alt.hn

4/10/2026 at 11:29:04 AM

FBI used iPhone notification data to retrieve deleted Signal messages

 https://9to5mac.com/2026/04/09/fbi-used-iphone-notification-data-to-retrieve-deleted-signal-messages/

by 01-_-

4/10/2026 at 4:17:35 PM

Putting on my user hat...

"OK. Signal has forward secrecy. So messages are gone after I receive them. Great!"

Oh, you didn't turn on disappearing messages? Oh, right, then forensic tools like Cellebrite can get them. You have to turn on disappearing messages. The default is off.

Oh, you did turn on disappearing messages? We send the messages in notifications. So the OS can keep them. Turns out Apple was doing that. There is an option you can turn on to prevent that. It is off by default.

"I'll just delete the entire app!" No, sorry, the OS still has your messages...

At what point does the usability get so bad that we can blame the messaging system?

This same app had a usability issue that turned into a security issue just last year:

End to End Encrypted Messaging in the News: An Editorial Usability Case Study (my article)

https://articles.59.ca/doku.php?id=em:sg

by upofadown

4/10/2026 at 6:14:21 PM

I think one of the main issues is that end-to-end message encryption is a sham as long as backups are not encrypted. I could have good device security, but if the person I'm talking to does not use ADP, iMessage and WhatsApp messages get backed up with only at-rest encryption (I think Signal opts out of standard iOS backups) and possibly the same for backups of the iPhone notification database (which the article suggests as a possibility).

Similarly on Android, WhatsApp suggests unencrypted backups to Google Drive by default.

Putting on my tinfoil hat, I am pretty sure that Google/Apple/Meta have some deal (successor to PRISM) where end-to-end encrypted messaging is tolerated as long as they have defaults that make it possible to access chats anyway. Apple not enabling ADP by default and WhatsApp doing Google Drive backups that are not end-to-end encrypted is the implementation. Since most people just use the defaults, it undermines security of people who care.

It's a 'win-win', the tech companies can wash their hands in innocence, the agencies get access to data, and phone users believe that they are chatting in a secure/private manner.

by microtonal

4/10/2026 at 6:28:59 PM

"end-to-end message encryption is a sham as long as" -- I agree with that but would add even more caveats. If someone can't list those caveats off the top of their head they shouldn't be pretending they aren't able to communicate securely.

Just look at Salt Typhoon, every single person should be way more paranoid than they are, including government & agency officials. The attach surface and potential damage - financial and reputation - will only get worse with AI automation and impersonation, and that's for people who are doing nothing interesting and are law abiding citizens.

by AJ007

4/10/2026 at 7:28:47 PM

Given the shoddy state of network security at large, especially on infrastructure projects (power plants, hospitals, dams, etc.) I always feel like major governments sit on so destructive potential to disrupt communications and anything connected to the Internet of its adversaries to have mutual assured destruction potential of a nuclear bomb.

No one’s crazy enough to push that button, because once you do there is no turning back.

by sph

4/10/2026 at 8:48:48 PM

I have often wondered about this exact situation. Like there are many instances of companies who depend on keeping their network secure and are actively taking preventative measures to keep their network safe that end up getting hacked. So surely there has to have been infiltration to some of the critical infrastructure keeping cities running. Why don't we hear more about it?

by 14

4/10/2026 at 10:48:20 PM

Only semi-conscientious companies will even KNOW they were compromised.

Suspect the rest are either not even looking and/or the attackers removed all their traces before anyone could possibly see.

When was the last time YOU inspected the authorization logs in systemd or the event log in Windows on your personal computer…

In Windows Defender we trust…

by BobbyTables2

4/10/2026 at 6:49:09 PM

I mean the Hungarian minister of Foreign Affairs briefed Lavrov on internal EU matters and there are recordings of one or more calls. It seems that opsec is bad at pretty much every level.

by microtonal

4/10/2026 at 8:05:54 PM

We’re already forgetting when the Secretary of War invited a journalist to the secret SIGNAL group chat

by alfiedotwtf

4/10/2026 at 6:59:43 PM

Signal data is not backed up, they have a local backup solution and an in-app e2e cloud backup for $2/month.

by tapoxi

4/11/2026 at 3:54:35 PM

The backup is free for text and something like 60 days of media. You only have to pay to backup all media.

by DeathMetal3000

4/10/2026 at 8:04:26 PM

This is what I’ve always hated with Apple Time Machine, which I think MUST have been deliberate:

    - create an encrypted disk
    - install Mac OS on the encrypted disk
    - use Time Machine to back it up with encrypt turned on
All good so far. Ok, time to restore:

    - Restore from Time Machine
    - enjoy your PLAIN TEXT install :poo:

by alfiedotwtf

4/10/2026 at 9:09:55 PM

This isn't really an issue anymore. All M series Macs (and T2?) are always encrypted by default.

by pxeboot

4/10/2026 at 10:25:14 PM

> the tech companies can wash their hands in innocence

Hostile defaults, not just in tech, is how Western liberal soft power often works. They can always claim "hey, you have the choice", but they know very well most people won't even know they have the choice, or is it so cumbersome or costly to move away from the hostile defaults - and stay that way - that in practice, the effect is the same as if you lived in a totalitarian regime. The difference is that you can keep believing in the deception of "freedom" in a Western liberal society; in a totalitarian regime, you are much more likely to know you've got a jackboot on your throat, because there is one.

What is needed isn't radical liberal atomistic individualism which rationalizes the antisocial war of all against all that rewards raw might. You won't find freedom there. You need a culture of respect of and sense of duty toward the authentic common good, backed by moral authority, where authority is power + justice.

by lo_zamoyski

4/10/2026 at 5:24:42 PM

People keep pushing signal because it is supposedly secure. But it runs on platforms that are so complex with so much eco system garbage that there is no way know even within a low percentage of confidence if you've done everything required to ensure you are communicating just with the person you think you are. There could be listeners at just about every layer and that is still without looking at the meta-data angle which is just as important (who communicated with who and when, and possibly from where).

by jacquesm

4/10/2026 at 6:27:47 PM

I've raised concerns about the Signal project whitewashing risks such as keyboard apps or the OS itself, and the usual response is that it's my fault for using an untrustworthy OS and outside Signal's scope.

At some point there need to be a frank admission that ETE encrypted messaging apps are just the top layer of an opaque stack that could easily be operating against you.

They've made encryption so slick and routine that they've opened a whole new vector of attack through excessive user trust and laziness.

Encrypting a message used to be slow, laborious and cumbersome; which meant that there was a reticence to send messages that didn't need to be sent, and therefore to minimise disclosure. Nowadays everything is sent, under an umbrella of misplaced trust.

by dingaling

4/10/2026 at 6:24:10 PM

There is nothing secure about sending encrypted content to notifications. If it were secure, it would only notify that there is a message, with no details included.

by OutOfHere

4/10/2026 at 7:43:12 PM

> If it were secure, it would only notify that there is a message, with no details included.

You're right. This is configurable via settings, but is not the default state.

That said: if I can get friends and family to use Signal instead of iMessage, that gives me the opportunity to disable those notifications and experience more security benefits.

But I agree with your point: most people think that Signal is bulletproof out of the box, and it's clearly not.

by david_shaw

4/11/2026 at 6:18:26 PM

You only control one side of any conversation.

by jacquesm

4/10/2026 at 6:45:08 PM

Once again there is a trade off between security and user convenience.

If security is the main differentiator then app should start in the most secure mode possible. Then allow users to turn on features while alerting them to the risks. Or at least ask users at startup whether they want "high sec mode" or "convenient mode".

As the app becomes more popular as a general messaging replacement, there will be a push towards greater convenience and broad based appeal, undermining the original security marketing as observed here.

by anon84873628

4/11/2026 at 8:11:49 PM

Exactly, but, sooner or later the cost of support overcomes the need for security, that's what is driving this. Popularity is the main reason signal is now less secure than it was in the past.

by jacquesm

4/10/2026 at 5:05:20 PM

The median user isn't going to change default settings, so your app is as secure as whatever the default it.

by DevX101

4/10/2026 at 6:28:17 PM

Even if I change the setting, my messages aren't truly secure against this unless all recipients do the same on all of their devices.

by stvltvs

4/11/2026 at 3:39:44 AM

We send the messages in notifications. So the OS can keep them. Turns out Apple was doing that. There is an option you can turn on to prevent that. It is off by default.

At least on my iPhone the default is to preview messages only when unlocked [0]. This user went out of their way to show previews in a locked state which meant it was vulnerable by digital acquisition without unlock code.

[0] https://files.catbox.moe/3gwjoy.png

by commandersaki

4/11/2026 at 5:13:17 PM

That doesn’t solve the problem. You have to configure Signal to not send the information in the notification.

by eggnet

4/11/2026 at 10:03:02 PM

“We learned that specifically on iPhones, if one’s settings in the Signal app allow for message notifications and previews to show up on the lock screen, [then] the iPhone will internally store those notifications/message previews in the internal memory of the device,” a supporter of the defendants who was taking notes during the trial told 404 Media

Doesn't indicate this is an issue when you have it set to preview when unlocked.

by commandersaki

4/10/2026 at 7:54:43 PM

> Oh, you did turn on disappearing messages? We send the messages in notifications. So the OS can keep them.

Worse than that, they did not take advantage of the ability to send that message data as an encrypted payload inside the notification.

https://blog.davidlibeau.fr/push-notifications-are-a-privacy...

Either do not include sensitive user data inside a notification by default, or encrypt that data before you send it to the notification server.

by GeekyBear

4/10/2026 at 8:43:55 PM

Signal developer here. Our FCM and APN notifications are empty and just tell the app to wake up, fetch encrypted messages, decrypt them, and then generate the notification ourselves locally.

by greysonp

4/10/2026 at 9:50:37 PM

That's certainly a better state of affairs.

