FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database
An innocuous iPhone notifications setting could put your Signal contacts at risk.
This understandably made a few journalists nervous when 404 Media originally reported it last week:
“The FBI was able to forensically extract copies of incoming Signal messages from a defendant’s iPhone, even after the app was deleted, because copies of the content were saved in the device’s push notification database.”
This reveals a shortcoming in how Apple stores notifications rather than in Signal itself.
What happens is that if the text of a Signal message shows up on a lock screen, it’s stored in iOS itself, in a place where forensic investigators can gain access to it. That’s a really good reason to turn off lock-screen notifications for Signal, and to remove the text of Signal messages from its notifications entirely.
Here’s how to mitigate:
In the Signal app itself, go into settings, and then Notification Content. Depending on your level of comfort, select “Name Only” (which will still store the name of your Signal contact in your iPhone device memory) or “No Name or Content”.
Then, in your iPhone settings panel, find the Notifications pane, and scroll down to Signal. De-select “lock screen”.
[Link]
