Apple Just Patched the iOS Bug That Let the FBI Read Your Deleted Signal Messages

What Apple Fixed

On April 22, Apple released iOS 26.4.2 and iOS 18.7.8 to patch CVE-2026-28950, a vulnerability in the notification system that allowed "notifications marked for deletion" to persist on the device. The bug meant that when you deleted a message in Signal, WhatsApp, or any app that uses iOS push notifications, the notification preview containing that message's content remained in internal storage.

Apple's fix, described only as "improved data redaction," shipped as an emergency out of cycle update. The company did not explain how long the bug had existed, how many devices were affected, or why notification content was being stored in a way that survived deletion in the first place.

How the FBI Used It

The vulnerability came to public attention through a federal court case reported by 404 Media. FBI agents recovered deleted Signal messages from a suspect's iPhone using forensic extraction tools. Court documents stated that "messages were recovered from Sharp's phone through Apple's internal notification storage—Signal had been removed, but incoming notifications were preserved in internal memory."

The suspect had uninstalled Signal before the device was seized. It did not matter. Every message that had generated a notification left a copy in the system's notification database, and that copy survived both the message deletion and the app removal.

Why Disappearing Messages Were Not Disappearing

Signal's disappearing messages feature is designed for exactly this scenario: messages that auto delete after a set period, leaving no trace on either device. Journalists use it to protect sources. Activists use it to avoid surveillance. Lawyers use it for privileged communications.

But Signal can only control what happens inside its own app. When iOS receives a push notification, it writes a copy of the notification content to a system level database that Signal cannot access or delete. Even if Signal scrubs the message from its own storage, the notification preview, which often contains the full message text, lives in a separate part of the operating system.

This is the core problem CVE-2026-28950 exposed: a messaging app can promise end to end encryption and disappearing messages, but if the operating system caches notification content indefinitely, those promises have a hidden asterisk that only forensic tools can read.

What the Fix Actually Changes

Apple's "improved data redaction" likely means the notification system now properly purges content when notifications are dismissed or when the originating app deletes its data. But Apple has not confirmed the technical details, which raises questions:

• Retention window: Apple did not say how long notifications were being cached. Days? Weeks? Months? The court case suggests the data persisted long enough for forensic recovery after the app was uninstalled.
• Scope: The advisory only mentions notifications, but iOS caches other system level data—Spotlight indexes, Siri suggestions, clipboard history. Whether those systems have similar retention issues remains unknown.
• Retroactive cleanup: Apple has not confirmed whether the update purges notification data that was already cached on devices running older iOS versions.

Who Should Be Concerned

This vulnerability is most dangerous for people who rely on disappearing messages as a security feature:

• Journalists communicating with confidential sources over Signal
• Activists and organizers in regions with hostile governments
• Lawyers exchanging privileged information
• Anyone in a custody, immigration, or criminal proceeding where a phone may be seized

For the average user, the practical risk is lower—forensic extraction requires physical access to the device and specialized tools. But the principle matters: if you chose to delete a message, the operating system should not keep a copy without telling you.

How to Protect Yourself Right Now

Update your iPhone immediately. iOS 26.4.2 and iOS 18.7.8 are available now through Settings > General > Software Update.

Beyond the update, change how Signal handles notifications. Open Signal, go to Settings > Notifications > Notification Content, and select "No Name or Content." This prevents message text from ever reaching the notification system. The tradeoff is that Signal notifications will only say "New Message" without showing who sent it or what it says.

The same principle applies to any messaging app: the less content you allow in notification previews, the less data the operating system can cache. WhatsApp, Telegram, and other apps offer similar notification content settings.

The Bigger Question Apple Has Not Answered

The most important question is not whether the bug existed—it is why notification content was being stored persistently in the first place. Push notifications are supposed to be ephemeral: they arrive, they display, and they disappear when dismissed. A system that retains them after deletion suggests either a design flaw or a deliberate caching decision that was never disclosed to users.

Apple has not said which it was. Until it does, users should assume that anything displayed in an iOS notification may leave a forensic trace on the device, regardless of what the originating app promises about encryption or deletion.