So you just need to fix the default setting and not display the message text in notifications to prevent this issue in the future?

by GeekyBear

4/10/2026 at 6:01:48 PM

Use SimpleX if you really want a secure messenger. Endorsed by Whonix, which in endorsed by Snowden.

https://www.whonix.org/wiki/Chat#Recommendation

by dist-epoch

4/12/2026 at 7:54:50 AM

> endorsed by Snowden.

Who is endorsed by the Russian government

by wqaatwt

4/11/2026 at 1:11:24 AM

SimpleX has the same problem with notifications. You still have to properly configure it. Opsec is hard.

by bladeacidic

4/11/2026 at 12:51:57 PM

If the encryption security isn’t a freaking pain in every ass in the Tri county area, it’s not secure.

That’s been my go-to and I’ve yet to see it not work.

by bombcar

4/10/2026 at 8:02:06 PM

0) send a public key. 1) encrypt the file with your private key 2) send file.

WTF. This is super simple stuff.

by ransom1538

4/10/2026 at 9:58:59 PM

3) recipient stores decrypted content in plain text and backs that up in well-known cloud storage systems

by amethyst

4/10/2026 at 12:18:17 PM

Settings > Notifications > Notification Content > Show: "Name Only" or "No Name or Content"

I've had this enabled to prevent sensitive messages from appearing in full whilst showing someone something on my phone, but I guess this is an added benefit as well.

by jonpalmisc

4/10/2026 at 12:40:36 PM

Just to clarify, this is within the Signal app settings—not the OS (iOS or Android) system settings.

Critical distinction, as merely changing OS notification settings will simply prevent notification content from being displayed on-screen.

by nickburns

4/10/2026 at 1:23:02 PM

Wait so if I do iOS setting notifications > never show previews it’s still caching them in the background? Unencrypted?

by hammock

4/10/2026 at 1:23:39 PM

Yes. And technically, from a privacy perspective, it's even worse than that. What's additionally happening is they're still 'syncing' back to Apple servers via APNS (and to Alphabet servers via Firebase on Android)—even with notifications completely disabled, that's correct.

If the app generates them, the OS receives them. That's why the Signal app offers this setting.

by nickburns

4/10/2026 at 1:45:08 PM

>it's even worse than that. What's additionally happening is they're still 'syncing' back to Apple servers via APNS (and to Alphabet servers via Firebase on Android)—even with notifications completely disabled, that's correct.

Source? I don't think either OS implements notification syncing between devices, it's only one way, and as others have mentioned, the actually push notification doesn't contain any message content, only an instruction for signal to fetch and decrypt the message.

by gruez

4/10/2026 at 3:09:05 PM

> I don't think either OS implements notification syncing between devices

Can't speak for iOS and no idea if this relates to the above functionality, but Pixel lets you deduplicate notifications across Pixel devices.

by dataflow

4/10/2026 at 5:02:08 PM

> I don't think either OS implements notification syncing between devices

iOS does. This is how you can receive Signal notifications on your Apple Watch and other Apple devices that don’t have the app installed.

by pxeboot

4/10/2026 at 2:04:10 PM

This sounds correct. When I implemented push notifications for an iPhone application, I remainder needing to obtain a store a separate token for each device a user has, and subscribing to a feed of revoked delivery tokens. Seemed like an interesting design intended to facilitate E2E encryption for push notifications.

by schrodinger

4/10/2026 at 4:17:34 PM

I do wonder how notifications that are synced/mirrored to the Apple Watch and newer versions of Mac are handled.

by jerlam

4/10/2026 at 2:14:46 PM

Wait... why does Signal need to send notification content to Firebase to trigger a push notification on device? I would instead expect that Signal would send a push to my Android saying nothing more than "wake up, you've got a message in convo XYZ", then the app would take over and handle the rest of it locally.

I also didn't realize that Android stores message history even after I've replied or swiped them away. That's nuts - why!?

by aftbit

4/10/2026 at 2:39:09 PM

Signal does NOT send notification content througth APN/Firebase, their push notification is literaly a ping as you expected.

Source: https://mastodon.world@Mer__edith/111563866152334347 (Meredith Whittaker is the current CEO of Signal)

I can't link you rigth now to the actual code on their repo but it is verifiable.

by llacane

4/10/2026 at 2:21:56 PM

If your app needs to send a notification while it's not currently a running process, it must go through Firebase on Google's side and APNS on Apple's side. There is no way for a non running app to send a notification entirely locally, this is by design of both companies.

by satvikpendem

4/10/2026 at 2:56:41 PM

Signal developer here. Not entirely sure what you're saying. I'm only an Android guy, but FCM messages are certainly one trigger that can allow an app process to run, but it's not the only trigger. You can schedule system alarms, jobs, etc. And the notification does not need to be provided by the FCM message. In our case, the server just sends empty FCM messages to wake up the app, we fetch the messages ourselves from the server, decrypt them, and build the notification ourselves. No data, encrypted or otherwise, is ever put into the FCM payloads.

by greysonp

4/10/2026 at 4:01:24 PM

Sure but it needs to go through Firebase regardless of the content of the notification message, I do not believe there is a way to use a third party notification service which does not depend on Firebase.

by satvikpendem

4/10/2026 at 7:06:50 PM

It doesn't. The API for displaying a notification is purely local.

Receiving a ping from Firebase Cloud Messaging triggers the app to whatever it does in order to display its notification. In the case of Signal, that probably means something like fetching the user's latest messages from the server, then deciding what to show in the notification based on the user's settings, metadata, and message content.

Here's example code for using FCM to show a notification. In this case, the notification content also passes through FCM, but Signal does not do that. https://www.geeksforgeeks.org/android/how-to-push-notificati...

by Zak

4/10/2026 at 7:24:55 PM

Sorry I should clarify, by "it" I meant any sort of ping must go through Firebase Cloud Messaging, not that the message content itself goes through Firebase.

Looks like there is a way to bypass Firebase by using something like UnifiedPush which runs a perpetual background process that acts similar to Google Play Services to pick up notifications from the server and calls the local notification API.

by satvikpendem

4/10/2026 at 7:53:42 PM

It's theoretically possible to just keep an app running in the background all the time and periodically poll a server.

That's unreliable though since some OEM Android builds will kill it for that even if the user disables battery optimizations. Those OEMs sort of have a point; if lots of apps did that it would drain the battery fast.

by Zak

4/10/2026 at 7:57:04 PM

Then that's basically what I said right? That there is in practice no way to opt out of using Firebase if you want consistent notifications.

by satvikpendem

4/10/2026 at 10:26:27 PM

Not clear what your point is. The Signal server wakes up the app via an empty message. At most the info this conveys is that a Signal app got a message to pull.

by lolc

4/10/2026 at 10:37:52 PM

My point is there is no reasonable way to remove oneself from Google and Apple even with a fully custom application, they control the notification servers for their devices.

by satvikpendem

4/12/2026 at 11:50:33 AM

Yea sorry I didn't follow the thread properly.

by lolc

4/10/2026 at 5:58:30 PM

When running Signal without google play services, Signal reliably received push notifications and with minimal battery drain.

by eptcyka

4/10/2026 at 9:36:49 PM

Do you have microG? That provides a compatibility layer for FCM.

by satvikpendem

4/11/2026 at 9:22:39 AM

No, my intention was to not touch google services.

by eptcyka

4/10/2026 at 5:44:42 PM

Any application can send notifications without going through a server.

by gertop

4/10/2026 at 9:36:06 PM

How? I'm not talking about an application backend server but a notification server which Google and Apple have for all apps. I'm not sure besides polling or having a persistent connection to send notifications to an app while that app is not running.

by satvikpendem

4/10/2026 at 2:37:26 PM

> […] this is by design of both companies.

This is more of a fundamental technical limitation of operating systems and networks; I don't think it is possible to design distributed communication between arbitrary service provider infrastructure and end-user devices without an always-online intermediary reachable from anywhere (a bouncer, in IRC terms) that accepts messages for non-present consumers.

by 9dev

4/10/2026 at 2:42:59 PM

Yes, however the fact that it is not customizable is what is annoying, you are forced to rely only on the OS makers' implementations, which I guess should be expected in the day and age.

by satvikpendem

4/10/2026 at 5:27:16 PM

It sounds like you’re hinting at being unhappy with the lock-in forced by the ecosystem.

The flip side of the coin: any possibly avenue to exfiltrate data and do (advertising) tracking by app developers will be used. The restrictions also protect my privacy.

And my phone battery.

by fn-mote

4/10/2026 at 5:30:20 PM

Clearly they don't protect your privacy as evidenced by the post we're commenting on.

by satvikpendem

4/10/2026 at 2:32:25 PM

> this is by design of both companies.

I’ll note that whatever other reasons it’s also the only way to make this battery efficient. Having a bunch of different TCP connections signaling events at random times is not what you want.

Ideally the app also is responsible for rendering rather than having to disclose the message but that can be challenging to accomplish for all sorts of reasons).

by vlovich123

4/10/2026 at 2:45:31 PM

But there is a way to do this encrypted, so that when the notification is received on your iPhone, the process itself needs to decrypt it.

Except you need an entitlement for that, because it requires that your app has the ability to receive a notification without actually showing it (Apple checks this).

Your app gets woken up, decrypts the message, and then shows a local notification.

by OptionOfT

4/10/2026 at 7:30:35 PM

Android doesn't store message history unless you explicitly enable that feature and neither does Signal send message content to Firebase.

You're angry about a huge amount of outright misinformation here.

by izacus

4/10/2026 at 2:10:09 PM

With notifications disabled APNS push notifications fail for the sending app backend. The device id is rendered invalid if push notifications are disabled at any point. Backends are supposed to handle this and quit sending messages.

Signal has this setting to tell the backend how much information to put into the push message. It can tell the backend to send a simple notification saying “new message” and not send information through APNS or enable it.

I am willing to bet Signal has a notification extension to handle edge cases where there is lag in settings to scrub the message metadata before it dings a screen alert.

by kmbfjr

4/10/2026 at 2:34:37 PM

Any idea if this works the same or differently for Hidden apps specifically?

