Deleted Signal messages recovered from iPhone notifications

A text app can encrypt a message end to end, but your phone can still copy part of it into a notification. That is the gap exposed in new reporting about deleted Signal messages recovered from an iPhone. (404media.co) 404 Media reported on April 9 that Federal Bureau of Investigation agents extracted incoming Signal messages from an iPhone’s notification database, even after Signal had been deleted from the device. The reporting tied the testimony to a federal case in Texas over a July 2025 attack on the Prairieland Detention Center in Alvarado. (404media.co) Apple’s notification system is the phone’s alert inbox: it stores recent alerts so they can appear on the lock screen and in Notification Center. Apple says iPhone users can choose whether previews show “Always,” “When Unlocked,” or “Never.” (support.apple.com, support.apple.com) That matters because a preview can contain the sender’s name and the message text before you ever open the app. If that preview is saved by the operating system, deleting the app does not necessarily erase the copy the phone kept for notifications. (9to5mac.com, theverge.com) The reporting does not describe Signal’s encryption being broken. It describes investigators pulling data from Apple’s host operating system, outside Signal’s encrypted message store. (theverge.com, forbes.com) The distinction is important because disappearing messages and app deletion work inside the app, while notification previews are a separate system feature. In the reported case, only incoming messages were recovered, which matches how push notifications deliver message text to a device. (404media.co, forbes.com) Signal already gives users a way to limit what appears in alerts. Its support pages say reactions only appear if users choose to display “Name and message” in notifications, which reflects that Signal can reduce how much content is exposed before a chat is opened. (support.signal.org) Apple also gives users a system-level fix. On iPhone, changing notification previews to “When Unlocked” or “Never” reduces or removes readable text from lock-screen alerts, and app-specific notification settings can further limit what appears. (support.apple.com, support.apple.com) The larger lesson is narrower than the headlines suggest: this was a notification-storage issue on the device, not a collapse of Signal’s end-to-end encryption. If a message can be read in a preview, the phone may keep a second copy in the place where it manages alerts. (9to5mac.com, theverge.com)