Apple Closes Notification Database Exploit Used by FBI
On April 22, Apple released the update to address a bug where “notifications marked for deletion could be unexpectedly retained on the device.” The company advised users to install the patch via Settings > General > Software Update. According to 404 Media’s previous reporting, the flaw kept notification data stored locally on devices even after users dismissed or deleted them, creating an unintended backup that law enforcement could access.
How the FBI Exploited Deleted Signal Messages
The vulnerability bypassed Signal’s end-to-end encryption by targeting the iOS notification system rather than the app itself. When users received Signal messages, previews appeared in notifications. Even after deleting messages within Signal, the notification database retained copies of the content. The FBI leveraged this gap to recover communications that appeared deleted to the user but persisted in Apple’s system files.
Signal president Meredith Walker expressed frustration with the flaw, stating that notifications for deleted messages shouldn’t remain in any OS notification database, and we’ve asked Apple to address this.
She recommended users disable message previews entirely by navigating to Signal Settings > Notifications > Show “No Name or Content” to prevent future exposure.
A Rare Lapse in Apple’s Privacy Stance
This exploit represents an unusual vulnerability for Apple, which has cultivated a public image as a privacy defender. The company famously resisted FBI demands for access to the iPhone used by the San Bernardino shooter in 2015 and 2016, refusing to provide passcodes or create backdoors. Apple’s refusal forced the FBI to hire third parties to crack the device without revealing their methods to Apple.
The notification database bug contradicts Apple’s rhetoric around user protection. The flaw persisted without public disclosure of its duration, raising questions about how long law enforcement agencies had exploited the vulnerability before discovery.
What Users Should Do Now
All iPhone and iPad owners should update immediately to iOS 26.4.2 or later. Signal users should additionally configure notification settings to hide message content entirely. This dual approach eliminates both the technical vulnerability and the visibility of sensitive communications in system notifications.
The Broader Encryption Debate Persists
This incident fuels ongoing tensions between privacy advocates and law enforcement over encryption backdoors. While Apple patched the flaw, the episode demonstrates that security gaps can emerge in unexpected places. The vulnerability wasn’t a deliberate backdoor but a design oversight with the same practical effect. Privacy-conscious users now face a reminder that even encrypted apps depend on secure operating systems to fulfill their promises.
Follow Hashlytics on Bluesky, LinkedIn , Telegram and X to Get Instant Updates
