Written byBrian Quarmby,Staff Writer

Reviewed byFelix Ng,Staff Editor

Apple fixes bug that allowed FBI to read deleted Signal messages

Latest NewsPublishedApr 23, 2026

FBI used the flaw to extract readable previews of Signal messages from an iPhone’s notification database even after the app was deleted.

Tech giant Apple has fixed a security flaw that had allowed the FBI to access a Signal user’s deleted messages through their phone’s push notification database, despite the app being deleted and messages being set to disappear.

In a security advisory released on Wednesday, Apple stated it had fixed a bug that allowed “notifications marked for deletion” to be “unexpectedly retained on the device.”

In an X post on Wednesday, Signal stated the update fixed the issue that made a user’s messages retrievable by law enforcement.

“Apple’s advisory verified that the bugs that allowed this to happen have been fixed in the latest iOS release,” Signal stated.

Signal uses end-to-end encryption to secure messages between its users. The bug is a reminder that messaging encryption may not be enough to keep data protected when using certain devices or operating systems.

Apple’s notes on the security patch. Source: Apple

FBI found a backdoor to private messages

This security flaw was first highlighted by independent technology news website 404 Media, which reported on April 9 that documents recently unsealed in Texas federal court related to an FBI case over an attack on the Prairieland ICE Detention Facility last July.

The court proceedings showed that the FBI was able to forensically extract a defendant’s Signal messages from the iPhone’s notification database, which contained cached, readable previews of incoming Signal messages even after disappearing messages were enabled and the app was deleted.

Related: X rolls out smart cashtags in US, Canada in step toward ‘everything app’

Following the 404 Media report, Signal President Meredith Whittaker called on Apple to quickly fix the issue, noting in an April 14 X post that “notifications for deleted messages shouldn’t remain in any OS notification database.”

Pavel Durov, the co-founder of competing privacy messaging app Telegram, also commented on the report, arguing in an April 14 Telegram post that the only way to truly stay safe was for the app to “force an absence of notification previews” on both ends of a conversation.

Magazine: How to fix suspected insider trading on Polymarket and Kalshi

Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

• FBI
• Privacy
• Telegram
• Encryption