Apple fixes bug that let FBI retrieve deleted iPhone messages
What's the story
Apple has released a software update for iPhones and iPads, fixing a major security flaw. The bug had allowed law enforcement agencies to recover messages that were either deleted or automatically disappeared from messaging apps. This was possible due to notifications showing the content of these messages being cached on the device for up to a month.
Issue acknowledgment
Apple acknowledged the bug in a security notice
In a security notice on its website, Apple acknowledged the bug and said "notifications marked for deletion could be unexpectedly retained on the device." The issue was recently reported by 404 Media. The independent news outlet had revealed that the FBI used forensic tools to recover deleted Signal messages from an iPhone. This was done by exploiting the fact that message content was displayed in notifications and stored in a phone's database even after being deleted inside Signal.
Response to issue
Signal asked Apple to fix the issue
Following the revelation, Signal president Meredith Whittaker revealed that the messaging app maker had asked Apple to fix the issue. "Notifications for deleted messages shouldn't remain in any OS notification database," Whittaker wrote on Bluesky. While it is unclear why the content of notifications was logged in the first place, the latest update from Apple indicates it was a bug all along.
Update rollout
Apple has also extended the fix to iOS 18 users
Apple has also extended the fix to iPhone and iPad users still on the older iOS 18 software version. The move comes after privacy activists raised concerns over the FBI's ability to bypass a security feature used by at-risk users daily. Signal, like other messaging apps such as WhatsApp, offers a timer feature that automatically deletes messages after a set period of time.