The FBI did not break Signal’s encryption. There was no need for this. A bug in Apple’s iOS was silently caching readable previews of Signal messages inside the phone’s notifications database, surviving even after disappearing messages were enabled, the app was deleted, and conversations were long gone.
How did the FBI recover deleted messages?
The flaw came to light through court documents revealed in the Texas federal case, which was first reported by independent outlet 404 Media on April 9. The case involved an attack at the Prairieland ICE Detention Facility in July 2024.
FBI forensic examiners extracted the defendant’s Signal messages directly from the iPhone’s notification cache, a storage layer that sits entirely outside Signal’s encrypted environment and was maintaining message previews without users’ knowledge.
Apple addressed the issue in its security notice, revealing that the company had addressed a bug that caused notifications to be “marked for deletion unexpectedly on devices.” This update was part of the latest iOS software version. The same day, Signal revealed that it had updated its software, noting on Twitter that “the bugs that made this possible have been fixed.”
Signal President Meredith Whitaker had already called out Apple in an X post dated April 14, 2023, claiming that notifications of deleted messages should never appear in any OS-level cache. Telegram co-founder Pavel Durov took a tougher stance, noting that the only solution is for apps to enforce that there is no preview of notifications on either end of the exchange by default.
End-to-end encryption only works during transmission. It cannot direct what the underlying OS does with the notification metadata after receiving the message.
