this post was submitted on 07 Apr 2026
143 points (98.0% liked)

Technology

83569 readers
2264 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
143
Signal messages retrieved from iOS notification, as seen in Prairieland federal trial (media.fedia.io)
submitted 15 hours ago by frocalannifo@fedia.io to c/technology@lemmy.world
44 comments fedilink hide all child comments
 

TLDR: signal content in Apple notification can be retrieved even after signal app deletion.

I saw from this reddit thread: Signal messages retrieved from iPhone after uninstalling app. : signal

Referencing this news article: Pretti Killing May Affect ICE Prairieland "Antifa Cell" Terrorism Trial

The mention of signal is in court documents here: March 10: Federal Trial Day 12 - Support the Prairieland Defendants

Signal chat evidence from Sharp’s device (Exhibit 158):
Messages were recovered from Sharp’s phone through Apple’s internal notification storage — Signal had been removed, but incoming notifications were preserved in internal memory. Only incoming messages were captured (no outgoing).

top 44 comments
sorted by: hot top controversial new old
[–] TheFrirish@tarte.nuage-libre.fr 3 points 3 hours ago

Honestly I have a much much much MUCH MUCH bigger issue with the fact that it is an American and Centralised service.

FBI still can't access it though.

[–] ZoteTheMighty@lemmy.zip 21 points 9 hours ago (1 children)

But Apple told me in an ad that they're better for privacy?!?

[–] Chais@sh.itjust.works 2 points 5 hours ago* (last edited 5 hours ago)

And you believed that?? Do you also believe Micro$lop when they tell you that Windows is the best OS?

[–] SnoringEarthworm@sh.itjust.works 52 points 12 hours ago* (last edited 12 hours ago) (4 children)

Basically, they didn't do this:

(I'm on Android, so I don't know what the options look like in iOS, but they should be identical.)

[–] napkin2020@sh.itjust.works 2 points 45 minutes ago* (last edited 45 minutes ago)

They shouldn't have had to do this though.

[–] Kupi@sh.itjust.works 5 points 5 hours ago* (last edited 5 hours ago)

They are similar

[–] Bazoogle@lemmy.world 16 points 10 hours ago (2 children)

You also don't need to do this on Android unless you are concerned about random people seeing the messages on your screen. Signal on Android does not use Google's push notification service

[–] Quexotic@infosec.pub 2 points 15 minutes ago

You most certainly do. I looked in my notification history in my founding of signal messages.

Then I turned off my notification history.

[–] electric_nan@lemmy.ml 3 points 9 hours ago (2 children)

It's not about how it's pushed. It's how it's displayed (and stored) on the phone.

[–] mic_check_one_two@lemmy.dbzer0.com 0 points 6 hours ago* (last edited 6 hours ago) (1 children)

It’s both. Governments have started subpoenaing the push notification servers for data, instead of targeting individual devices. That little pop-in that says who the message was from, and maybe a little bit of the body of the text? Yeah, the push notification server handled that, and the government has access to that server. So any notification you see on your screen, you can be pretty positive that the government has also seen.

But this is about the notification data being stored in a part of the phone that isn’t encrypted. Signal is (or at least claims to be) E2E encrypted, so it shouldn’t be possible for a warrant to get access to the messages in the app. But since the phone is storing those notifications in a separate area (which isn’t encrypted), the warrant was able to read them.

The point is that there are two different attack vectors, and you should harden your device against both.

[–] Auli@lemmy.ca 1 points 20 minutes ago

This doesn't make sense as the whole phone is encrypted. Do what magical unencrypted space is it stored. The push notification server yes that is an issue

[–] Bazoogle@lemmy.world -1 points 9 hours ago (1 children)

Source? I am not seeing anything about that. The only problem I have seen on Android is when applications use firebase for notifications, which is most play store apps to be fair, just no FDroid apps or some privacy preserving apps

[–] electric_nan@lemmy.ml 3 points 8 hours ago (1 children)

Android Settings>Notifications>History. If this is on, you can clearly see past Signal notifications, including sender name and message preview (if you enabled those in Signal). I don't know whether there is any 'hidden' history/cache that is stored even with notification history disabled.

