Apple Patches iOS Bug Allowing FBI to Recover Deleted Signal Messages from iPhones

Apple has patched a security flaw in iOS that enabled the FBI to forensically recover copies of incoming Signal messages from a defendant’s iPhone—even after the app had been deleted. The issue occurred because iPhones stored copies of these messages in the device’s notification database.

The fix, implemented last week, follows 404 Media’s report on a case in which the FBI accessed deleted Signal messages. According to Apple, the patch prevents iPhones from saving copies of deleted messages from Signal or other apps. Additionally, the update retroactively purges any previously saved notifications linked to deleted apps.

Apple Acknowledges the Bug as a Logging Issue

While Apple described the vulnerability as a bug, court records indicate the FBI has exploited similar flaws multiple times to recover Signal message content. Signal publicly responded on April 22, stating:

“We are very happy that today Apple issued a patch and a security advisory. This comes following 404 Media reporting that the FBI accessed Signal message notification content via iOS despite the app being deleted.”

Signal also invited further tips on encrypted messaging apps, offering secure contact methods for journalists:

• Signal: joseph.404
• Email: [email protected]

Apple’s Official Response and Technical Details

Apple’s security advisory, sent to 404 Media on the same day, addressed the saved messages issue with a brief explanation:

“A logging issue was addressed with improved data redaction.”

In a follow-up email, Apple clarified that the bug caused iPhones to unexpectedly save notifications marked for deletion. The patch not only prevents future occurrences but also removes any previously stored notifications tied to deleted apps. Apple emphasized its policy of purging associated notifications when a user deletes an app.

Case Background: ICE Detention Facility Incident

The case covered by 404 Media involved the ICE Prairieland Detention Facility in Alvarado, Texas. During the incident, a group set off fireworks, vandalized property, and allegedly shot a police officer in the neck. This case marked the first time authorities charged individuals under the “Antifa” designation after President Trump declared the term a domestic terrorist organization in September 2024.

Two witnesses who attended the trial of FBI Special Agent Clark Wiethorn confirmed to 404 Media that the FBI recovered incoming Signal messages—despite the user having deleted the app. Harmony Schuerman, an attorney for defendant Elizabeth Soto, shared notes with 404 Media explaining the mechanism:

“They were able to capture these chats bc [because] of the way she had notifications set up on her phone—anytime a notification pops up on the lock screen, Apple stores it in the internal memory of the device.”

A supporter of the defendants added:

“We learned that specifically on iPhones, if one’s settings in the Signal app allow for message notifications and previews to show up on the lock screen, [then] the iPhone will internally store those notifications/message previews in the internal memory.”