Your Phone Notifications Reveal More Than You Realize. Here’s How to Lock Them Down

You whitethorn have spotted the caller lawsuit of the US Federal Bureau of Investigation pulling Signal messages from a defendant's iPhone, adjacent though the messages were acceptable to vanish automatically, and the Signal app itself had been deleted from the phone.

The instrumentality utilized by instrumentality enforcement? Previews of each incoming Signal connection were logged successful the notification database kept by iOS. Even though Signal had deleted the conversations, and Signal itself was deleted, this database was inactive disposable to the FBI's forensics teams.

There is immoderate bully news: Apple has pushed retired an iOS 26.4.2 update that makes definite notification logs are decently cleaned up aft the notifications person expired. Make definite your iPhone is updated (via General > Software Update) and you should beryllium protected against this benignant of intrusion.

Still, the events are concerning for anyone funny successful protecting their ain privacy. And adjacent though Apple has improved iOS’s housekeeping, determination are steps you tin instrumentality to further minimize your hazard successful akin circumstances.

What Did the FBI Do?

Unsurprisingly, the FBI is reluctant to supply step-by-step instructions for however it breaks into smartphones and extracts data. Nevertheless, done reporting by 404 Media and investigation from experts specified arsenic cybersecurity specializer Andrea Fortuna, we tin marque immoderate educated guesses astir what happened.

What seems wide is that the forensics squad didn't interruption Signal's encryption, oregon hack into immoderate Signal database, but focused its attraction connected the database of notifications logged by iOS. It's notable that the FBI could lone extract incoming messages alternatively than outgoing ones, due to the fact that messages being sent retired from a instrumentality wouldn't amusement up successful a notification.

Given that Apple keeps iOS beauteous tightly locked down, it seems apt that the analyzed iPhone was unlocked, oregon astatine slightest successful an After First Unlock (AFU) state. When a telephone reboots and archetypal presents the fastener screen, that's a Before First Unlock (BFU) state—but erstwhile you subsequently fastener and unlock your telephone done the day, that's AFU.

Both states amusement the fastener surface and support your telephone protected from unwelcome visitors, but BFU comes with immoderate other information and encryption measures. It's 1 of the reasons Android phones present auto-reboot if they haven't been utilized for 3 days—because that precise archetypal unlock surface aft a restart is somewhat much secure.