Normally no notifications are shown for hidden apps, and even if you unhide the apps, prior notifications which were sent do not reappear IIRC. I'm curious if notifications like that are still hitting the phone into the notifications database, or get silently dropped, or something else.

by tayk47999

4/10/2026 at 8:16:21 PM

Sad to think there is a PostIt note somewhere in Virginia and written on it is a box labelled Signal, with an arrow pointing to a box labelled Apple servers, followed by a smirking smiley face pointing between the boxes with the message “encryption added and removed here”

by alfiedotwtf

4/10/2026 at 1:50:00 PM

yes, since apple doesn't control the content of the pushes it is sent by application backends. that can only be controlled within each app

by namdnay

4/10/2026 at 1:10:20 PM

Signal should switch the default to being less verbose.

by JumpCrisscross

4/10/2026 at 4:51:02 PM

They should also signal your counterparty's security posture.

Basically, give you a heads up that the other side has settings that make the system less secure.

by avidiax

4/10/2026 at 6:08:08 PM

I'd prefer the receiving end looks at sender's metadata on the message, and uses that to determine where the line is between recipient-convenience and betrayal.

I suppose you could do both, but "Hey I've got something extra important to send you, but it says need to change your settings first please hurry" seems worse than "sometimes I don't get full notifications on my watch, weird."

by Terr_

4/10/2026 at 1:33:31 PM

The default should be "No name or content".

by nickburns

4/10/2026 at 2:40:06 PM

Name only strikes me as a fairer compromise between security and usability.

by JumpCrisscross

4/10/2026 at 3:02:07 PM

I thought name-only was the default.

by loeg

4/10/2026 at 3:06:02 PM

> I thought name-only was the default

At least for me, it was name and content.

by JumpCrisscross

4/10/2026 at 3:33:47 PM

I may be misremembering, or it may have changed; I've been using Signal from the early days.

by loeg

4/10/2026 at 8:32:26 PM

No it shouldn't. That makes the UX much worse, just to guard against the 0.00001% case where the FBI seizes your iPhone.

by stavros

4/10/2026 at 4:01:08 PM

Not really, that would discourage use by normies.

by iknowstuff

4/10/2026 at 1:38:08 PM

users should switch to simpleX

by fragmede

4/10/2026 at 3:16:58 PM

When you put it up against each other it makes perfect sense, but I would never have thought about it in that way!

Thank you for adding this to the conversation.

by wodenokoto

4/10/2026 at 12:33:27 PM

Fwiw, in my Signal app on Android this setting is in

Settings > Notifications > Messages > Show

by jhalstead

4/10/2026 at 1:09:30 PM

My Samsung also keeps a history of notification content. Under Settings->Notifications ->Advanced -> Notification History

by wolvoleo

4/10/2026 at 1:21:31 PM

However, if this is important to you then you want Signal to stop telling Android to make the notifications. If it doesn't exist nobody will accidentally make it available.

Deleting that history is good to know about after the fact, but preferably lets just not create the problem.

by tialaramex

4/10/2026 at 6:16:49 PM

I need the notifications though.

But you can set them without content. That actually works with signal because all it sends through Google Firebase is a notification to wake up the app. If you have the content turned on the app basically fills the content in the notification locally. But you can turn that off.

by wolvoleo

4/10/2026 at 6:03:52 PM

I allway say it: it is the defaults, stupid (paraphrasign).

The Defaults have to be the most sensitive ones.

If you are a supposed super secure app, this should be the default.

by kwanbix

4/10/2026 at 1:40:46 PM

Disable Apple Intelligence summaries for sensitive app notifications too.

by cdrnsf

4/10/2026 at 1:42:34 PM

Given the quality of the summaries, you might want to keep them just for plausible deniability </s>

by huxley

4/10/2026 at 12:38:05 PM

I guess enabling Lockdown mode might avoid this particular issue too, together with a bunch of other stuff?

by embedding-shape

4/10/2026 at 12:50:02 PM

Why would lockdown mode prevent this? I have lockdown mode on but that doesn't automatically make my notifications private.

by everdrive

4/10/2026 at 1:36:41 PM

Lockdown mode would prevent access to the data in theory.

But most likely (pure speculation mind you), this was a case of someone handing over the phone for review and where cooperating.

It might have been that they deleted signal some time ago, or even deleted signal and then handed over the phone.

It's notable that the data wasn't recovered from signals storage (was the data securely erased or that kind of recovery not attempted?).

by rustyhancock

4/10/2026 at 1:17:39 PM

It's a mode of the phone that is supposed to prevent cyber attacks, more so than "normal mode" I suppose, since it's supposed to limit features in the name of security. This seems like a variant of such attack, so seems like it should protect against it

by embedding-shape

4/10/2026 at 1:27:53 PM

There is a documented list of things that Lockdown Mode affects [1], this is not one of the advertised ones. There are a bunch of other (undocumented) things it affects (some of which are bugs :/), but I don't believe it has any affect on notification storage.

[1] https://support.apple.com/en-us/105120

by jonpalmisc

4/10/2026 at 1:53:18 PM

Mostly it seems the documentation is vague. Is there anything clearer than this?

> Web browsing: Certain complex web technologies are blocked, which might cause some websites to load more slowly or not operate correctly. In addition, web fonts might not be displayed, and images might be replaced with a missing image icon.

by normie3000

4/10/2026 at 1:09:02 PM

Maybe it should.

by giancarlostoro

4/10/2026 at 3:25:06 PM

This seems to be the default for me, at least on Android.

by Night_Thastus

4/10/2026 at 3:37:13 PM

Android also supports custom encrypted payloads so Signal doesn't have to give them to Google.

by izacus

4/10/2026 at 3:44:02 PM

WhatsApp supports this too.

Settings > Notifications > Show preview

by echelon_musk

4/10/2026 at 4:59:15 PM

Originally enabled it just to avoid awkward moments

by SwtCyber

4/10/2026 at 12:00:07 PM

First, a critical setting for Signal users:

"Signal’s settings include an option that prevents the actual message content from being previewed in notifications. However, it appears the defendant did not have that setting enabled, which, in turn, seemingly allowed the system to store the content in the database."

Second, how can I see this notification history?

by chasil

4/10/2026 at 12:27:14 PM

Not sure if it's exactly the same, but I had to add a When notification arrives with <message>, do <action> event trigger in my Crank macOS app (https://lowtechguys.com/crank) so I can show you how to do it on macOS:

      HOURS=6
      EPOCH_DIFF=978307200
      SINCE=$(echo "$(date +%s) - $EPOCH_DIFF - $HOURS * 3600" | bc)

      sqlite3 ~/Library/Group\ Containers/group.com.apple.usernoted/db2/db \
        "SELECT r.delivered_date, COALESCE(a.identifier, 'unknown'), hex(r.data)
        FROM record r
        LEFT JOIN app a ON r.app_id = a.app_id
        WHERE r.delivered_date > $SINCE
        ORDER BY r.delivered_date ASC;" \
      | while IFS='|' read -r cfdate bundle hexdata; do
          date -r $(echo "$cfdate + $EPOCH_DIFF" | bc | cut -d. -f1) '+%Y-%m-%d %H:%M:%S'
          echo "  app: $bundle"
          echo "$hexdata" | xxd -r -p > /tmp/notif.plist
          plutil -p /tmp/notif.plist 2>/dev/null \
            | grep -E '"(titl|title|subt|subtitle|body|message)"' \
            | sed 's/^  */  /'
          echo "---"
      done
Basically, notifications are in an sqlite db at ~/Library/Group Containers/group.com.apple.usernoted/db2/db and are stored as plist blobs.

In recent years, filesystem paths for system services have started to converge for both macOS and iOS so I'm thinking with jailbreak you could get read access to that database and get the same data out of it.

by alin23

4/10/2026 at 12:34:47 PM

On android there are apps that let you see the history - i use NotiStar occasionally to see if i unwittingly dismissed important notifications. And i believe there are apps/settings that help you clear the history from the device.

But this is a reminder that these centralized notification infrastructure (FCM and APNs) store notification content (if the app is told to send content in it - signal with option enabled wouldn't send content) even if we clear local history these middleman still hold it

by 627467

4/10/2026 at 1:00:24 PM

On Lineage Android, i see: Settings / Notifications / Notification History.

If you drop a settings widget on your home screen, it will let you choose a specific area, including notifications.

I don't know if the output is the complete database.

by chasil

4/10/2026 at 12:30:56 PM

On a Pixel, I can see some history by going to

Android > Settings > Notifications > Manage > Notification History

by jhalstead

4/10/2026 at 1:38:14 PM

Yes, mine (the history option) is turned off. Nice opt in implementation.

by seb1204

4/10/2026 at 2:21:42 PM

Wasn't sure if it was the Pixel or GrapheneOS, but what a relief to actually be covered in one of these weird 0day issues.

Unrelated to the OP, but I bet the thousands of "exploits" that Claude Mythos has identified already are a lot of these kind of things that regular people would never think about.

by arvid-lind

4/10/2026 at 2:41:49 PM

So I wonder about this. The quote from the 404 media article [0] is:

“We learned that specifically on iPhones, if one’s settings in the Signal app allow for message notifications and previews to show up on the lock screen, [then] the iPhone will internally store those notifications/message previews in the internal memory of the device,” a supporter of the defendants who was taking notes during the trial told 404 Media

The default setting appears to be to only show notification preview when unlocked. Will that notification still be stored unencrypted in notification storage or is it in an encrypted store because it will preview after unlock?

It makes sense that any notification that previews on the lock screen would be unencrypted (including the case where it is encrypted but the encryption key is adjacently stored).

This all reads to me that this was a user induced OPSEC issue and Signal had the right defaults.

