According to 404 Media, the FBI was able to recover incoming messages from a suspect’s iPhone even after the Signal app was deleted and messages were set to disappear. According to testimony from an FBI special agent, the messages were obtained not from Signal itself, but from the phone’s notification storage.
Only incoming messages were recovered; sent messages were not. This detail clearly indicates the source: they were extracted from preview texts that appeared on the lock screen when each message was received.
When a Signal message arrives on an iPhone with the “show text” feature enabled, the notification is handled by the operating system. The OS displays it and decides what to do with its content. Signal’s promises about disappearing messages, encryption, and deletion apply only to data under Signal’s control. They do not affect data that the operating system has already copied for its own purposes.
This is not unique to Signal. The same issue applies to all secure messaging apps. End-to-end encryption protects messages in transit, but once a message reaches the recipient’s device, it must be decrypted to be read. From that point on, it becomes regular data stored on the device.
Read “Zamin” on Telegram!
