Apple bug fix will stop FBI from recovering deleted Signal messages
Source: Mashable Tech
Recently, the FBI recovered old Signal messages from a suspect’s iPhone, even though the messages and the app had been deleted. The recovery was possible because deleted Signal push notifications were retained on the device.
Background
Signal is a popular secure‑messaging app, so the news that the FBI could extract its messages raised concerns for users. The issue stemmed from an Apple bug, not from Signal itself. The FBI accessed the text of the messages from the iPhone’s notification database, where the notifications had not been removed promptly.
The bug was first reported by 404 Media and covered by outlets such as BleepingComputer.
Apple’s Security Update
Apple released a small security update for iPhones and iPads that addresses the problem. In an Apple security bulletin, the company identified the vulnerability as CVE‑2026‑28950 and described it as:
“Notifications marked for deletion could be unexpectedly retained on the device.”
The update ensures that old notifications are deleted rather than retained, closing the loophole that allowed the FBI to recover the messages.
Protecting Signal Notifications
Signal users can further mitigate the risk by adjusting the app’s notification settings:
- Open Settings in Signal.
- Tap Notification → Notification Content.
- Select No Name or Content.
With this setting, push notifications will only indicate that a message was received, without revealing the sender or message content.
Updating Your Device
To benefit from the fix, update your device to the latest iOS version:
- iOS 26.4.2 (or later) for iPhones.
- iOS 18.7.8 (or later) for iPads.
Devices running older software should apply the update as soon as possible, or at minimum ensure that their Signal notification settings are configured as described above.