Earlier this month, 404 Media broke an interesting, complex, and disturbing story: The FBI had successfully recovered Signal messages coming from the defendant’s iPhone, despite the fact that those messages were set to self-destruct within the famously secure chat app. Although it’s easy to assume that Signal would be to blame, it turns out that the fault lay with iOS – and Apple may have fixed the problem.
In short: 404 Media spoke to someone who was involved in the lawsuit in question, where the court learned that all iPhone information is stored in a database on the device. So even though the Signal messages were deleted, their notification data remained in this database, where the FBI was able to obtain them. (The respondent’s own messages were not present, as only incoming texts would generate notifications.)
The story created a buzz in the tech community. Many of us who have used iPhones since their inception 20 years ago were surprised to learn about this “notification database,” a revelation that prompted discussion about the best way to strengthen iPhone notification security. Based on information revealed in the court case, the best course of action appears to be to prevent sensitive data from appearing in notifications – if you prevent Signal from revealing message information in its alerts, an intruder accessing your notification database would only see that you received a Signal notification, not what the message said or who it was from. Still, there were unanswered questions: Does the information still remain in the database after you clear it? And if you don’t, how long will they stay there?
iOS 26.4.2 may offer a solution to this Signal issue
Although we don’t have exact answers to those questions, we’re probably a little closer. On Wednesday, Apple removed iOS 26.4.2. This update doesn’t include any new features or changes, so don’t expect your iPhone to look any different after installing it. In fact, the vague release notes only offer that the update “provides bug fixes and security updates for your iPhone.” However, click through Apple’s security release siteand you will find Official security notes for 26.4.2. Here, we can see a bug fix for Notification Services: “Notifications marked for deletion may unexpectedly be retained on the device.”
What do you think so far?
There’s no easy way to confirm that this fix was released in response to the Signal news, but the timing is curious to say the least. What are the chances that, just weeks after the revelation that the FBI had accessed a user’s “notification database” to retrieve deleted messages, Apple would release a fix for a bug that would leave deleted notifications somewhere on the device? Still, questions remain: Did the defendant in the case delete the notifications from his iPhone, or only the messages? Did notifications appear to clear automatically after messages self-destruct? for what it’s worth, Apple also released iOS 18.7.8Which fixes the same notification service bug for older builds of iOS. I’ve contacted Apple for clarification and will update this piece if I hear back.
How to Install iOS 26.4.2
If this update really prevents actors from obtaining previously deleted notifications from our iPhones, it is a good idea to install it as soon as possible. To do this, proceed Settings > General > Software UpdateThen follow the on-screen instructions to download and install the update. The same applies if you’re on iOS 18 and trying to install iOS 18.7.8.
