Let me get this straight...

Reply to Let me get this straight... on Thu, 09 Apr 2026 17:43:16 GMT

lennybacon@infosec.exchange — Thu, 09 Apr 2026 17:43:16 GMT

@wdormann Looks different here. But it’s Most probably the „Preview“ -Thing that causes Information to leak (to the OS which persists it unsecure)

Reply to Let me get this straight... on Thu, 09 Apr 2026 17:21:41 GMT

craignicol@glasgow.social — Thu, 09 Apr 2026 17:21:41 GMT

@wdormann @mastodonmigration eh what?

On Android it just shows "you have a new message". Was this an Apple or a Signal decision?

Reply to Let me get this straight... on Thu, 09 Apr 2026 17:14:28 GMT

prism@infosec.exchange — Thu, 09 Apr 2026 17:14:28 GMT

@wdormann The default setting is that you get notified when you receive a message, because most people want those.

Reply to Let me get this straight... on Thu, 09 Apr 2026 17:07:07 GMT

beachbum@mastodon.sdf.org — Thu, 09 Apr 2026 17:07:07 GMT

@avuko @wdormann I was rather shocked that this could even be possible yet actually occurring.

Reply to Let me get this straight... on Thu, 09 Apr 2026 17:05:48 GMT

beachbum@mastodon.sdf.org — Thu, 09 Apr 2026 17:05:48 GMT

@avuko @wdormann That’s partly why I’m asking because I disable notifications as soon as I purchase a phone. Locating my phone is important because I misplace it a lot. My location services it’s also always off.
I have a degree in IT, but it goes back to 2006 and so much has changed since then and honestly, I only keep up through what I read here on Mastodon. I thought doing these things would secure my privacy.

Reply to Let me get this straight... on Thu, 09 Apr 2026 17:02:53 GMT

tdpsk@sueden.social — Thu, 09 Apr 2026 17:02:53 GMT

@wdormann @Mer__edith I was unaware notifications on iOS were stored in an on-device database even after they had been dismissed. That seems like an inefficient waste of storage - does anybody have a link to some Apple docs providing context about this database?

Reply to Let me get this straight... on Thu, 09 Apr 2026 17:02:52 GMT

cppguy@infosec.space — Thu, 09 Apr 2026 17:02:52 GMT

@avuko @wdormann

Oh, but it's even worse than that. From TFA:

Authorities have turned to push notifications more broadly as an investigative strategy too; in June 404 Media reported Apple gave governments data on thousands of push notifications. Those were legal demands made to Apple, while the Prairieland case was about data from a device authorities had physical access to.

This suggests that your #notifications are sent home to #Apple. Why is that necessary?

I have further questions:

Why, and for whose benefit, were notifications stored on the phone after the #Signal app had been removed? They were useless to the other of the phone.
How much of this vulnerability is shared with Android phones?

Reply to Let me get this straight... on Thu, 09 Apr 2026 16:45:28 GMT

grammasaurus@mastodon.social — Thu, 09 Apr 2026 16:45:28 GMT

@omnicore @wdormann @signalapp What I got from the article is what you said here: the weakness is in iPhone’s default behavior.

Reply to Let me get this straight... on Thu, 09 Apr 2026 16:32:21 GMT

wdormann@infosec.exchange — Thu, 09 Apr 2026 16:32:21 GMT

@AwkwardTuring
Right. That's the million dollar question.

Reply to Let me get this straight... on Thu, 09 Apr 2026 16:31:43 GMT

awkwardturing@infosec.exchange — Thu, 09 Apr 2026 16:31:43 GMT

@wdormann what does that mean for any other app that pushes sensitive data as notifications? Wondering if disabling the notification rly disables the storing in the DB or just the display of it.

Reply to Let me get this straight... on Thu, 09 Apr 2026 15:59:02 GMT

avuko@infosec.exchange — Thu, 09 Apr 2026 15:59:02 GMT

@Beachbum @wdormann if you do not want to be tracked/traced/placed, don’t bring a mobile phone in any way tied to you or your previous locations.

I worked in telco for years, trust me on this one.

The problem here was different: people who thought they were communicating privately, had their messages (or those that ended up in Apple’s notifications database on the iPhone) accessible to law enforcement. Even after (taking precautions like) deleting the app.

Reply to Let me get this straight... on Thu, 09 Apr 2026 15:53:01 GMT

wdormann@infosec.exchange — Thu, 09 Apr 2026 15:53:01 GMT

@omnicore @signalapp
Regardless, even just testing things out on a clean test device, an iPhone with Lockdown Mode enabled still gets push notifications with the incoming message body.

So, color me skeptical that Lockdown Mode does anything regarding this.

Reply to Let me get this straight... on Thu, 09 Apr 2026 15:50:26 GMT

wdormann@infosec.exchange — Thu, 09 Apr 2026 15:50:26 GMT

@Mer__edith
Can we get a comment on this?

1) The default Signal setting to show message contents in push notifications seems... bad, assuming this article is accurate.
2) Does changing the in-Signal-app setting for Notification Content indeed prevent notifications from being stored anywhere, which by default contains incoming message bodies.

Reply to Let me get this straight... on Thu, 09 Apr 2026 15:44:43 GMT

beachbum@mastodon.sdf.org — Thu, 09 Apr 2026 15:44:43 GMT

@avuko @wdormann I have Alerts for almost all of my apps turned off. I only have them on for find my phone and emergency, Public Safety and Amber Alerts. Do I need to turn those off also?

Reply to Let me get this straight... on Thu, 09 Apr 2026 15:24:15 GMT

avuko@infosec.exchange — Thu, 09 Apr 2026 15:24:15 GMT

@wdormann The default setting for the iPhone by the US company Apple is to pass messages through to their Notification functionality.

They could be retrieved by the FBI from the US company Apple's push notification database.

The US company Apple, not Signal, has a shoddy security model here.

PS: To any Apple fanboys who can't stand a single bad word about Apple, I'll block you permanently and happily if you even give a squeak.

#Apple #Signal #FBI #Fascism

Reply to Let me get this straight... on Thu, 09 Apr 2026 15:19:19 GMT

wdormann@infosec.exchange — Thu, 09 Apr 2026 15:19:19 GMT

@omnicore @signalapp
Yeah, I've been on Lockdown Mode since it was released.

Do you have a reference for how this is the case?

Reply to Let me get this straight... on Thu, 09 Apr 2026 15:09:18 GMT

bsod@framapiaf.org — Thu, 09 Apr 2026 15:09:18 GMT

@wdormann ok ... I wonder if changing this option would make any difference unless notifications are fully disabled

Reply to Let me get this straight... on Thu, 09 Apr 2026 15:04:23 GMT

wdormann@infosec.exchange — Thu, 09 Apr 2026 15:04:23 GMT

@bsod
They had access to an unlocked device.

Unclear whether that was voluntary, through coercion, or through trickery like Cellebrite advertises.

Reply to Let me get this straight... on Thu, 09 Apr 2026 15:01:59 GMT

marypcbuk@hachyderm.io — Thu, 09 Apr 2026 15:01:59 GMT

@wdormann I mean, before 2025 did the average mainstream user have the US government in their threat model?

Reply to Let me get this straight... on Thu, 09 Apr 2026 15:00:28 GMT

bsod@framapiaf.org — Thu, 09 Apr 2026 15:00:28 GMT

@wdormann how the FBI could access the device notifications database?