Apple notification cache flaw allows FBI access to encrypted chats

The Federal Bureau of Investigation successfully extracted deleted Signal messages from an iPhone by exploiting a vulnerability within Apple’s iOS notification system, rather than breaking the app’s encryption.

Documents unsealed in a Texas federal court on 9 April 2026 revealed that forensic examiners accessed a notification cache that resides outside Signal’s secure environment.

This database was found to be "unexpectedly retaining" readable previews of messages, even after users had enabled disappearing message settings or deleted the application entirely.

The discovery surfaced during an investigation into a July 2024 attack on the Prairieland ICE Detention Facility.

Forensic experts discovered that the iOS software was quietly caching metadata and message snippets, which remained on the physical hardware long after the conversations were supposedly erased.

Apple has since addressed the flaw in its latest security update, acknowledging a bug that led to notifications being "unexpectedly retained on the device."

Signal also confirmed it had updated its software to mitigate the risk, asserting that the underlying encryption remained secure throughout the process.

Signal President Meredith Whittaker had previously voiced concerns in 2023, arguing that OS-level caches should never store sensitive message previews.

Telegram co-founder Pavel Durov added that the incident proves end-to-end encryption only protects data during transmission, not how an operating system handles metadata upon receipt. 

This case highlights a critical "last mile" security gap where hardware-level storage can undermine encrypted communication.

Signal remains the primary choice for whistleblowers, though experts now recommend disabling notification previews entirely for maximum privacy during high-stakes digital interactions.