FBI Recovered Deleted Signal Messages From iPhone Notification Storage
Federal court reporting in Texas showed that the FBI recovered incoming Signal message content from an iPhone even after the app had been deleted and messages were set to disappear. The messages were cited as evidence in a case tied to the attack on the ICE Prairieland Detention Facility in Alvarado, where one police officer was shot; reporting identified defendant Lynette Sharp as having pleaded guilty to providing material support to terrorists. The recovered content reportedly came from iOS notification data stored on the device, not from any compromise of Signal’s end-to-end encryption.
The exposure appears to stem from message previews cached by iOS when Signal notifications were displayed, allowing forensic tools used by law enforcement to extract at least some incoming message text while outgoing messages were not similarly recoverable. Privacy advocates including EPIC and the EFF called the issue a serious concern and urged users to limit notification exposure by changing Signal’s notification setting so previews show no sensitive content, such as "No name or message".

Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Apple ships iOS 26.4.2 and iOS 18.7.8 to fix notification retention flaw
Apple released iOS 26.4.2, iPadOS 26.4.2, iOS 18.7.8, and iPadOS 18.7.8 to fix a Notification Services vulnerability in which notifications marked for deletion could be unexpectedly retained because of a logging issue that failed to properly redact data. The update was reported as addressing the forensic privacy risk highlighted by the FBI’s recovery of Signal message contents from iPhone notification storage.
Apple releases iOS 26.4 with push notification token validation changes
Apple released iOS 26.4 with changes to push notification token validation. Reporting noted the update but said any connection between those changes and the Signal message recovery case was unknown.
Researchers and advocates warn iPhone notifications can expose Signal messages
Reporting on the case prompted privacy advocates including EPIC and the EFF to warn that notification previews can undermine the privacy of disappearing Signal messages on iPhones. Guidance emphasized disabling message details in Signal notifications to reduce recoverability from device storage.
FBI recovers Signal message content from deleted iPhone app data
In the Texas federal case, the FBI extracted incoming Signal message content from an iPhone's notification database even after the Signal app had been deleted. The messages had been set to disappear, but their contents persisted because iOS cached notification previews on the device.
Defendant pleads guilty in Texas domestic terrorism case
Lynette Sharp pleaded guilty to providing material support to terrorists in connection with the attack on the ICE Prairieland Detention Facility. The plea became part of the federal case in which recovered Signal message evidence was discussed.
Attack at ICE Prairieland Detention Facility leads to arrests
An incident at the ICE Prairieland Detention Facility in Alvarado, Texas resulted in one police officer being shot and nine people being arrested. The later federal case tied recovered Signal messages to this July 2025 event.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
8 references tracked. Mallory keeps watching after this page renders.
SpaceX s'offre Cursor : Microsoft a jeté l'éponge - ZDNET
zdnet.fr
Open sourceFBI Extracts Deleted Signal Messages from iPhone Notification Database - Schneier on Security
schneier.com
Open sourceApple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case
thehackernews.com
Open sourceApple Fixes Notification Privacy Flaw That Allowed FBI to Access Deleted Signal Messages
cybersecuritynews.com
Open sourceZD Tech : Pourquoi vos messages Signal peuvent rester lisibles su ...
zdnet.fr
Open sourceiOS 26.4.2 and iOS 18.7.8 Address Notification Privacy Flaw Highlighted by FBI Case - TidBITS
tidbits.com
Open sourceHow did the FBI recover Signal messages from a deleted app? - Boing Boing
boingboing.net
Open sourceHow to Make Sure Your Private Signal Messages Aren't Still Lurking on Your Phone - CNET
cnet.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.


