Deleted Signal Messages May Not Be Fully Private: FBI Retrieved Chats via iPhone Notifications

A recent development from a US federal investigation has raised fresh concerns about digital privacy. Reports reveal that the Federal Bureau of Investigation (FBI) managed to recover deleted messages from the Signal app—not by breaking its encryption, but by accessing notification data stored on an iPhone.

The case highlights a critical gap in user privacy: even highly secure messaging apps can leave traces outside the app due to device-level settings.

How Were Deleted Messages Recovered?

According to court disclosures, investigators did not hack or bypass Signal’s encryption. Instead, they relied on data stored in the iPhone’s notification system.

Here’s how it worked:

• When lock screen previews are enabled, parts of incoming messages are stored temporarily by the iPhone
• These message snippets remain in the device’s notification database
• Using forensic tools, investigators extracted this stored data after gaining physical access to the device
• Even if messages were deleted or set to disappear, fragments remained accessible

However, the method had limitations—it mainly retrieved incoming messages, not outgoing ones.

Why Notification Settings Matter

This case underlines a key point: your phone settings can impact your privacy just as much as the app you use.

If notification previews are turned on:

• Sensitive message content may be stored outside the app
• Data can remain accessible even after deletion
• Privacy risks increase, especially if the device is accessed physically

Signal already offers options to:

• Hide message content in notifications
• Show only the sender’s name
• Disable previews entirely

Adjusting these settings can significantly reduce exposure.

A Bigger Privacy Issue Beyond Signal

Experts say this is not a Signal-specific flaw, but a broader issue linked to how smartphones handle notifications.

Modern operating systems often store:

• Notification previews
• Message snippets
• Temporary logs for user convenience

These “secondary data trails” can be accessed during forensic investigations, even if the original app data is encrypted or deleted.

This marks a shift from earlier practices, where agencies primarily relied on data requests to tech companies. Now, device-level forensic extraction is becoming more prominent.

What Users Should Do to Stay Safe

The incident serves as a reminder that end-to-end encryption alone does not guarantee complete privacy. Users should take additional precautions:

• Disable lock screen message previews
• Limit notifications to “sender only” mode
• Regularly review privacy settings on smartphones
• Use app-level security features like disappearing messages

Final Take

While apps like Signal remain among the most secure messaging platforms, this case shows that privacy depends on both app security and device configuration. A simple setting—like notification previews—can make the difference between complete privacy and partial exposure.