HN

Need help?
<- Back
Apple fixes bug that cops used to extract deleted chat messages from iPhones

Apple fixes bug that cops used to extract deleted chat messages from iPhones

cdrnsf

Comments (97)

  • dlcarrier
    This was a bug that left it cached on the device. Apple and Google have put themselves in the middle of most notifications, causing the contents to pass through their servers, which means that they are subject to all the standard warrantless wiretapping directly from governments, as well as third-party attacks on the infrastructure in place to support that monitoring.If you don't want end-to-end messages made available to others, set your notifications to only show that you have a message, not what it contains or who its from.
  • 6thbit
    The "bug" discussed in the article is only part of the problem.The main problem, which is notifications text is stored on a DB in the phone outside of signal, is not addressed. To avoid that you have to change your settings.In this case, the defendant had deleted the signal app completely, and that likely internally marks those app's notifications for deletion from the DB, so the bug fixed here is that they were not removing notifications from the local database when the app that generated them was removed, now they do. Impact: Notifications marked for deletion could be unexpectedly retained on the device Description: A logging issue was addressed with improved data redaction. CVE-2026-28950 They classify this as "loggging issue" so it sounds like notifications were not actually in the database itself but ended up in some log.
  • nxobject
    Note that Signal offers the option to use generic “You’ve received messages” notifications - it’s good practice in general.
  • 650REDHAIR
    I’m frustrated that Signal isn’t notifying users about this.I disabled notifications and instead Signal reminded me to re-enable them…
  • random3
    Makes you think what’s the biggest concerns wrt Mythos — is it finding or fixing the vulnerabilities that’s scarier :))
  • modeless
    Oh, I was originally confused about this because I had thought the push notifications were end-to-end encrypted, so they couldn't be cached in readable form by the push notification service, and only decrypted by the app on device upon receiving the notification. But it seems like after the notification was decrypted by the app and shown to the user using OS APIs, the notification text was was then stored by the OS in some kind of notification history DB locally on the device?
  • pixel_popping
    In privacy circles, this was always known, as Google/Apple often sends notification content to their servers (which means that it bypass the App realm).Some people talking about it (different but in the same scope of issue): https://blog.davidlibeau.fr/push-notifications-are-a-privacy...
  • shumatsumonobu
    Apps can't tell iOS "don't keep this notification past display," so the payload just gets cached. Classic "deleted doesn't mean deleted" problem — the data lives in more places than you'd think. Good catch by Signal.
  • itopaloglu83
    Thankfully Apple backported the fix the iOS 18 as well.
  • trinsic2
    I would never rely on a closed system for secure messaging to many unknowns.
  • kippinsula
    every time something like this surfaces I'm reminded how many privacy guarantees end at the app boundary. you can do all the e2e crypto you want, the OS layer is going to do whatever it does with your strings once they hit a render path. probably an unsolvable category of bug as long as notifications need to show readable text somewhere.
  • varun_ch
    This makes me wonder: Cellebrite makes tools for law enforcement to break into iPhones, likely exploiting weaknesses/vulnerabilities. Does Apple buy Cellebrite’s tools and reverse engineer them? Or would they not have a way of acquiring them legally?
  • benjx88
    Anthropic Mythos at work! iOS is so good and well built that only 1 bug was found and those patch. "It's either all a joke ... or none of it is." -Bruce Banner
  • chislobog
    Looking at the detritus in the filesystem on Jailbroken iOS devices you will observe that iOS decides to vacuum, purge, and let linger all sorts of databases and logs until something triggers a cleanup which is usually time or an iCloud sign-out induced erase and subsequent sync. People have been complaining for years about excessive phantom “system storage” and “other data.” Interestingly the photos thumbs database can grow seemingly indefinitely in size for some weeks or more if you’re regularly deleting all of your photos and saving to photos from apps or taking photos. I suspect that there a lot of behavioral data records that is left on most devices until a convenient period of inactivity passes and the possible user behavior analysis and reporting functions of iOS allow whatever cleanup happens after processing on device. It would be useful to capture iCloud backup restores from physical devices to corellium virtual devices with some creative matching of your existing idevices identifiers. Could see what triggers a cleanup during backups, local or otherwise, get a good look at what is being restored from iCloud. I also think it’s possible that iCloud can sync a database, say safari bookmarks, pushing it to the device inducing a state where the device bookmarks are moved to inaccessible tables and left there, unavailable to the end user, but not out of sync with the current active session state. Of course this is just my musing based on observations of weekly ffs extractions of a few devices over the last 5 years.
  • skrtskrt
    It's not new that push notifications should be presumed to be insecure, with their content passing through - and probably persisted - outside the app sandbox and anything in control of in-app encryption.Apple should have fixed this long ago (not that you can trust a closed system), but Signal should also have strong guardrails & warnings around allowing message content in push notifications.
  • maerF0x0
    Cat and Mouse, good. This is the adversarial setup that results in a better outcome for all.
  • unethical_ban
    I wonder if the same flaw exists on Android/GrapheneOS.
  • ghstinda
    I like apple, but would never trust them with privacy. NYPD uses ISMI catchers and other tech. This is a nothing burger or nothing donut.
  • anon
    undefined
  • cubefox
    It is completely unclear from this article whether this means Apple does no longer cache dismissed notifications somewhere.
  • tcfhgj
    bug or backdoor?
  • lynndotpy
    Heads up. They have released an iOS 18 update (good!) but, and please bear the caps:UPDATING IOS WILL ENABLE AUTOMATIC UPDATES TO IOS 26.(Bad!) This is a new shady tactic they're using trying to get iOS 18 users to install iOS 26.
  • aucisson_masque
    > This was because notifications that displayed the messages’ content were also cached on the device for up to a month.Why can't we have notification history just like on Android then. It's very useful when you dismiss a notification you didn't want to, or you look for some old stuff.
  • ashishb
    This has nothing to do with Apple/Firebase notification service.It has to do with the fact that any notification displayed on your device goes via a separate system service which was caching them.It is amusing to see how often people confuse device notifications with Apple notification service.