## FBI Extracts Deleted Signal Messages According to a report by **404 Media**, the **FBI** successfully extracted copies of incoming **Signal** messages from a defendant's **iPhone**, even after the app had been deleted. The messages were recovered from the device's push notification database. This discovery underscores the importance of understanding how secure messaging apps interact with a device's operating system and the potential for data persistence even after deletion. > The FBI was able to forensically extract copies of incoming Signal messages from a defendant’s iPhone, even after the app was deleted, because copies of the content were saved in the device’s push notification database…. ## Forensic Extraction Implications The report emphasizes how forensic extraction—which involves physical access to a device and specialized software—can reveal sensitive data from secure messaging apps in unforeseen places. **Signal** offers a setting to block message content from appearing in push notifications, and this case illustrates why enabling this feature is crucial for privacy-conscious users. > “We learned that specifically on iPhones, if one’s settings in the Signal app allow for message notifications and previews to show up on the lock screen, [then] the iPhone will internally store those notifications/message previews in the internal memory of the device,” a supporter of the defendants noted during the trial. ## Apple Patches the Vulnerability **Apple** addressed this vulnerability in a subsequent patch. Users are encouraged to update their devices to the latest version of **iOS** to mitigate this risk. EDITED TO ADD (4/24): Apple has patched this vulnerability.