Apple fixes bug that cops used to extract deleted chat messages from iPhones
cdrnsf
506 points
124 comments
April 22, 2026
Related Discussions
Found 5 related stories in 65.2ms across 5,335 title embeddings via pgvector HNSW
- FBI used iPhone notification data to retrieve deleted Signal messages 01-_- · 579 pts · April 10, 2026 · 67% similar
- FBI Extracts Suspect's Deleted Signal Messages Saved in iPhone Notification Data jnord · 13 pts · April 10, 2026 · 66% similar
- FBI Extracted Deleted Signal Messages Saved in iPhone Notification Database bjord · 63 pts · April 09, 2026 · 64% similar
- Apple update looks like Czech mate for locked-out iPhone user OuterVale · 327 pts · April 12, 2026 · 56% similar
- FBI stymied by Apple's Lockdown Mode after seizing journalist's iPhone alwillis · 15 pts · March 04, 2026 · 55% similar
Discussion Highlights (20 comments)
unethical_ban
I wonder if the same flaw exists on Android/GrapheneOS.
nxobject
Note that Signal offers the option to use generic “You’ve received messages” notifications - it’s good practice in general.
modeless
Oh, I was originally confused about this because I had thought the push notifications were end-to-end encrypted, so they couldn't be cached in readable form by the push notification service, and only decrypted by the app on device upon receiving the notification. But it seems like after the notification was decrypted by the app and shown to the user using OS APIs, the notification text was was then stored by the OS in some kind of notification history DB locally on the device?
pixel_popping
In privacy circles, this was always known, as Google/Apple often sends notification content to their servers (which means that it bypass the App realm). Some people talking about it (different but in the same scope of issue): https://blog.davidlibeau.fr/push-notifications-are-a-privacy...
itopaloglu83
Thankfully Apple backported the fix the iOS 18 as well.
maerF0x0
Cat and Mouse, good. This is the adversarial setup that results in a better outcome for all.
dlcarrier
This was a bug that left it cached on the device. Apple and Google have put themselves in the middle of most notifications, causing the contents to pass through their servers, which means that they are subject to all the standard warrantless wiretapping directly from governments, as well as third-party attacks on the infrastructure in place to support that monitoring. If you don't want end-to-end messages made available to others, set your notifications to only show that you have a message, not what it contains or who its from.
6thbit
The "bug" discussed in the article is only part of the problem. The main problem, which is notifications text is stored on a DB in the phone outside of signal, is not addressed. To avoid that you have to change your settings. In this case, the defendant had deleted the signal app completely, and that likely internally marks those app's notifications for deletion from the DB, so the bug fixed here is that they were not removing notifications from the local database when the app that generated them was removed, now they do. Impact: Notifications marked for deletion could be unexpectedly retained on the device Description: A logging issue was addressed with improved data redaction. CVE-2026-28950 They classify this as "loggging issue" so it sounds like notifications were not actually in the database itself but ended up in some log.
tcfhgj
bug or backdoor?
varun_ch
This makes me wonder: Cellebrite makes tools for law enforcement to break into iPhones, likely exploiting weaknesses/vulnerabilities. Does Apple buy Cellebrite’s tools and reverse engineer them? Or would they not have a way of acquiring them legally?
lynndotpy
Heads up. They have released an iOS 18 update (good!) but, and please bear the caps: UPDATING IOS WILL ENABLE AUTOMATIC UPDATES TO IOS 26. (Bad!) This is a new shady tactic they're using trying to get iOS 18 users to install iOS 26.
skrtskrt
It's not new that push notifications should be presumed to be insecure, with their content passing through - and probably persisted - outside the app sandbox and anything in control of in-app encryption. Apple should have fixed this long ago (not that you can trust a closed system), but Signal should also have strong guardrails & warnings around allowing message content in push notifications.
cubefox
It is completely unclear from this article whether this means Apple does no longer cache dismissed notifications somewhere.
ashishb
This has nothing to do with Apple/Firebase notification service. It has to do with the fact that any notification displayed on your device goes via a separate system service which was caching them. It is amusing to see how often people confuse device notifications with Apple notification service.
aucisson_masque
> This was because notifications that displayed the messages’ content were also cached on the device for up to a month. Why can't we have notification history just like on Android then. It's very useful when you dismiss a notification you didn't want to, or you look for some old stuff.
ghstinda
I like apple, but would never trust them with privacy. NYPD uses ISMI catchers and other tech. This is a nothing burger or nothing donut.
kippinsula
every time something like this surfaces I'm reminded how many privacy guarantees end at the app boundary. you can do all the e2e crypto you want, the OS layer is going to do whatever it does with your strings once they hit a render path. probably an unsolvable category of bug as long as notifications need to show readable text somewhere.
chislobog
Looking at the detritus in the filesystem on Jailbroken iOS devices you will observe that iOS decides to vacuum, purge, and let linger all sorts of databases and logs until something triggers a cleanup which is usually time or an iCloud sign-out induced erase and subsequent sync. People have been complaining for years about excessive phantom “system storage” and “other data.” Interestingly the photos thumbs database can grow seemingly indefinitely in size for some weeks or more if you’re regularly deleting all of your photos and saving to photos from apps or taking photos. I suspect that there a lot of behavioral data records that is left on most devices until a convenient period of inactivity passes and the possible user behavior analysis and reporting functions of iOS allow whatever cleanup happens after processing on device. It would be useful to capture iCloud backup restores from physical devices to corellium virtual devices with some creative matching of your existing idevices identifiers. Could see what triggers a cleanup during backups, local or otherwise, get a good look at what is being restored from iCloud. I also think it’s possible that iCloud can sync a database, say safari bookmarks, pushing it to the device inducing a state where the device bookmarks are moved to inaccessible tables and left there, unavailable to the end user, but not out of sync with the current active session state. Of course this is just my musing based on observations of weekly ffs extractions of a few devices over the last 5 years.
trinsic2
I would never rely on a closed system for secure messaging to many unknowns.
benjx88
Anthropic Mythos at work! iOS is so good and well built that only 1 bug was found and those patch. "It's either all a joke ... or none of it is." -Bruce Banner