← Back
FBI retrieved deleted Signal messages from iPhone notification storage
Policy
Security
Technology
Strategy
International
🛡️
CVE Intelligence
Loading CVE data...
FBI retrieved deleted Signal messages from iPhone notification storage
A federal courtroom in Texas became the setting for an unexpected cybersecurity lesson when FBI investigators showed they could pull copies of encrypted Signal conversations off a suspect's iPhone, despite the app having been completely wiped from the device. The technique, disclosed during sworn testimony and first reported by 404 Media, relied not on cracking Signal's encryption but on a quieter target: the way Apple's mobile operating system logs and retains notification data at the system level.
The underlying case involved a group accused of launching fireworks at the Prairieland ICE Detention Facility in Alvarado, Texas, during a July incident that also included property destruction and the shooting of a police officer. Defendant Lynette Sharp had earlier pleaded guilty to providing material support to terrorists. The proceedings ended with convictions on multiple counts and were described as the first domestic terrorism designations applied to people identified as "Antifa" following the Trump administration.
On the witness stand, FBI Special Agent Clark Wiethorn walked through digital evidence pulled from Sharp's confiscated iPhone. Exhibit 158 — whose summary was posted online by a group backing the defendants — described how the bureau retrieved message content via Apple's built-in notification storage. Though Sharp had already uninstalled Signal, inbound notification data lingered in the device's internal memory. The recovered material consisted exclusively of messages Sharp received; nothing she sent was part of the dataset. Trial observers and defense lawyer Harmony Schuerman independently verified this account.
The technical explanation centers on how iPhones handle incoming alerts. Each time an app pushes a notification, iOS can log the displayed preview — sender name, message snippet, or both — inside its own system-level databases. Those records belong to the operating system, not to the app. Removing an application wipes its internal files, but the previews that iOS already wrote into its own storage can survive that deletion.
Signal gives users three choices governing what appears in these alerts. "Name and Content" reveals the sender plus a text snippet. "Name Only" identifies the sender while concealing the body of the message. "No Name or Content" strips everything down to a generic ping. Sharp apparently had not activated the most guarded option, so iOS was free to log full previews — and those previews were still on the phone when the FBI examined it.
When contacted by 404 Media, neither Signal nor Apple offered any comment about how the notification system retains or purges this data.
Figuring out exactly how the bureau accessed Sharp's phone is complicated by a lack of public detail about the device's condition at seizure. Apple's mobile OS cycles through distinct security tiers depending on its state. In BFU mode — Before First Unlock, before the owner has typed a passcode following a reboot — nearly all user data stays encrypted and unreachable. Once the passcode has been entered at least once, the phone enters AFU mode (After First Unlock), where select decryption keys persist in memory and more information becomes accessible. An actively unlocked device grants the widest access of all, because the system treats the authenticated owner as present.
Apple's OS keeps a large volume of information cached on-device, counting on this tiered architecture to protect it while keeping it quickly available to the rightful owner.
A separate wrinkle involves the push notification token itself. Deleting an app does not instantly revoke the routing token Apple's servers use to deliver alerts to that app. Because the sending server cannot confirm whether the app still exists on the device after its most recent delivery, it may keep dispatching notifications, and the iPhone independently determines what to do with them.
Apple recently updated the way iOS 26.4 validates these push tokens. Whether that change traces back to this case or is coincidental remains unclear, though the timing has drawn attention.
Based on the Exhibit 158 summary referencing data retrieved via notification storage, one plausible scenario is that the FBI performed an extraction from a device backup. Multiple commercial forensic platforms marketed to law enforcement are capable of exploiting iOS weaknesses to pull protected data, and any such tool could have facilitated the recovery.
The vulnerability is not exclusive to Signal. Every chat app that surfaces message text inside push alerts could leave identical residue in Apple's notification logs, because the behavior originates in how iOS itself manages that data.
End-to-end encryption guards message content while it travels between devices and while it sits inside the app, but it does not extend to what the operating system copies into a notification preview.
Steps to reduce forensic exposure:
- In Signal, go to Settings, then Notifications, and choose "No Name or Content" so iOS has nothing to cache.
- Do the same inside every other chat app used for private conversations — the behavior is baked into iOS, not specific to any single app.
- At the device level, open Settings, tap Notifications, and switch Show Previews to "Never" or "When Unlocked."
- Review additional lock-screen privacy controls to restrict what is visible without authentication.
