iOS Flaw Exposes ‘Deleted’ Message Data Through Notifications – Patch Now! (iOS 26.4.2 and iOS 18.7.8)

Apple has rolled out emergency security updates to fix a privacy flaw that allowed “deleted” notification data—including message previews from encrypted apps like Signal—to persist on iPhones and be recovered later.

The issue, now patched in iOS 26.4.2 and older supported versions, drew attention after reports that U.S. investigators were able to extract supposedly deleted Signal messages from a suspect’s device—not by breaking encryption, but by accessing the iPhone’s notification database.

Key takeaways

• Apple fixed a bug that stored deleted notifications on-device
• The flaw could expose sensitive message previews from apps like Signal
• FBI investigators reportedly used this data in a criminal case
• Encryption wasn’t broken—the data came from system-level notification logs
• Users should review notification preview settings for better privacy

How the FBI accessed Signal messages

The bug gained popular attention after a 404 Media report revealed that the FBI had recovered Signal messages from an iPhone tied to a criminal investigation:

The FBI was able to forensically extract copies of incoming Signal messages from a defendant’s iPhone, even after the app was deleted, because copies of the content were saved in the device’s push notification database, multiple people present for FBI testimony in a recent trial told 404 Media. The case involved a group of people setting off fireworks and vandalizing property at the ICE Prairieland Detention Facility in Alvarado, Texas in July, and one shooting a police officer in the neck.

The messages were not pulled from Signal itself. Instead, investigators extracted them from the device’s notification database, where message previews had been stored. In fact, the Signal app had been deleted from the device before investigators extracted the message contents.

Because these previews can include some message content, they effectively created a secondary record of conversations—one that persisted even after the messages were deleted or the Signal app was uninstalled.

A bug that kept “deleted” data alive

Apple has released iOS 26.4.2 and iOS 18.7.8 to address the issue.

According to Apple’s security advisory, the flaw meant that notifications “marked for deletion could be unexpectedly retained on the device.”

While these notifications disappear from the user interface, their contents—possibly including message text, login codes, or other sensitive data from any app—could remain stored internally due to a logging issue.

Apple says the issue has now been addressed through improved data redaction, ensuring that deleted notifications are no longer recoverable.

Signal thanks Apple for patching the flaw

“We are very happy that today Apple issued a patch and a security advisory,” the private messaging service said in a post on X. “This comes following @404mediaco reporting that the FBI accessed Signal message notification content via iOS despite the app being deleted.”

The company said “no action is needed for this fix to protect Signal users on iOS.” While it’s true that Signal itself requires no amendment to address this issue, users still have to manually deploy the iOS update that delivers the fix.

“Once you install the patch, all inadvertently-preserved notifications will be deleted and no forthcoming notifications will be preserved for deleted applications,” Signal added. “We’re grateful to Apple for the quick action here, and for understanding and acting on the stakes of this kind of issue. It takes an ecosystem to preserve the fundamental human right to private communication.”

Update your iPhone!

As we regularly warn, even if you’re not a high-risk individual, it’s a good idea to stay up to date with the latest security patches — you never know when you trip a wire and become a target.

As of today, you want to be on iOS 26.4.2 or iOS 18.7.8 (even if you don’t use Signal).

If you haven’t updated your iPhone in a while, now’s a good time to do so.

Besides addressing this nasty flaw, this week’s update packs fixes for security holes exploited in widespread espionage and crypto theft.

For peace of mind, run an independent security solution on all your personal devices. Keep the trusty Lockdown Mode toggle handy if you have reason to believe hackers might target you.

How to protect your Signal communications

To prevent Signal from storing message content, you must focus on on-device storage, as Signal does not store message content on its servers. Because Signal stores messages locally, you need to use disappearing messages and limit storage history, then turn off notification previews. 

Here are the specific methods to prevent Signal from storing message content:

1. Enable Disappearing Messages – removes messages automatically from both ends of a conversation.

• For new chats: go to Signal Settings > Privacy > Default timer for new chats and set a time.
• For existing chats: open a chat, tap the contact name/group name, select Disappearing Messages, and set the timer.

2. Configure Local Storage Management – limits how much message history is kept on your phone. 

• Go to Settings > Data and Storage > Manage storage > Keep messages.
• Select a duration to automatically delete older messages.
• Limit conversation length by message count (e.g., 100 messages).

3. Change notification settings – prevents authorities from recovering messages from iPhone notification logs.

• Go to Signal Settings > Notifications > Show.
• Select No name or message (or "No name or content").

Remember, Signal messages are encrypted on your device. These steps merely ensure they are not retained (stored) permanently.

You may also want to read:

Apple Patches Older iPhones Against ‘Coruna’ Hacks Used in Espionage and Crypto Theft

Fake WhatsApp Clone Used in Spyware Campaign, Meta Warns

Apple Debuts ‘Background Security Improvements’ with Urgent WebKit Fix for iPhone and Mac – Here’s How to Enable the Feature