Apple Stops Weirdly Storing Data That Let Cops Spy On Signal Chats (arstechnica.com)
(Thursday April 23, 2026 @11:30PM (BeauHD)
from the quick-fix dept.)
- Reference: 0181959796
- News link: https://yro.slashdot.org/story/26/04/23/2051228/apple-stops-weirdly-storing-data-that-let-cops-spy-on-signal-chats
- Source link: https://arstechnica.com/tech-policy/2026/04/apple-stops-weirdly-storing-data-that-let-cops-spy-on-signal-chats/
Apple has [1]fixed a bug that [2]could cause parts of Signal notifications to remain stored on iPhones even after messages disappeared and the app was deleted. "Affected users concerned about push notifications can update their devices to stop what Apple characterized as 'notifications marked for deletion' that 'could be unexpectedly retained on the device,'" reports Ars Technica. "According to Apple, the push notifications should never have been stored, but a 'logging issue' failed to redact data." From the report:
> Vulnerable users hoping to evade law enforcement surveillance often use encrypted apps like Signal to communicate sensitive information. That's why users felt blindsided when 404 Media [3]reported that Apple was unexpectedly storing push notifications displaying parts of encrypted messages for up to a month. This occurred even after the message was set to disappear and the app itself was deleted from the device.
>
> 404 Media flagged the issue after speaking to multiple people who attended a hearing where the FBI testified that it "was able to forensically extract copies of incoming Signal messages from a defendant's iPhone, even after the app was deleted, because copies of the content were saved in the device's push notification database." The shocking revelation came in a case that 404 Media noted was "the first time authorities charged people for alleged 'Antifa' activities after President Trump designated the umbrella term a terrorist organization."
"We're grateful to Apple for the quick action here, and for understanding and acting on the stakes of this kind of issue," Signal's post said. "It takes an ecosystem to preserve the fundamental human right to private communication."
In their post, Signal confirmed that after users update their devices, "no action is needed for this fix to protect Signal users on iOS. Once you install the patch, all inadvertently-preserved notifications will be deleted and no forthcoming notifications will be preserved for deleted applications."
[1] https://support.apple.com/en-us/127002
[2] https://arstechnica.com/tech-policy/2026/04/apple-stops-weirdly-storing-data-that-let-cops-spy-on-signal-chats/
[3] https://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2/
> Vulnerable users hoping to evade law enforcement surveillance often use encrypted apps like Signal to communicate sensitive information. That's why users felt blindsided when 404 Media [3]reported that Apple was unexpectedly storing push notifications displaying parts of encrypted messages for up to a month. This occurred even after the message was set to disappear and the app itself was deleted from the device.
>
> 404 Media flagged the issue after speaking to multiple people who attended a hearing where the FBI testified that it "was able to forensically extract copies of incoming Signal messages from a defendant's iPhone, even after the app was deleted, because copies of the content were saved in the device's push notification database." The shocking revelation came in a case that 404 Media noted was "the first time authorities charged people for alleged 'Antifa' activities after President Trump designated the umbrella term a terrorist organization."
"We're grateful to Apple for the quick action here, and for understanding and acting on the stakes of this kind of issue," Signal's post said. "It takes an ecosystem to preserve the fundamental human right to private communication."
In their post, Signal confirmed that after users update their devices, "no action is needed for this fix to protect Signal users on iOS. Once you install the patch, all inadvertently-preserved notifications will be deleted and no forthcoming notifications will be preserved for deleted applications."
[1] https://support.apple.com/en-us/127002
[2] https://arstechnica.com/tech-policy/2026/04/apple-stops-weirdly-storing-data-that-let-cops-spy-on-signal-chats/
[3] https://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2/
Weirdly (Score:5, Interesting)
by fahrbot-bot ( 874524 )
> Apple Stops Weirdly Storing Data That Let Cops Spy On Signal Chats
So... now they're just storing it - non-weirdly? Not sure how that's better.
> Apple has fixed a bug that ...
Oh, you meant, "incorrectly" or "unintentionally".
(*sigh*)
Re: (Score:2)
by OrangAsm ( 678078 )
Apple's vision: to weirdly store data where no data has been storn before.
Re: Weirdly (Score:2)
by umopapisdn69 ( 6522384 )
Edited from "See the One Weird Way Apple Has Been Letting the Cops Spy On Signal Chats"
Big picture problem (Score:4, Interesting)
We see this architecture problem often. Data that shouldn't be stored is passed to some other process that doesn't know it isn't to be stored. Often it is with secrets, keys or the graphical display of a password. We see untrusted data scrubbed by one app to not do anything bad to that app but then the data or data derived from it is passed to another app that trusts it completely. Many of our systems are evolutions of years or decades of code piled on top of one another. What might have been an understandable architecture 15 years ago has likely morphed into a scrambled mess of data being passed around. Good for Apple to fix this since in many systems I've worked on this type of problem wouldn't have an owner or someone who would even take responsibility for fixing it.