Investigators needed physical possession of Sharp's iPhone to perform the extraction — remote access to the notification cache is not possible. Once the device was in federal hands, however, the previews logged by iOS became recoverable evidence that outlasted the app responsible for creating them.
A federal courtroom in Texas became the setting for an unexpected cybersecurity lesson when FBI investigators showed they could pull copies of encrypted Signal conversations off a suspect's iPhone, despite the app having been completely wiped from the device. The technique, disclosed during sworn testimony and first reported by 404 Media, relied not on cracking Signal's encryption but on a quieter target: the way Apple's mobile operating system logs and retains notification data at the system level.
The underlying case involved a group accused of launching fireworks at the Prairieland ICE Detention Facility in Alvarado, Texas, during a July incident that also included property destruction and the shooting of a police officer. Defendant Lynette Sharp had earlier pleaded guilty to providing material support to terrorists. The proceedings ended with convictions on multiple counts and were described as the first domestic terrorism designations applied to people identified as "Antifa" following the Trump administration.
On the witness stand, FBI Special Agent Clark Wiethorn walked through digital evidence pulled from Sharp's confiscated iPhone. Exhibit 158 — whose summary was posted online by a group backing the defendants — described how the bureau retrieved message content via Apple's built-in notification storage. Though Sharp had already uninstalled Signal, inbound notification data lingered in the device's internal memory. The recovered material consisted exclusively of messages Sharp received; nothing she sent was part of the dataset. Trial observers and defense lawyer Harmony Schuerman independently verified this account.
The technical explanation centers on how iPhones handle incoming alerts. Each time an app pushes a notification, iOS can log the displayed preview — sender name, message snippet, or both — inside its own system-level databases. Those records belong to the operating system, not to the app. Removing an application wipes its internal files, but the previews that iOS already wrote into its own storage can survive that deletion.
Signal gives users three choices governing what appears in these alerts. "Name and Content" reveals the sender plus a text snippet. "Name Only" identifies the sender while concealing the body of the message. "No Name or Content" strips everything down to a generic ping. Sharp apparently had not activated the most guarded option, so iOS was free to log full previews — and those previews were still on the phone when the FBI examined it.
When contacted by 404 Media, neither Signal nor Apple offered any comment about how the notification system retains or purges this data.
Figuring out exactly how the bureau accessed Sharp's phone is complicated by a lack of public detail about the device's condition at seizure. Apple's mobile OS cycles through distinct security tiers depending on its state. In BFU mode — Before First Unlock, before the owner has typed a passcode following a reboot — nearly all user data stays encrypted and unreachable. Once the passcode has been entered at least once, the phone enters AFU mode (After First Unlock), where select decryption keys persist in memory and more information becomes accessible. An actively unlocked device grants the widest access of all, because the system treats the authenticated owner as present.
Apple's OS keeps a large volume of information cached on-device, counting on this tiered architecture to protect it while keeping it quickly available to the rightful owner.
A separate wrinkle involves the push notification token itself. Deleting an app does not instantly revoke the routing token Apple's servers use to deliver alerts to that app. Because the sending server cannot confirm whether the app still exists on the device after its most recent delivery, it may keep dispatching notifications, and the iPhone independently determines what to do with them.
Apple recently updated the way iOS 26.4 validates these push tokens. Whether that change traces back to this case or is coincidental remains unclear, though the timing has drawn attention.
Based on the Exhibit 158 summary referencing data retrieved via notification storage, one plausible scenario is that the FBI performed an extraction from a device backup. Multiple commercial forensic platforms marketed to law enforcement are capable of exploiting iOS weaknesses to pull protected data, and any such tool could have facilitated the recovery.
The vulnerability is not exclusive to Signal. Every chat app that surfaces message text inside push alerts could leave identical residue in Apple's notification logs, because the behavior originates in how iOS itself manages that data.
End-to-end encryption guards message content while it travels between devices and while it sits inside the app, but it does not extend to what the operating system copies into a notification preview.
Steps to reduce forensic exposure:
- In Signal, go to Settings, then Notifications, and choose "No Name or Content" so iOS has nothing to cache.
- Do the same inside every other chat app used for private conversations — the behavior is baked into iOS, not specific to any single app.
- At the device level, open Settings, tap Notifications, and switch Show Previews to "Never" or "When Unlocked."
- Review additional lock-screen privacy controls to restrict what is visible without authentication.
Investigators needed physical possession of Sharp's iPhone to perform the extraction — remote access to the notification cache is not possible. Once the device was in federal hands, however, the previews logged by iOS became recoverable evidence that outlasted the app responsible for creating them.