[0] https://archive.is/bSQhD#selection-619.0-622.0

by commandersaki

4/10/2026 at 5:02:25 PM

I think that’s a little nutty. People go to signal for secure messaging. That’s their entire brand. An insecure by default setting is the wrong setting, even if it nets them a lot of tech illiterate users. Compromising the security of the system defeats the entire point of using Signal instead of some other messenger.

By this logic, you, me, and everyone else using the defaults are using bad opsec. Doesn’t that strike you as problematic?

by sillysaurusx

4/10/2026 at 7:20:36 PM

I posted this elsewhere and I said this in my post, but the default setting is actually not the insecure one: https://files.catbox.moe/3gwjoy.png (supposing that previews are stored encrypted when locked which is what the 404media passage implies and nothing to say to the contrary).

This user went out of their way to show previews on the lock screen, that is an OPSEC failure, even if you do not consider the acquisition of the messages digitally.

by commandersaki

4/10/2026 at 5:53:10 PM

"Security" is not a binary, but a spectrum along which there are various tradeoffs. The vendor attempts to select the best configuration for its average/median user, and that's almost by definition not going to be the most secure configuration (see: tradeoffs).

I do think there should be some UI somewhere that allows for locking all things down to the most secure configuration possible.

by amazingman

4/10/2026 at 1:22:20 PM

On android its quite easy. There is a page of a protocol address that has all notifications show. I used to have a shortcut to it. It has been years since I was on android.

But it was really useful each time I did not see a notification in time.

Edit: typo

by nashashmi

4/10/2026 at 1:36:57 PM

> I used to have a seizure to it.

Hopefully, you meant to write "shortcut"...

by tsimionescu

4/10/2026 at 2:24:52 PM

Yes! Thanks.

by nashashmi

4/10/2026 at 5:03:03 PM

You don't, at least not without forensics tools

by SwtCyber

4/10/2026 at 3:08:28 PM

I wonder how long does the system store those notifications

by benhurmarcel

4/10/2026 at 2:48:07 PM

Just curious, how come at least once a month signal bugs me to turn on notifications? I said no for a reason, every single time - why does it keep asking?

Not implying anything evil but it feels a bit weird esp after this.

by pigggg

4/10/2026 at 2:51:32 PM

Signal developer here. It's just because notification reliability is always a top support complaint, and a lot of people turn off notifications and don't realize they've done so. Admittedly, once a month is likely too aggressive.

by greysonp

4/10/2026 at 3:07:20 PM

How about instead of prompting to enable notifications, you leave a small banner or other unintrusive/non-annoying UI noting that they're off, which users can tap in order to learn more about how to reenable them?

For an app that prides itself on privacy, it's kind of crazy that you're making it so easy to accidentally blow it.

by dataflow

4/10/2026 at 4:11:46 PM

That would drive me nuts. I do not want a banner permanently on I cannot remove.

And before someone suggests it: If the banner can be removed, you’re back to having lots of complaints for users that did not realise they turned off notifications.

by illiac786

4/10/2026 at 10:43:15 PM

Doesn't have to be prominent and doesn't even have to be a banner. The ultimate point is to make it hard to reenable by accident, and to not make it annoying. Lots of ways to do that.

by dataflow

4/11/2026 at 3:17:44 AM

True. Lots of ways to do it wrong too. I have seen this done wrong significantly more often than right.

Anyway, I agree it’s worth a try.

by illiac786

4/10/2026 at 2:57:44 PM

Is there some "no means no" additional setting that could be added where someone has to go into settings that would prevent that?

I fear that with the notifications pop up asking me this I might hit the wrong button and woops turn it on.

by pigggg

4/10/2026 at 4:16:12 PM

Try from inside the signal app itself instead of system settings? On android Signal has an option at hamburger menu > Settings > Notifications > Notifications (toggle switch)

Oh... hmm, two toggles actually. One at Settings > Notifications > Calls > Notifications toggle, and the other at Settings > Notifications > Messages > Notifications toggle

by NAR8789

4/10/2026 at 3:56:35 PM

> notification reliability is always a top support complaint

I know octogenarians who use signal daily. "You called me and it didn't ring" or "messaged and it didn't beep" are definitely the top support complaints I receive. Thanks for being sensitive to this use case.

by elevation

4/10/2026 at 5:25:12 PM

Any time after a user switches it off on purpose is too aggressive.

by jacquesm

4/10/2026 at 3:25:23 PM

Making the product worse for everybody because a minority can’t manage their own settings is a terrible strategy.

by peacebeard

4/10/2026 at 3:27:47 PM

Do most people keep the notifications disabled for their messaging apps?

by cbg0

4/10/2026 at 3:48:47 PM

It's just a mental compartmentalization thing for me. When I want to get into slack/signal chatting mode or read messages I load such an app and look/interact. When I'm not doing that I don't want to be bothered with messages. I'm already sacrificing a portion of my life to work related tasks and being in front of a computer at many hours, when I'm not in that mode I don't want to be interrupted - people who need to reach me in an emergency have other ways to get ahold of me.

by pigggg

4/10/2026 at 4:23:31 PM

But maybe _you_ are the minority

by pastel8739

4/10/2026 at 3:33:17 PM

I disable notifications on every app that is not on the critical path to me earning a living. Notifications are largely unnecessary. Either you are actively engaged with something, in which case you didn't need the notification, or you are doing something else and don't need the distraction, in which case you didn't need the notification. Only my employer gets a right to demand my time during work hours, which is why notifications are enabled during work hours for work apps.

We as a society have gotten way too comfortable expecting every single person to be available at all times to provide us some kind of immediate response. Let people live. If I'm hiking through the woods with my camera doing bird photography, even if you're my best friend you can wait until I get back to my car and manually check my messages, I don't need a notification. If it's an emergency, dial my number and call me, which will make my phone ring. Novel concept, I know.

by tristor

4/10/2026 at 4:33:17 PM

Signal notifications are the #1 thing in the critical path for me earning a living. Isn’t this normal in our industry?

by sneak

4/10/2026 at 5:27:05 PM

Okay, well you should probably have them enabled then. For me, Signal is for personal messaging. My work messages are mostly Slack, Webex, and Teams.

by tristor

4/10/2026 at 5:21:13 PM

Nope.

by fwip

4/10/2026 at 6:07:49 PM

Personally, I have multiple messaging apps. I have notifications on for work slack, which is high signal, and I have notifications off for personal discord which is noisy and low priority.

by peacebeard

4/10/2026 at 2:54:24 PM

> why does it keep asking?

Why does any software keep asking you to do things you explicitly told them you don't want to do? Because it's in the software developer's best interest to get you to do them, not yours. We've gotten way past the point in software where we no longer expect the software to serve the user's interest and solve the user's problems. Now, the expectation is that the user gets nagged and coerced into serving the software's interest and solving the developers' problems.

EDIT: Looks like a developer confirmed this in a sibling comment already: It nags you because that solves their support problem.

by ryandrake

4/10/2026 at 3:05:23 PM

We build Signal for everyone, and that includes a lot of people who are not as technologically literate as the average tech worker. For a lot of people, they don't even know they dismissed the notification permission prompt, they were just closing boxes. For them, the reminder is helpful and prevents them from experiencing missing notifications. Striking a balance between helping these people and annoying more technologically-literate users is very difficult, with compromises everywhere. We're just trying to make sure Signal works for people, nothing more.

by greysonp

4/10/2026 at 3:13:40 PM

Ask frequently but add a "don't ask again" option. Then everyone is happy.

by zarzavat

4/10/2026 at 6:08:51 PM

Not really. A portion of users will randomly tap that just to get rid of the question. They don’t read.

The easiest way to experience that yourself is to set your device to a language you barely understand. You’ll find yourself dismissing dialogs just like all those illiterate normies.

by iknowstuff

4/10/2026 at 3:35:21 PM

Can you add a "tech-savvy user" mode, off-by-default, that opts out of these sort of reminders?

I think we're capable of finding it ourselves if you do.

by some_furry

4/10/2026 at 3:34:10 PM

[flagged]

by snhjsdrhrsh

4/10/2026 at 3:17:37 PM

Thanks for the reply. I know it feels noble to do it that way, and I admit I get dogmatic over this one principle: a computer should first and foremost obey the user. It shouldn't have its own agenda. It shouldn't second guess. It shouldn't "did you mean?" I command the computer, and the computer executes that command and then waits for the next command. If I command it to not display a particular output (notifications), then I expect it to never display them, full stop.

I don't see my computers as partners or helpful assistants or eager interns. I see them as tools for reliably performing computation, and I expect them to operate that way.

I fully understand that this means that fewer and fewer developers are "building their software for me" and I find that pretty disappointing.

by ryandrake

4/10/2026 at 5:32:01 PM

I'm sure everyone loves it when they accidentally press "Delete", and the app instantly deletes a thing forever without showing any confirmation dialog. After all, if the computer asked you to confirm it, it would mean it disobeyed your direct order!

HN truly never fails to make me laugh when it comes to discussing user experience.

by shooly

4/10/2026 at 3:24:07 PM

Have you ever built and distributed communications software? This is a very common problem.

by azinman2

4/10/2026 at 7:41:50 PM

I broadly sympathise, being a nerd myself also, but this just isn’t a way to build software for a general audience.

by dwb

4/10/2026 at 4:10:18 PM

“Their support problem” is a regular person’s problem getting the software to work how they want. That frustrated them enough to complain about.

I don’t follow how it’s necessarily selfish for the developer to reduce that.

There certainly are selfish ways to reduce support load, like making it harder to ask for help at all. But this way seems like the right way: listen to users’ problems and act to avoid them.

If your remedy causes more pain and frustration than the status quo, you’ll end up with more support load, not less.

Sure it’s greyer when the developer’s trying to sell something, but what does Signal gain from pushing notifications on users?

This seems to be about making the software humane and forgiving—meeting users where they are, not tricking them into something they don’t want.

by alwa

4/10/2026 at 3:02:06 PM

The Proton Drive app keeps asking me to turn on backups of photos and video. There is no option to say "don't ask again."

