Marcus Adams

I've long wondered how notifications weren't a #security hole. Turns out they are. On iPhones at least, the notifications don't just pull message content from an app, they actually store it.

Headline: #FBI Extracts Suspect’s Deleted #Signal Messages Saved in iPhone Notification Database

Source: https://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2/

#Privacy

FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database

The case was the first time authorities charged people for alleged “Antifa” activities after President Trump designated the umbrella term a terrorist organization.

404 Media
Apr 9 at 8:00pmWeb
Show threadZimmie1d ago

@gerowen It’s inherent in how notifications work on iOS. There’s no pull at all. The application which wants to show a notification makes a call to the OS with the contents of the notification it wants to show. So yeah, if Signal is set to share the cleartext of messages with the OS (which it is by default), then the OS sees the cleartext of those messages.

It’s a bit like the “revelation” a while ago that a third-party keyboard could exfiltrate what you type into Signal before it’s encrypted.