Your Phone Notifications Reveal More Than You Realize. Here’s How to Lock Them Down

In a recent case, the US Federal Bureau of Investigation was able to pull Signal messages from a defendant's iPhone, despite the messages being set to disappear automatically and the Signal app itself having been deleted from the phone. The trick used by law enforcement? Previews of each incoming Signal message were logged in the notification database kept by iOS.

Even though Signal had deleted the conversations and the app itself was deleted, this database was still available to the FBI's forensics teams. This incident raises concerns for anyone interested in protecting their own privacy. Fortunately, Apple has pushed out an iOS 26.4.2 update that ensures notification logs are properly cleaned up after the notifications have expired.

To protect yourself, make sure your iPhone is updated by checking for software updates under General > Software Update. However, experts say there are still steps you can take to further minimize your risk in similar circumstances. While the FBI is reluctant to provide step-by-step instructions on how it breaks into smartphones and extracts data, reporting by 404 Media and analysis from experts such as cybersecurity specialist Andrea Fortuna provide some insight into what likely happened.

It appears that the FBI's forensics team focused on the database of notifications logged by iOS, rather than breaking Signal's encryption or hacking into any Signal database. Notably, the FBI was only able to extract incoming messages, not outgoing ones, as messages being sent out from a device wouldn't show up in a notification. Given that Apple keeps iOS tightly locked down, it's likely that the analyzed iPhone was unlocked or in an After First Unlock (AFU) state.

When a phone reboots and first presents the lock screen, that's a Before First Unlock (BFU) state, which comes with extra security and encryption measures. However, when you subsequently lock and unlock your phone through the day, that's AFU. Both states show the lock screen and keep your phone protected from unwelcome visitors, but BFU offers additional security features.

This incident serves as a reminder to be mindful of your phone's security and take steps to protect your privacy.