I guess they /want/ more storage to be used? Or is there a support issue they are trying to deal with?

by krunck

4/10/2026 at 3:10:23 PM

They probably want to avoid situations where a customer turns off backups, then loses data and makes it the problem of support.

But it would be nice to have a "don't ask again" option regardless, even if it's hidden in settings.

by alpaca128

4/10/2026 at 3:04:09 PM

Yes Google constantly asks me to backup my pictures to their platform No, I don't want this. But regularly when I go to my photos it'll pop up with a box asking and the default option is yes please back up. Sad.

by pigggg

4/10/2026 at 8:36:34 PM

You know you can just use a different picture app?

by bryan_w

4/10/2026 at 3:04:21 PM

"Consent" has become this mystical foreign concept to software developers. If the world of computing was a night club, "Silicon Valley" would be that creepy guy who goes up to everyone asking "Do you want to dance? [YES | Ask Me Later]".

by ryandrake

4/10/2026 at 3:22:25 PM

It's pretty shortsighted, bordering on intentionally obtuse, to insinuate that the only person that benefits from solving the support problem is the person on support.. Take the example of automatic backups others brought up in this thread. Are you really going to imply that there's zero benefit to the person who didn't lose their data because the app reminded them to turn backups on? I don't disagree that it could be improved with a simple "don't ask me again" style setting, but that doesn't change the fact that every time someone doesn't issue a support ticket, it's because they didn't run into an issue. Any effective solution to a support problem is mutually beneficial for the user as well as the support staff.

by ethanrutherford

4/10/2026 at 4:30:54 PM

If a person says “no” to a prompt multiple times then either they aren’t reading it and never will or they definitely know they are not interested and at some point it needs to stop.

At some point it is just not beneficial anymore.

by Forgeties79

4/10/2026 at 2:55:30 PM

Messaging platforms where people receive and promptly respond to messages are more successful in the long run. That's why SMS overtook email. If you own a messaging platform there isn't anything inherently nefarious about pushing people to enable notifications.

by mackman

4/10/2026 at 2:57:09 PM

There is if they have repeatedly said no

by Forgeties79

4/10/2026 at 3:36:52 PM

imagine someone shows up to your door and tries to sell you garbage. you ask him to leave and he says he'll show up again soon. and these idiots defend this behavior. at the end of the day, the people on this site are muppets, they just dont like facebook is all.

by snhjsdrhrsh

4/10/2026 at 4:09:49 PM

What I don’t understand is why anyone can’t imagine scenarios where folks don’t want to turn on notifications. Also, why on a site where all I ever read is “users should be allowed to choose, users should be allowed to control their computers, users should have their consent respected,” etc. (especially when Linux comes up) are we seeing “no, users should keep getting nagged to turn on a feature they explicitly said they don’t want to use”? It’s not like it’s hard to go enable notifications. They can easily change their mind.

by Forgeties79

4/10/2026 at 5:42:25 PM

Does Signal magically show up on people's phones and open itself at random point in time? I have a suspicion, that you might not be too good at this whole "making analogies" thing.

by shooly

4/10/2026 at 5:01:39 PM

Pretty sure that's just iOS behavior + app design. If notifications are off, apps will occasionally prompt again to make sure you didn't disable them by accident or miss something

by SwtCyber

4/10/2026 at 6:33:53 PM

No, the OS will not do that, nor is the developer able to trigger the system prompt again when they detect the user has notifications off. Only thing they can do is present their own prompt and link out to the Settings app for the app's settings. Can't even deep link to the app's notification settings.

by jshier

4/10/2026 at 3:05:59 PM

Reminds me what Whatsapp if you set up a 2FA PIN, which forces you to type it about every week to check if you forgot it. So annoying.

by benhurmarcel

4/10/2026 at 5:34:50 PM

Sorry, I really cannot tell if this is sarcasm or not.

One of the TOTP apps had a periodic test that you still knew the paraphrase. It started frequent and then backed off to like once a month. There’s definitely a benefit even if it’s annoying.

by fn-mote

4/11/2026 at 10:12:42 AM

That’s not sarcasm and it doesn’t allow any backup, it literally just to make sure you didn’t forget the PIN. It’s once a week, forever. It’s a good way to make sure people don’t activate 2FA.

https://faq.whatsapp.com/1278661612895630/

> WhatsApp will regularly ask you to enter your PIN as a reminder. As long as you don't reset the PIN, you will get a reminder once a week.

by benhurmarcel

4/10/2026 at 6:28:18 PM

It depends on whether one has it stored in a password manager or not. If stored, there is no benfit. Giving users a choice would be better.

by OutOfHere

4/10/2026 at 10:25:54 PM

That app was authy by Twilio. Twilio screwed over everyone using that app

by dwedge

4/10/2026 at 2:52:31 PM

NSL, perhaps?

by johnnyApplePRNG

4/10/2026 at 1:04:49 PM

> testimony in a recent trial

Court cases are the real way to audit security.

Larping about security and complaining about companies responding to court orders only gets you so far. Its way more useful to look at what actually happens in reality.

by blitzar

4/10/2026 at 2:53:25 PM

I know it’s not germane to the Signal issue, but this caught my eye, “who previously pleaded guilty to providing material support to terrorists”.

The case comes with a long statement about the Antifa “organization”. Just your weekly reminder we are living under an Orwellian administration. https://www.justice.gov/opa/pr/antifa-cell-members-convicted...

by tclancy

4/10/2026 at 3:08:25 PM

Yes and no. Court cases certainly will disclose what capabilities various parties have come up with when it comes to security. However, there are documented cases where the government chooses to abandon prosecution for the sole purpose of preventing disclosure of some of their cyber capabilities.

by bronco21016

4/10/2026 at 5:03:58 PM

True, court cases are one of the few times details actually surface

by SwtCyber

4/10/2026 at 1:11:51 PM

The recent Trivy / LiteLLM mess was also a security thing, and seems rather different.

by tbrownaw

4/10/2026 at 2:45:52 PM

The problem is that, in the current environment of dishonest and corrupt states, "what actually happens in reality" isn't the same as what happens in court because of parallel construction.

by jMyles

4/10/2026 at 12:58:53 PM

I wonder why Apple doesn't 'just' delete the notification data associated with the app from the internal database when the user deletes the app? It seems like asking for problems to just keep old notification content around forever.

by niek_pas

4/10/2026 at 1:04:57 PM

It's one of those problems where as soon as someone notices, it's crazy that no one noticed. I can't imagine this not being overhauled going forward. It's just a bad way to operate and now it's news.

by alsetmusic

4/10/2026 at 3:43:38 PM

> I can't imagine this not being overhauled going forward.

On which end, Apple or Signal? Because neither Apple nor Google will overhaul this behavior, the FBI asked for it directly: https://arstechnica.com/tech-policy/2023/12/apple-admits-to-...

by bigyabai

4/10/2026 at 4:48:38 PM

This is different than push data, which already does not contain any content or metadata in Signal. This is about local OS caches, whereas for push notifications Signal only sends a push saying “message received” which wakes the device up and triggers the device to pull the message from the server over the regular e2e encrypted path.

by ikmckenz

4/10/2026 at 1:40:28 PM

If it never hits flash that might work, but if it's in flash storage then the block may not be erased by the time its dumped.

I'm not sure precisely how the NAND controller responds to requests for raw data from blocks with "deleted" data. And if this would require decapping the flash.

Some flash will happily let you see the data and delay erasing it.

Generally flash is non deterministic about when blocks even those with entirely stale data are erased . It might be years before the block is reused due to wear leveling algorithms and it might retain data that entire time.

Here's hoping the controller for phones which hold sensitive data are more active

by rustyhancock

4/10/2026 at 4:55:30 PM

I think that's how the Android notification history works. If I uninstall an app, the entries in the history aren't shown anymore. You also have to opt in to notification history and toggling it off and back on clears the old entries. There's also a time window that it keeps entries for: https://source.android.com/docs/core/display/notification-hi...

by gumby271

4/10/2026 at 1:49:07 PM

If the "database" works like most other databases (eg. postgres or sqlite), deleting a row doesn't immediately cause the data to be wiped from disk, for performance reasons. Then as others mentioned you have filesystem/SSD logic that does something similar on top of that.

by gruez

4/10/2026 at 3:28:01 PM

But you can do other things to mitigate this. For instance, give each app a set of rolling daily encryption keys, and encrypt new messages at rest. Remove the app, remove all keys. Nightly, remove the oldest key. Perhaps have the entire key database either stored in Secure Enclave, or if there isn't room, have the key database itself encrypted by a rotating single key in Secure Enclave. Now there's nothing that an attacker can do.

by btown

4/10/2026 at 1:02:43 PM

Original article: FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database[0]

0. https://www.404media.co/fbi-extracts-suspects-deleted-signal...

by alsetmusic

4/10/2026 at 1:04:57 PM

That's unfortunately less informative if you aren't already one of their subscribers.

by tbrownaw

4/11/2026 at 12:59:42 PM

> That's unfortunately less informative if you aren't already one of their subscribers.

Subscribe! They're probably the best journalism org in western media right now. Of course, that's not always an option for everyone, but I hope HN readers with a few extra bucks will check them out.

by alsetmusic

4/10/2026 at 2:38:42 PM

"However, it appears the defendant did not have that setting enabled, which, in turn, seemingly allowed the system to store the content in the database."

"[A]llowing the system to store the content in the database" where a third party, such as Apple or a government, can access it is the default

Only a small minority of users know about settings and how to change them. The vast majority of users do not change default settings. Apple knows this

by 1vuio0pswjnm7

4/10/2026 at 4:12:47 PM

“Only a small minority of users know about settings and how to change them. The vast majority of users do not change default settings.”

Even worse, whatever critical settings you may set as a sophisticated user will frequently be reset, or changed, or re-organized under different settings… And of course, set back to insecure defaults… With subsequent software updates.

