FBI Pulled Deleted Signal Messages from an iPhone Without Breaking Encryption
10 hours ago
- #digital forensics
- #privacy
- #messaging apps
- Most users mistakenly believe that disappearing messages vanish completely from the phone, not just from the app.
- The FBI recovered incoming Signal messages from an iPhone's notification storage, even after app deletion and message expiration.
- This occurs because the operating system stores notification previews separately from the app's controlled data.
- End-to-end encryption protects messages in transit, but once decrypted on the device, they become data the OS can cache.
- To prevent this, users can disable content previews in Signal and other messaging apps, and adjust system notification settings.
- Smartphones constantly write hidden data for OS functions, which can persist after app deletion and be extracted forensically.
- This issue affects all messaging apps with lock screen previews, not just Signal or Apple devices.
- Extracting such data requires physical device access, specialized forensic tools, and expertise, typically by law enforcement or experts.
- The privacy risk lies in overtrusting features that work partially, as they may leave traces outside the app's control.