Post Content Signal app is seen on a smartphone in this illustration taken, July 13, 2021. REUTERS/Dado Ruvic/Illustration/File Photo
Days after a report suggested that a bug on Apple devices had allowed law enforcement officials to extract deleted messages on Signal, the iPhone-maker has issued a patch to fix the issue.
The software update was released on Wednesday, April 22, for all iPhones and iPads, including those running the older iOS 18. Notifications that displayed messages’ content were cached on the device for up to a month as a result of the bug.
Confirming the same, Apple said in a security notice on its website that the bug meant “notifications marked for deletion could be unexpectedly retained on the device.”
Earlier this month, the US Federal Bureau of Investigation (FBI) was found to be able to extract deleted Signal messages from someone’s iPhone using forensic tools, according to a report by independent news outlet 404 Media. This was due to the fact that the content of the messages had been displayed in a notification and then stored inside a phone’s database. Notably, the extracted messages had reportedly been deleted from inside Signal by the user.
Signal is a pioneer of encrypted communications and is regarded as one of the most secure messaging apps currently available on the market. It is widely considered to be a leading easy-to-use, encrypted messaging service among cybersecurity experts, since there are no public reports of hackers intercepting users’ messages in-transit by cracking the platform’s end-to-end encryption protocol.
The messaging app offers a range of privacy-focused features, such as allowing users to set up a timer that instructs the app to automatically delete messages after a set amount of time. This feature is meant for those who want to keep their conversations private in the event that authorities seize their devices.
Also Read | End-to-end encryption: What it is, how it works, and why you need it
Following the 404 Media report, privacy activists raised concerns that the FBI and other law enforcement agencies may be able to bypass the ‘deleted messages’ security feature that is relied on daily by at-risk users.
Story continues below this ad
“Notifications for deleted messages shouldn’t remain in any OS notification database,” Signal president Meredith Whittaker wrote in a post on Bluesky, adding that the software update came after the messaging app-maker had privately asked Apple to address the issue.
These developments have occurred amid broader concerns about trust in end-to-end encryption used by messaging apps such as Signal and WhatsApp, which relies on the same Signal encryption protocol.
A fresh class action lawsuit in the US has alleged that WhatsApp intercepted private user messages despite promising end-to-end encryption, and shared them with third parties, including Accenture. However, the Meta-owned platform dismissed these allegations as “categorically false and absurd,” adding that the underlying Signal protocol is designed to ensure that only the sender and recipient can read messages.