This is a regular occurrence with Firefox and privacy settings.

Whatever the actual impetus is, we should act as if this is intentional.

by rsync

4/11/2026 at 1:26:22 PM

Strictly speaking, any software that cannot easily and permanently disable forced updates is insecure.

So, I don't like auto-updating.

by ZetsuBouKyo

4/10/2026 at 2:52:48 PM

If you care about security at all, you disable any previews on the lock screen. The lock screen is by definition visible to anyone without any authorization. Showing anything on it immediately destroys any secrecy. It must be obvious to anyone capable of elementary logic inference.

If you don't know how to disable it, you use your favorite search engine / LLM / knowledgeable relative to find out, and disable it.

But if you just didn't pay attention, "never thought about it", you don't care about security, and no amount of technical means would help, sorry.

by nine_k

4/10/2026 at 3:05:07 PM

> If you care about security at all, you disable any previews on the lock screen. The lock screen is by definition visible to anyone without any authorization. Showing anything on it immediately destroys any secrecy. It must be obvious to anyone capable of elementary logic inference.

With at least one combination of settings, it shows the message content only when the lockscreen has been unlocked, but not yet swiped away.

by loeg

4/10/2026 at 4:10:36 PM

This is insidious indeed. Still I would suggest that any secret message, as it leaves the app that handles secrecy, ceases to be secret. This BTW also applies to copy-paste operations, screen readers, etc.

by nine_k

4/10/2026 at 5:55:43 PM

Disabling notification preview in the operating system settings doesn't prevent the issue, they're still saved in the database.

The only way they're not saved is to disable name/content in signal itself.

Maybe you're not as capable of elementary logical inference as you thought?

by gertop

4/10/2026 at 7:13:08 PM

Disabling may be not sufficient (which is pretty insidious), but I still posit that enabling message preview is guaranteed secrecy loss.

But indeed, the idea that disabled notifications are still stored, and not directed to /dev/null immediately, cannot be inferred from just observing the behavior of the phone UI.

by nine_k

4/10/2026 at 5:50:07 PM

Imagine a parallel universe where stories about use of personal computers were written from a different perspective. For example,

"However, it appears Apple's system uses a default setting which, in turn, seemingly allowed it to store the defandant's content in Apple's database"

instead of

"However, it appears the defendant did not have that setting enabled which, in turn, seemingly allowed the system to stoire the content in the database"

In the later version, the defendant, namely his inaction in not changing a default setting, appears solely responsible for the outcome. And the actor that placed a copy of his incoming messages in a database that the actor created is referred to as "the system", not the corporation that wrote the system and sold the computer with this system pre-instaalled

by 1vuio0pswjnm7

4/11/2026 at 3:56:20 AM

*store

by 1vuio0pswjnm7

4/10/2026 at 2:43:34 PM

> Only a small minority of users know about settings and how to change them.

I couldn't believe this so went to look up some data on this.

Holy FUCK that is bleak. There needs to be way more computer education, not just "how2type" classes.

by esseph

4/10/2026 at 5:06:29 PM

Unfortunately, users don’t want to learn. They want the app to do what they want. Anything involving learning is likely to get an instant “screw this” reaction. Seen it firsthand many times, and always found it mystifying.

by sillysaurusx

4/10/2026 at 5:54:09 PM

[flagged]

by shooly

4/10/2026 at 5:58:51 PM

Mind reading the rules and leaving more substantive comments? Ideally ones with less “you”s.

Obviously the cause is different interests. Different interests can explain everything from a bad decision to going to sleep early. It says nothing useful.

by sillysaurusx

4/10/2026 at 8:18:28 PM

If you don't know something is even possible, how do you know the application is working in the way you intend?

by esseph

4/10/2026 at 1:57:28 PM

So this is where we find out the one end of e2e is the phone and not the app.

Semi-related, in whatsapp reading the text in the notification doesn't mark the message as read, so the OS is kinda mitm here.

by 6thbit

4/10/2026 at 2:02:42 PM

Signal creates the notification, does it not? That's like claiming `echo "my_private_data" | notify-send` is insecure.

If piping encrypted content resulted in a plaintext notification then you'd have a right to be concerned.

by zenoprax

4/10/2026 at 4:11:24 PM

What prevents the phone from taking screenshots of you reading the messages in the app?

The actual one end is the phone, not the app, period.

by coldtea

4/10/2026 at 5:50:19 PM

Exactly yes, and that is insecure here because the app relayed the message beyond its layer and ownership. Thus not making the app the end of the communication.

by 6thbit

4/10/2026 at 12:22:24 PM

On Android, when I use WhatsApp and have notifications for groups turned off, I can still see that they arrive briefly and then get removed (the icon top left vanishes). I wonder often, if this is a way to push all group message content into an unencrypted data trace as well - for the same use case.

by chinathrow

4/10/2026 at 12:30:33 PM

If the notification has the data, then yes. It's trivial to create an app that listens to notifications; Samsung even has one themselves called NotiStar that replicates the notification history feature that Android normally has.

by arkon_hn

4/10/2026 at 4:54:02 PM

I've never seen this happen, maybe you're seeing the "Fetching messages" notification that sometimes pops up for a second?

by pipe01

4/11/2026 at 6:51:11 PM

No, it's exactly when new messages for muted groups arrive. Confirmed via WhatsApp Web.

by chinathrow

4/10/2026 at 3:25:29 PM

While it's definitely surprising that the OS caches this data after the notifications have been swiped away, I always thought that notifications are an obvious hole in the whole E2E encryption setup.

by halapro

4/10/2026 at 3:29:46 PM

AIUI, Signal push notifications just saying a message was received. Signal then fetches the E2E encrypted message from the server and decrypts it locally. So Apple/Google cannot read the messages, nor can Signal servers.

by Thorrez

4/10/2026 at 3:59:46 PM

AIUI, Signal decrypts the E2EE message locally, but then sends the decrypted message to iOS in order to display the notification to the user. iOS then stores this data and it persists after the user dismisses the notification.

This makes sense and there's really no way around it without a change from Apple. If iOS is going to show the user a Signal notification with the decrypted message in the notification body, then iOS must be given the decrypted message. iOS could (and probably should) delete that data off the device as soon as the user dismisses/engages with the notification. But it sounds like they do not.

by leesalminen

4/11/2026 at 10:00:30 PM

I agree. My point is that this isn't an "obvious hole in the whole E2E encryption setup", because no network actor (e.g. Google, Apple, Signal servers) can read the data.

This "hole" in E2E is the same as any malware on the device. If the device cannot be trusted, no form of E2E will work. The E2E encryption is functioning properly. The problem here is completely unrelated to E2E encryption. E.g. you could have a personal notes app that makes no network traffic, but generates notifications occasionally regarding your notes, and it could have this same problem, even though no messages are sent over the network, and in fact the phone could have all networking capabilities disabled and still have this problem.

>This makes sense and there's really no way around it without a change from Apple.

There is a bit of a workaround: Signal has a setting to not put message content in the notification. That fixes this AIUI.

by Thorrez

4/10/2026 at 6:07:50 PM

So Signal is sending the notifications through Apple's ecosystem somehow, presumably to save battery life by not having a persistent connection to Signal's servers? That's what I think happens on Android, too. When I had Lineage years ago, I had a persistent connection to Signal as the notifications didn't come through Google. Unfortunately there was a persistent notification for the persistent connection with no way to remove it.

After these news Signal should ask the users ASAP and on new installs something like:

> Do you want the notifications to pass through Apple (no privacy, better battery) or through Signal itself (better privacy, but less battery life due to the persistent connection to Signal's servers.

It should be as part of the setup wizard, not inside the settings.

Correct me if I've misunderstood something.

by AlBugdy

4/10/2026 at 6:16:37 PM

In my recollection, which may be imperfect:

1. On android if Google Play isn't available (or you install the no Google apk version) it'll use a websocket for notifications. Apple doesn't allow a persistent connection except through their own notification framework.

2. In either case Signal doesn't send message contents through the notification framework (not even encrypted). Once Signal receives a notification the app wakes up and reaches out to the signal service directly for actual encrypted message.

3. Regardless when signal shows the contents of your message in the notification menu of your device your device keeps a record on your device of that message content.

The FBI here didn't get anything from apple, once they had the apple device unlocked they looked at the notification database on the device to get the message contents. This isn't really any different from the fact that if the FBI has your unlocked phone they can read your signal messages. The notable bit is that the notification database retains messages even after the app is deleted.

by svpk

4/10/2026 at 6:24:58 PM

" if the ___ has your unlocked phone they can read your signal messages. "

It's worth noting you can add an additional security check pin/bio/pass to signal that is different from your phone unlock.

The protester had also uninstalled signal from phone (even with access to the phone, they would not have access to signal, if they had reinstalled signal, and some how got the security pin or passphrase, they wouldn't be able to load the prior messages, without either, no messages at all).

by 0xR1CK

4/10/2026 at 7:37:51 PM

> Apple doesn't allow a persistent connection except through their own notification framework.

How can iOS not allow persistent connections at all? How would a long download work or a call in the background work at all?

> Regardless when signal shows the contents of your message in the notification menu of your device your device keeps a record on your device of that message content.

How is that not treated as a backdoor unless it's explicitly mentioned when someone installs iOS?

by AlBugdy

4/11/2026 at 2:20:52 AM

1. I'm not an iOS dev, but I know they have a specific framework for doing calls (CallKit I think), so you'd be using specific APIs that allow for a persistent connection for that purpose. Probably something similar for downloads. But generally iOS kills apps running in the background after a while so there's no way to persist an open connection indefinitely.

2. To be clear it's my understanding that the notifications weren't exfiltrated off the device. The notifications are stored in a database on the device that iPhone and can only be accessed by unlocking the phone. So I wouldn't call it a backdoor. Both Android and iOS retain notifications in a database, in Android you can disable it, I don't know about iOS.

by svpk

4/10/2026 at 6:29:26 PM

There is no other way to send push notifications on iOS, you have to use APNS. When the app is active you can switch to your own local socket connection, but as soon as it goes into the background those connections are lost. Pushes can also start the app in the background if it hasn't been used in a while and has been evicted by the OS.

