Petteri Pyyny
10 Apr 2026 18:02
Most people are likely well aware that Signal is one of the most strongly encrypted instant messaging apps available.
Signal has even added so-called quantum-resistant encryptionto its app, designed to prevent message encryption from being broken by future quantum computers.
Naturally, this creates challenges for authorities, as all communication on Signal is end-to-end encrypted. Put simply, this means that Signal messages cannot be accessed on any device other than the intended recipient's phone running the Signal app.
404 Media reports (paywalled) on a case where the United States federal police, the FBI, managed to obtain part of a suspect's Signal message history.
The individual was suspected of vandalizing property belonging to the United States immigration authority, ICE. He was arrested and authorities gained access to his iPhone. However, the suspect had deleted the Signal app entirely from the phone, along with all of its message history.
Despite this, the FBI managed to recover the suspect's received messages in a rather unexpected way.
The iPhone includes a built-in notification history database, which stores all incoming app notifications. Crucially, this database is not protected by any separate password -- once the phone itself is unlocked, the notification history database is also accessible.
In other words, the FBI was not able to recover deleted Signal messages themselves, but instead retrieved the received messages because traces of them had been stored at the system level on the iPhone.
So this is not a security vulnerability in Signal itself, but rather an issue related to the operating system the app was used on. If the suspect had completely disabled notifications for Signal, they would (presumably) not have been stored in the iPhone's internal database either.
Users can also configure Signal notifications so that they only display the sender's name, without showing the message content - in which case the iPhone's notification history would only contain information about who sent the message.
Android devices have a somewhat similar notification history feature as well, although on some phones it must be enabled separately. But if it is enabled, the same situation would most likely apply to Android phones too.