New from 404 Media: the FBI was able to extract incoming Signal messages from a phone even though the app was deleted.

Reply to New from 404 Media: the FBI was able to extract incoming Signal messages from a phone even though the app was deleted. on Thu, 09 Apr 2026 16:50:13 GMT

drwho@masto.hackers.town — Thu, 09 Apr 2026 16:50:13 GMT

@SteveBellovin @josephcox Thank you kindly.

Reply to New from 404 Media: the FBI was able to extract incoming Signal messages from a phone even though the app was deleted. on Thu, 09 Apr 2026 16:39:43 GMT

stevebellovin@infosec.exchange — Thu, 09 Apr 2026 16:39:43 GMT

@drwho @josephcox Sure.

Reply to New from 404 Media: the FBI was able to extract incoming Signal messages from a phone even though the app was deleted. on Thu, 09 Apr 2026 16:38:05 GMT

drwho@masto.hackers.town — Thu, 09 Apr 2026 16:38:05 GMT

@SteveBellovin @josephcox Can I quote you on that?

Reply to New from 404 Media: the FBI was able to extract incoming Signal messages from a phone even though the app was deleted. on Thu, 09 Apr 2026 16:10:04 GMT

netraven@hear-me.social — Thu, 09 Apr 2026 16:10:04 GMT

@ujay68 I don't know, sorry.

Reply to New from 404 Media: the FBI was able to extract incoming Signal messages from a phone even though the app was deleted. on Thu, 09 Apr 2026 16:09:13 GMT

ujay68@mastodon.world — Thu, 09 Apr 2026 16:09:13 GMT

@Netraven I guess so. Wondering if iOS offers an API that Signal could (have) use(d) to completely clear its notifications from that db. I guess not so.

Reply to New from 404 Media: the FBI was able to extract incoming Signal messages from a phone even though the app was deleted. on Thu, 09 Apr 2026 15:44:28 GMT

elly@donotsta.re — Thu, 09 Apr 2026 15:44:28 GMT

@josephcox I thought it was obvious? Anyone who ever looked at iOS or Android logs knows that every single notification you ever received is stored in the system logs, which are transferred to new devices if you use migration assistant or encrypted backup.

It's a valid and big attack vector, that's why I personally have notifications enabled to just tell me which app it is and why i'm getting a notification, no other context. Especially since push notifications are handled by Google/Apple's servers so if you can MITM it, you can collect a lot of sensitive data.

Reply to New from 404 Media: the FBI was able to extract incoming Signal messages from a phone even though the app was deleted. on Thu, 09 Apr 2026 14:41:23 GMT

peteorrall@mastodon.bsd.cafe — Thu, 09 Apr 2026 14:41:23 GMT

@josephcox While obviously concerning, my first thought is if someone needs to securely communicate then perhaps a smartphone with an OS you can't fully control isn't the best tool.

Signal may have great encryption but if the host OS has known vulnerabilities or design flaws that allow for this, then what's the point?

I am certainly open to suggestions and discussion for better solutions.

Reply to New from 404 Media: the FBI was able to extract incoming Signal messages from a phone even though the app was deleted. on Thu, 09 Apr 2026 14:32:20 GMT

jdoe@freeradical.zone — Thu, 09 Apr 2026 14:32:20 GMT

@lasagne @arrakeen_urbanite @josephcox Just yet another click baity headline from 404 media, nothing new.

Reply to New from 404 Media: the FBI was able to extract incoming Signal messages from a phone even though the app was deleted. on Thu, 09 Apr 2026 14:30:40 GMT

pee@mastodon.online — Thu, 09 Apr 2026 14:30:40 GMT

@josephcox

this is an old problem and as far as I remember, does not only affect iOS but all platforms incl. Android, Windows etc.

Therefore it's a good idea to disable 'preview' in all notifications for all Apps on all platforms - as far as I recall, these are already mass-intercepted in transit.

What's new to me is that iOS stores these, even after having deleted an App - begs the question, what about other platforms?

Reply to New from 404 Media: the FBI was able to extract incoming Signal messages from a phone even though the app was deleted. on Thu, 09 Apr 2026 14:26:41 GMT

netraven@hear-me.social — Thu, 09 Apr 2026 14:26:41 GMT

@ujay68 @josephcox I just read the text and it seems pretty clear that it was saved in the notification databse. so....not the app. Does that help?

Reply to New from 404 Media: the FBI was able to extract incoming Signal messages from a phone even though the app was deleted. on Thu, 09 Apr 2026 14:22:31 GMT

lasagne@chaos.social — Thu, 09 Apr 2026 14:22:31 GMT

@arrakeen_urbanite @josephcox

If these fucking blogs would not just repost and instead provide advice...
Like maybe testing how to clear that buffer.

Reply to New from 404 Media: the FBI was able to extract incoming Signal messages from a phone even though the app was deleted. on Thu, 09 Apr 2026 14:22:04 GMT

ujay68@mastodon.world — Thu, 09 Apr 2026 14:22:04 GMT

@josephcox Can we be more specific here? I can’t imagine technically that there’s a possibility of messages arriving *after* deleting the app being decrypted and stored in a device’s notification database? So this is probably about messages that arrived *before* deleting the app?

Reply to New from 404 Media: the FBI was able to extract incoming Signal messages from a phone even though the app was deleted. on Thu, 09 Apr 2026 14:06:50 GMT

misusecase@twit.social — Thu, 09 Apr 2026 14:06:50 GMT

@josephcox There has been some concern about security vulnerabilities and leaks associated with iOS notifications for a while, right?

Reply to New from 404 Media: the FBI was able to extract incoming Signal messages from a phone even though the app was deleted. on Thu, 09 Apr 2026 13:37:53 GMT

stevebellovin@infosec.exchange — Thu, 09 Apr 2026 13:37:53 GMT

@josephcox As I've long said, "you don't go through strong security, you go around it."