Big headline, luckily not as scary as it looks, but an important lesson...
The way it works: The FBI had physical access to the device and used forensic extraction software. When Signal messages arrive, iOS stores push notification previews locally on the device. Those previews stayed behind even after Signal was uninstalled.
Two things:
- Only incoming messages were captured this way
- Disappearing messages that had already vanished inside Signal were still recoverable from the notification cache
This is iOS behavior, not a Signal vulnerability. And likely impacts other apps.
This is a very high threat model concern, though the fix is straightforward:
Signal → Settings → Notifications → Show → set to "No Name or Content"
You'll still get a notification ping, but iOS just won't cache anything useful.
Notifications in general are a pretty interesting privacy/security attack vector in general, as they're largely managed by Apple & Google.
We cover this and a lot more in our Signal hardening guide for those who want to learn all the ins/outs: https://youtu.be/DPjg3651oJM
Techlore
Randall