Apple’s new iOS 26 bug fix stops Feds snooping on deleted notifications
An iOS 26 bug had kept dismissed notifications in local storage. The privacy-focused Signal app was not happy about that
Apple has released an update for iPhone and iPad that closes off an exploit that enabled law enforcement agencies to recover the content of messages that had appeared within notifications.
In releasing iOS 26.4.2 on April 22, Apple said the bug meant “notifications marked for deletion could be unexpectedly retained on the device” and advised users to update their devices (Settings > General > Software Update) in a timely fashion.
404 Media had previously reported (via TechCrunch) on a bug that kept notifications stored locally on the device, even though users may have dismissed or deleted them. That report said the FBI had exploited the bug to recover Signal messages – of all apps! – even after those messages had been deleted within Signal itself.
The bug undermined the app’s end-to-end encryption and marketability as THE messaging app for privacy-conscious users. Signal was, rightly, upset about this with president Meredith Walker commenting: “Notifications for deleted shouldn’t remain in any OS notification database, and we’ve asked Apple to address this.”
She suggested that Signal users take steps to stop message previews appearing in notifications at all by heading to Signal Settings > Notifications > Show “No Name or Content”.
In all honesty, this is a pretty big balls-up from Apple, considering its long-running history of fighting to keep the FBI in particular over access to users’ personal iPhones. Apple pointblank refused to give the G-Men access to the iPhone of the shooter in San Bernardino, California back in 2015 and 2016. The FBI eventually hacked there way in (without telling Apple how, of course) but Apple had steadfastly hand over the passcodes. It’s not clear how long this exploit has been active.
Chris Smith
