Apple patches iOS bug that allowed FBI to retrieve deleted Signal messages

Signal messages are designed to disappear after being read, but iOS was retaining copies of notification text in a logging database. This allowed forensic tools to extract message content even after the app was deleted or the message expired. The issue came to light when the FBI testified it could retrieve such data from a suspect's iPhone.

- 404 Media reported the vulnerability after a hearing where the FBI described extracting Signal messages from a deleted app. - Apple confirmed the bug stemmed from a logging issue that failed to redact notification data marked for deletion. - Apple released a fix in iOS 17.5.1, stating notifications should never have been stored. - Signal thanked Apple for the rapid response and stressed that ecosystem cooperation protects private communication. - No user action is needed beyond updating the device.

The fix closes a specific data‑retention path that law enforcement could exploit for forensic recovery of disappearing messages. For most users, updating to iOS 17.5.1 eliminates the risk without changing Signal settings. Organizations should verify that devices run the patched version and consider disabling notification previews for sensitive apps as an additional layer. Defenders can monitor for unusual access to the push notification database via endpoint detection tools that flag reads of com.apple.ncserviced logs.