You can send push notifications with your own encryption on top, which I believe Signal does, so Apple can't see it on the APNS side, but your local extension to decrypt the content is still subject to the user's settings, and part of the notification history if you put message content in the notification.

by jshier

4/10/2026 at 11:48:46 AM

Aren’t notifications supposed to be encrypted for Signal?

by frizlab

4/10/2026 at 11:56:06 AM

iOS stores the previously displayed notifications in an internal database, which was used to access the data. It’s outside of Signal’s control, they recommend disabling showing notification content in their settings to prevent this attack vector

by shantara

4/10/2026 at 1:41:21 PM

They do control the content on the notification. It's a bit odd to put the sensitive text in the notification only to recommend disabling it at the system level.

by exitb

4/10/2026 at 2:02:56 PM

No. They recommended disabling it at the app level. Only the Signal app can control whether the message contents are included in the notifications.

by kccqzy

4/10/2026 at 1:56:48 PM

They do not. They send encrypted notifications. It’s the OS that stores them unencrypted. It’s the OS at fault here IMHO.

by frizlab

4/11/2026 at 4:31:39 PM

Signal does NOT send encrypted notification, they send a blank notification that act like a ping, the actual encrypted data is then fetched by the app itself.

by llacane

4/10/2026 at 2:05:56 PM

i think they're replying to the "recommendation" part -- if it was recommended, why isn't it the safe default?

i haven't actually seen signal or anyone adjacent recommend that previously though, idk where that claim came from

by throawayonthe

4/10/2026 at 4:22:35 PM

Sorry, the “recommended” was a bad wording on my part. The recommendation comes from the 404 Media article who did the expose on this incident, not Signal itself.

I’ve checked the Signal documentation page, and there’s no mention of the privacy implications of the setting: https://support.signal.org/hc/en-us/articles/360043273491-In...

by shantara

4/10/2026 at 11:58:32 AM

You can choose what to show in the notification and there is an option to include the message, so I'm guessing that allowed some unencrypted incoming messages to be read.

by makosdv

4/10/2026 at 12:02:37 PM

Sibling comment explains. The notification does arrive encrypted and is decrypted by an app extension (by Signal), however, if the message preview is shown, it is stored unencrypted by iOS. It is that storage that is accessed.

by frizlab

4/10/2026 at 12:04:00 PM

it seems iOS will drop previews into an unencrypted section. which, Is how I expected iOS notification previews to work without unlocking the phone

by butvacuum

4/10/2026 at 12:13:44 PM

This kind of vulnerability is not tied to Signal but all apps which send notification.

by krisknez

4/10/2026 at 2:04:05 PM

They are;

“Messages were recovered from Sharp’s phone through Apple’s internal notification storage—Signal had been removed, but incoming notifications were preserved in internal memory. Only incoming messages were captured (no outgoing).”

ie the messages recovered were 1. incoming 2. stored by the OS after decryption

i also was spooked by the headline :p

by throawayonthe

4/10/2026 at 11:55:19 AM

[dead]

by dewey

4/10/2026 at 6:24:44 PM

This is the same issue that got a local drug organization busted some time ago - their entire α-PVP cooking operation was busted after one of the gang members was caught during a sale, his iphone was confiscated and the entire org was right there in the notification history.

I guess that's what you deserve if you trust apple with your operational security.

by ttkari

4/10/2026 at 8:33:00 PM

Perhaps a stupid question, but why do notifications need to be stored in a database in persistent storage at all?

OK, maybe they can be stored until they're dismissed in case the battery suddenly dies, so they can be displayed again on next boot and are not lost, but it sounds like they are being stored long after they are dismissed.

by fmx

4/10/2026 at 9:30:22 PM

I suspect they live in a database and are eventually going where GC data goes.

by heisenbit

4/10/2026 at 4:58:03 PM

This is one of those cases where the "secure app" narrative collides with how messy real systems actually are

by SwtCyber

4/10/2026 at 12:07:53 PM

There needs to be a bit more "group chat" control in Signal messages, wherein you could enforce certain settings for certain chats regardless of the phone settings. You could have group chats that would enforce not showing more information in the notifications, while others would still allow it.

by lenerdenator

4/10/2026 at 12:15:16 PM

This feels like it would run against the “I bought my device, I should control how it behaves” line of thinking.

by preinheimer

4/10/2026 at 1:22:35 PM

I think it fits in pretty well with Signal. As it stands, a group chat can control when a message is automatically deleted for everyone, so everyone can rely on that being a shared setting. That's an intentional design decision. There's no individual opt-out.

An individual can disable name or content in notifications in iOS, or set "mute messages" for a chat to prevent notifications from appearing for that specific chat, but there's nothing that gives group members any assurance that other group members are doing that.

by helpfulclippy

4/10/2026 at 12:31:40 PM

But it would be pretty well in line with the "I trust my contact with this communication, but only if they're not systematically misled to copy it to readily exploitable insecure storage" line of thinking.

Since the purposes of the program are pretty heavy on private communication, I'm inclined to think that takes precedence here, especially considering the consequences for dropping default message previews versus adding default reveal of supposedly private information.

by etiam

4/10/2026 at 4:19:51 PM

True, though the device could simply not be connected to that chat if the user doesn't want to implement the policies necessary to access that chat.

The major hole here is that you turn off your notifications and don't have a bunch of database records, but the threat actor somehow finds out who your contacts are, gets a hold of their phone, and can then see all of the messages you sent via their notifications database. So if you want to trust the device for secure communications, you can't do that.

by lenerdenator

4/10/2026 at 12:21:32 PM

smartphones in general runs against the “I bought my device, I should control how it behaves” line of thinking

by kome

4/10/2026 at 12:47:08 PM

I thought Signal didn’t show message previews by default and you had to go in and enable it? I’ve never had message previews in my Signal and I don’t remember changing anything. Maybe when they introduced the feature, you could pick but they strongly suggested it not showing?

by shalmanese

4/10/2026 at 1:25:37 PM

The opposite, actually. Signal endlessly nags you to turn on notifications, and when you turn them on, previews and content are shown by default. You cannot opt out of the nags.

by foooorsyth

4/10/2026 at 2:53:03 PM

According to my setting screen the Show Previews setting is "When Unlocked (Default)".

Screenshot of notification settings page: https://files.catbox.moe/3gwjoy.png

by commandersaki

4/10/2026 at 1:42:20 PM

As an aside, I decrypted an encrypted iPhone backup using a tool from GitHub because I wanted easy access to my Voice Memo recordings.

Photos I had long deleted were still in the backup! It's quite surprising just how much is being stored by the phone.

by echelon_musk

4/11/2026 at 9:00:20 AM

There is no such thing as strong end to end encryption on a proprietary operating system no one but the provider can verify.

by lrvick

4/10/2026 at 6:18:56 PM

I don’t know why anyone trusts Signal. People keep talking about them. I thought it was clear years ago that they were a sketchy company

by kouru225

4/10/2026 at 1:27:50 PM

Probably stupid question: why won't they e2e-encrypt push notifications too? The vector is obvious and has been open since forever.

by SergeAx

4/10/2026 at 1:36:52 PM

Signal does not send any sensitive information in push notifications sent via APNs [0]. This story concerns the local OS cache of push notifications, which are triggered after E2E decryption has occurred.

[0] https://mastodon.world/@Mer__edith/111563865413484025

by 0x62

4/10/2026 at 1:48:31 PM

The "e" in e2e encryption is a computing device, not the device's user's brain.

by tbrownaw

4/10/2026 at 2:34:20 PM

Right. So I send a push notification with the "silent" flag and encrypted content; the app receives it, decrypts the text, and displays the notification locally. Google/Apple has only ciphertext in their FBI/CIA/NSA-accessible databases.

by SergeAx

4/10/2026 at 4:39:52 PM

I'm confused. You mean the iOS system notification would display the decrypted message in plaintext? Or do you mean the iOS system notification would display the encrypted message (i.e. it would be unreadable)?

by jhatemyjob

4/10/2026 at 5:05:30 PM

The app decrypts the message and displays it via the system notification.

by SergeAx

4/10/2026 at 5:23:49 PM

So in that case, the system has access to the plaintext, therefore the Alphabet boys have access to it as well. Unless, of course, you believe Apple isn't cooperating with them.

Am I missing something here? Maybe I'm missing a subtle detail.

by jhatemyjob

4/10/2026 at 8:32:51 PM

A system like the one in "my phone's operating system". Do you assume that "Alphabet boys" have access to all parts of all Android file systems of all the phones ever produced?

by SergeAx

4/11/2026 at 2:28:14 AM

I think the confusion here is that Signal does in fact encrypt the notification in transit [1]. The FBI had access to the user's unlocked iPhone and went through the notification history on the device. The issue the user faced is that even though they deleted the signal app they were unaware that iOS (and Android by default) retain a database of past notifications even after they're dismissed from the notification pane.

[1] Well actually they just send a blank notification, the signal app then reaches out to the signal server for the actual encrypted message content when it receives the empty notification.

by svpk

4/11/2026 at 4:48:30 PM

I'm sorry but I'm having a really hard time understanding what you're saying. The first sentence I cannot understand at all. As for the second sentence, I think you might be confused about my usage of the term "Alphabet boys", which is slang for the intelligence agencies: https://youtu.be/lLf84LPzlVc?t=61 it seems like you thought I was referring to Google's parent company.

by jhatemyjob

4/10/2026 at 3:28:06 PM

We are running out of Murphy's laws for digital communications. People will go back to physical messaging

by seydor

4/10/2026 at 4:12:47 PM

Younger people have largely abandonded even physical contact and talk, they ain't going back nowhere.

by coldtea

4/10/2026 at 4:36:59 PM

Is there a way to delete all Apple notification history from Apple’s servers?

by SilverElfin

4/10/2026 at 2:39:19 PM

People also got charges in the same case for removing people from a Signal chat

by walmas

4/10/2026 at 3:55:44 PM

Sounds like an intentional government feature. Just speculation though. I'm glad I have a Pixel, but I'm on the default OS and need to switch to GrapiousOS (secure version). Just haven't due to lack of nice Google features.

by b8

4/10/2026 at 3:39:57 PM

A lot of dumb criminals seem to carry smart phones. The irony.

by seethishat

4/10/2026 at 4:43:08 PM

Probably, but these are people who are being charged for political "crimes" brought mostly because the government doesn't think people have a right to protest. While it's unsurprising that the citizen who discharged their weapon was tried for this, most of the other folks were just doing run-of-the-mill protest stuff.

