable previews. This discovery underscores the importance for consumers and the tech industry to understand how notification data can be stored and accessed, raising questions about data security and privacy practices. It also prompts developers and companies to reconsider notification handling and user privacy settings to better protect sensitive information.

Key Takeaways

A new report from 404 Media reveals that the FBI was able to recover deleted Signal messages from an iPhone by extracting data stored in the device’s notification database. Here are the details.

Notification history was accessed even after Signal was deleted

According to 404 Media, testimony in a recent trial involving “a group of people setting off fireworks and vandalizing property at the ICE Prairieland Detention Facility in Alvarado, Texas,” showed that the FBI was able to recover content of incoming Signal messages from a defendant’s iPhone, even though Signal had been removed from the device:

One of the defendants was Lynette Sharp, who previously pleaded guilty to providing material support to terrorists. During one day of the related trial, FBI Special Agent Clark Wiethorn testified about some of the collected evidence. A summary of Exhibit 158 published on a group of supporters’ website says, “Messages were recovered from Sharp’s phone through Apple’s internal notification storage—Signal had been removed, but incoming notifications were preserved in internal memory. Only incoming messages were captured (no outgoing).”

As 404 Media notes, Signal’s settings include an option that prevents the actual message content from being previewed in notifications. However, it appears the defendant did not have that setting enabled, which, in turn, seemingly allowed the system to store the content in the database.

404 Media reached out to Signal and Apple, but neither company provided any statements on how notifications are handled or stored.

But how does this internal storage work?

With little to no technical details about the exact condition of the defendant’s iPhone, it is obviously impossible to pinpoint the precise method the FBI used to recover the information.

For instance, there are multiple system states an iPhone can be in, each with its own security and data access constraints, such as BFU (Before First Unlock), AFU (After First Unlock) mode, and so on.

Security and data access also change even more dramatically when the device is unlocked, since the system assumes the user is present and permits access to a wider range of protected data.

... continue reading

Explore topics: fbi signal apple notification database alvarado
Related:
Apple is closing three US stores, including the first to unionize
Apple collector showcases 50 years of Mac startup sounds [Video]
AI on the couch: Anthropic gives Claude 20 hours of psychiatry
Researchers detail how a prompt injection attack bypassed Apple Intelligence protections
iPhone Fold visualized, HomeKit Adaptive Temperature, MacBook Neo shortages

© 2026 GoKawiil

About | Editorial Policy | Contact