Individuals being investigated by the FBI deleted Sign, however some messages have been nonetheless retrievable from the iPhone’s notification database. The newest iOS replace patches this vulnerability.
Customers ought to moderately count on that deleting an app from their iPhone will take away all related knowledge. Nonetheless, a current case involving the FBI confirmed that some notification knowledge was being retained by mistake.
The iOS 26.4.2, iPadOS 26.4.2, iOS 18.7.8, and iPadOS 18.7.8 updates launched on Wednesday handle the notification database challenge immediately. The notes merely say that “a logging challenge was addressed with improved knowledge redaction.”
A report from 404 Media make clear the vulnerability on April 9. So, it did not take lengthy for Apple to patch the issue as soon as it was made public.
The case in query was an vital one for political speaking factors. It was the primary time the designation “Antifa” was used towards individuals in court docket.
A bunch of individuals have been being charged with vandalizing property, setting off fireworks, and capturing a police officer within the neck. The occasion happened in July 2025.
The notification drawback
In the course of the testimony, the FBI brokers shared that they have been in a position to get proof through notifications saved on the defendant’s iPhone despite the fact that the Sign app had been deleted. It seems that this was in a position to happen due to a setting customers may allow within the Sign app.
One individual current for the trial shared the next assertion with 404 Media:
“We discovered that particularly on iPhones, if one’s settings within the Sign app enable for message notifications and previews to point out up on the Lock Display screen, then the iPhone will internally retailer these notifications or message previews within the inner reminiscence of the machine.”
It wasn’t a selected drawback with Sign, however how the iPhone was storing knowledge in its notification database. Particularly since these notifications ought to have been eliminated as soon as dismissed from the Lock Display screen, or as a minimum, when Sign was deleted.
The info wasn’t obtained by way of regular means, however through a forensic device utilized by the FBI. Suppose GrayKey or Cellebrite.
These instruments make the most of unpatched vulnerabilities that Apple might find out about however have not patched or do not find out about in any respect. The instruments extract what they’re able to, although with iPhone, it’s hit or miss relying on the machine and iOS model.
On this case, it was in a position to extract the notification database and pull the messages that have been obtained from Sign. Fortunately, customers not must take any motion, as that challenge has been patched.
It simply goes to point out that there is no such thing as a such factor as an impenetrable fortress. The iPhone could also be fairly the strong machine by way of safety and privateness, however there are at all times unhealthy actors in search of new methods to get round that.
Sign continues to be an awesome device, so do not feel the necessity to rush off and discover a new encrypted messaging service. Simply keep in mind that fashionable know-how is generally a black field, so you’ll be able to’t at all times be 100% sure that one thing is working because it ought to.
For the overwhelming majority of the inhabitants, all you want is an iPhone that’s updated with the newest model of iOS, up to date apps, and settings like Superior Knowledge Safety.