I also get that in Texas they are fine "criminalizing" protesting, but that's just part of its hyper-authoritarian "charm", and a lot of us don't think that protesting in itself should be criminal.

by scarecrowbob

4/10/2026 at 8:35:30 PM

The person whose Signal notifications were extracted, Lynette Sharp, was not the one who shot a cop in the neck, no. The reason she pleaded guilty to “providing material support to terrorists” is that she helped the shooter get away afterward and gave him a disguise; he remained on the lam for ten days.

by snatekay

4/10/2026 at 6:47:51 PM

They are part of a larger direct action group.

by inemesitaffia

4/10/2026 at 4:54:08 PM

Terrorism charges. That’s what we should be talking about.

by lowbloodsugar

4/10/2026 at 5:06:52 PM

It sounds like they were considering liberating the ICE concentration camp. If you go down that route, you need to be ready for the terrorism charges. They brought rifles and one of them allegedly shot at a cop.

Personally, it's a moral good to free people from a concentration camp, even if it requires violence to do so. However it's also obvious that when you oppose a State, you get hit with terrorism charges. ...unless you're a jan6er, of course.

by komali2

4/10/2026 at 4:33:38 PM

Hmmm this is interesting. Because I've long had the complaint that notifications are frustratingly ephemeral. There have been many cases where I've gotten a notification that my phone clearly has but which I can't read, because when I tap it, it's purged permanently, and then I have a spotty internet connection, so I can't see it in the actual app that loaded.

I'm always like "JFC, can't you cache the notifications, so I can see it there while waiting for the app to gets its act together?" But no, that's never an option.

So I'm getting a laugh out of how notifications last long enough to be extracted by someone just not the person that they're for. (Though to be fair, it could be a case of a notification that was never tapped, and therefore hadn't been purged yet. I couldn't tell from the story.)

by SilasX

4/10/2026 at 12:28:35 PM

People who NEED to hide their notifications from iOS have this already disabled.

They rest who "evaluate their threat models" can practice Spy-life-gymnastics by disabling it from Signal.

by mnls

4/10/2026 at 1:28:14 PM

What a goofy comment.

The article you're commenting on is about people who obviously would have wanted this disabled, but didn't have it disabled, presumably because they didn't know about this issue.

by phyzome

4/10/2026 at 12:44:17 PM

Victim blaming?

by xandrius

4/10/2026 at 3:36:03 PM

iOS Data Protection — The Four Classes

Data Protection is implemented by constructing and managing a hierarchy of keys, building on the hardware encryption technologies built into Apple devices. It's controlled on a per-file basis by assigning each file to a class; accessibility is determined by whether the class keys have been unlocked.

The four protection classes, from strongest to weakest:

NSFileProtectionComplete — Files are only accessible when the device is unlocked.

NSFileProtectionCompleteUnlessOpen — A file can only be opened when the device is unlocked, but is not closed when the device is locked — it's encrypted when the last open handle is closed. Suitable for data being uploaded in the background.

NSFileProtectionCompleteUntilFirstUserAuthentication — The resource cannot be accessed until after the device has booted. After the user unlocks the device for the first time, the app can access the resource and continue to do so even if the user subsequently locks the device. Fortify This is commonly called AFU (After First Unlock). This is the default class for all third-party app data not otherwise assigned to a Data Protection class.

NSFileProtectionNone — The resource has no special protections. It can be read or written at any time. The encryption only uses a key derived from the device's UID.

The BFU/AFU Distinction — The Heart of the Signal Issue

Apple's iOS devices operate in two key security states that directly impact data accessibility: Before First Unlock (BFU) and After First Unlock (AFU).

When an iPhone is in the BFU state, it has been powered on or rebooted but not yet unlocked with a passcode. In this state, the Secure Enclave does not release the decryption keys needed to access most user data.

Once you've unlocked once (AFU), files protected with NSFileProtectionCompleteUntilFirstUserAuthentication become accessible, the Keychain is available, and background processes and apps can access encrypted content as needed.

The Signal notification content issue connects here because notification data (including previews) stored in the default CompleteUntilFirstUserAuthentication class remains decryptable by any process — including OS-level forensic tools — as long as the phone has been unlocked at least once since the last reboot.

by dav

4/10/2026 at 2:44:17 PM

... and I thought I'm turning off notifications for all apps just so I don't get spammed. Looks like the setting is more useful than that.

by nottorp

4/10/2026 at 12:07:57 PM

Reminder that no end-to-end encryption arrangement can do anything before encryption, or after decryption, at the endpoints.

by i_am_proteus

4/10/2026 at 12:21:59 PM

Right. It's purely a protection against MitM snooping. The app has to have the messages in plaintext to display to you via whatever mechanism the OS uses. Seems obvious, but also not, at the same time.

I've found other ways Signal can leak information, even with disappearing messages. It's not the total install-and-be-done privacy screen that some people think it is, and requires a little effort at the user end to fill in a few gaps.

by windowliker

4/10/2026 at 3:29:17 PM

If I have access to the UI, I don't need to break your encryption.

by jsdevtom

4/10/2026 at 1:43:39 PM

Um. Android has notification history also and I see no similar ability to hide notification content from the system ...

by nixosbestos

4/10/2026 at 1:55:37 PM

Good. The moment they add it, all kinds of apps will start to abuse it, for "sekhurity" (read: engagement) reasons. See e.g. all the apps that now disallow taking screenshots, for no legitimate reason.

Personally I'd be in favor of a hard app store policy, that if an app notifies you about something, all the importantdetails (like full message text) must be included - specifically to allow the user to view the important information without having to open the app itself.

by TeMPOraL

4/10/2026 at 3:29:24 PM

I'm referring to what sounds like a feature of the app, not the OS... The app... already chooses what to send through the OS notification API so I really don't have any idea what scenario you're worried about.

I generally sympathize, I also don't like when apps block screenshots (or even more stupidly, they can block Android's amazing "select text from anywhere" feature...). But I don't think there are similar concerns for Signal allowing me to hide notification content from the OS.

by nixosbestos

4/10/2026 at 5:01:26 PM

Right. I'm saying most apps shouldn't be allowed to send a notification at all if they're not going to put the proper content in it. As it is, many apps already choose to omit notification body, instead supplying nothing or some noninformative text, forcing you to tap through to the app to see what the notification was about. If Signal is doing anything unusual here, is that it has a switch to enable showing actual content.

by TeMPOraL

4/10/2026 at 5:33:48 PM

I get it. I am stubborn. That behavior results in a polite but direct email/review followed by an uninstall. I'm so tired of being treated like disposable crap by everyone trying to make a buck the cheapest and shittiedt way possible.

by nixosbestos

4/10/2026 at 5:01:15 PM

In the Signal app itself there's an option to hide the message body or both the sender and body, that way the OS wont have anything to store in the history.

by gumby271

4/13/2026 at 3:32:43 AM

How do we know the message contents aren't still sent to google? Has someone verified this anywhere publicly?

by ranger_danger

4/10/2026 at 6:34:50 PM

-_- I see it now, on Android. Thanks for prompting me to recheck.

by nixosbestos

4/10/2026 at 3:42:39 PM

Sigh, just the usual. If you don't know the platform's nuances, you are fckd.

by lofaszvanitt

4/10/2026 at 10:24:49 PM

[dead]

by northstar-au

4/10/2026 at 3:20:51 PM

[dead]

by iririririr

4/10/2026 at 1:03:16 PM

[dead]

by dfir-lab

4/11/2026 at 1:22:09 AM

[flagged]

by Ms-J

4/10/2026 at 2:42:39 PM

[flagged]

by _slih

4/10/2026 at 3:06:46 PM

I think you're on the wrong thread?

by loeg

4/10/2026 at 5:50:13 PM

It's an LLM.

by xvector

4/10/2026 at 12:22:17 PM

signal is security theater, and a very bad user experience

by kome

4/10/2026 at 12:35:54 PM

Prove it.

by noman-land

4/10/2026 at 12:56:05 PM

> very bad user experience

"To use the Signal desktop app, Signal must first be installed on your phone."

by rainingmonkey

4/10/2026 at 1:38:40 PM

thank god whatsapp doesn't do that either. or telegram. or allo back in the day, or every single mobile first messaging app

The only one I can think of that doesn't require a mobile login is iMessage, because it's not a chat app, it's lock in and data theft disguised as software

by well_ackshually

4/10/2026 at 3:23:45 PM

XMPP and Matrix don't require a phone number and have fine mobile apps.

by opan

4/10/2026 at 5:52:46 PM

And there's a reason they've achieved precisely zero penetration amongst normies.

A chat app is useless if your friends and family won't use it.

by xvector

4/11/2026 at 10:35:35 AM

I've actually had good luck getting friends and family on Matrix, after they'd previously used either Facebook Messenger or Hangouts.

by opan

4/10/2026 at 3:12:37 PM

I think delta chat is a counter example.

by chanux

4/10/2026 at 3:08:13 PM

Kind of a wake-up call that even "deleted" messages aren't really gone if the OS is caching notification previews — makes you rethink what end-to-end encryption actually protects you from.

by bharat1010