[–] Bazoogle@lemmy.world -3 points 8 hours ago* (last edited 8 hours ago) (2 children)

I know about the setting. Why are you saying that information is sent to Google's servers? As far as I have found, that information is only stored locally on your phone

Edit: If this is just about the fact it's on the phone locally, of course if they have your actual phone they can see it. Signal is end to end encrypted, but it isn't go to be encrypted on each end, otherwise you couldn't read messages. Them getting your actual phone is very different from them intercepting the communication without you knowing

[–] electric_nan@lemmy.ml 5 points 7 hours ago

Read the original story. This whole thing is about retrieving data from the phone itself, not from Apple or Google servers.

[–] nforminvasion@lemmy.world 3 points 7 hours ago

The issue is that even if a message is deleted, message content can be retrieved through notification history.

[–] RIotingPacifist@lemmy.world 19 points 12 hours ago

It would be nice if Signal let you do this per conversation.

It's sort of a victim of its own success, I use it for both things that do and don't require opsec

[–] HumbleExaggeration@feddit.org 30 points 13 hours ago* (last edited 6 hours ago) (1 children)

So you are telling me an app is encrypting the shit out of every message so it can secretly delivered to another person. An then the persons phone decrypts the message and broadcasts it to an apple server, so it can get send back and make the phone go 'ding'?

Shouldnt the notification be handled inside signal somehow, so this is the only app with the decrypted message?

What is next, everything from my ram needs to go through google servers to be transmitted to my display?

[–] RunningInRVA@lemmy.world 35 points 13 hours ago

The Signal server would send a backend notification to the client app via the Apple Push Notification Service. The app is then able to wake up, at which point it fetches new messages (securely) from the Signal servers. The app then generates a local notification with a preview of the received message. iOS is then logging those messages.

[–] scytale@piefed.zip 40 points 14 hours ago* (last edited 13 hours ago) (3 children)

I learned about this a couple of months ago and I've since disabled previews in notifications. It's unfortunately the nature of how notifications are delivered to you. You should be fine by disabling message previews in your notification settings.

[–] in_my_honest_opinion@piefed.social 25 points 14 hours ago (1 children)
[–] spectrums_coherence@piefed.social 7 points 11 hours ago (1 children)

I think on android, signal do not use Google's push notification. They simple send a dummy push, and the signal app wakes up to retrive the latest message directly from signal server.

So Google never have your notification content. I am not sure if they do the same on iOS.

That being said if your attack model includes people reading your notification lock screen, then you should disable showing signal notification.

[–] in_my_honest_opinion@piefed.social 6 points 9 hours ago

The message preview notification is handled similarly in IOS and Android. The issue isn't people seeing the notification, it's that the content of the message being passed to the phone's launcher. Which is unencrypted.

[–] eleijeep@piefed.social 10 points 14 hours ago (1 children)

Does that actually prevent the app from sending the content through Apple’s servers or does it just prevent iOS from showing it in the notification area?

[–] Bazoogle@lemmy.world 2 points 14 hours ago

The only way apple is seeing it is when the notification is displayed. It only sees the contents of the notification itself. So it would still see who sent you a message, but it wouldn't say what it was

[–] Bazoogle@lemmy.world 6 points 14 hours ago* (last edited 14 hours ago) (1 children)

It's worth noting apps can avoid this on Android: https://tuta.com/blog/google-push-alternative#alternatives-to-google-push

Any FDroid app cannot use Firebase for push notifications since it's proprietary: https://forum.f-droid.org/t/firebase-allowed-in-fdroid-apps/7540

[–] WhyJiffie@sh.itjust.works 2 points 11 hours ago* (last edited 11 hours ago)

It's not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.

It's because the system saves the notifications apps posted to the notification menu.

but yes. don't use firebase push notifications if you can avoid it. use a unifiedpush based system. base signal app does not support it, only molly. there are some difficulties though with that.

[–] x00z@lemmy.world 8 points 11 hours ago (1 children)

This has been done before and is already pretty well known.

[–] frongt@lemmy.zip 3 points 7 hours ago (1 children)

When I saw it hit the news before, it was because they were reading notifications off Google servers, which contained at least part of the message. Not because they were reading the device's notification history.

[–] x00z@lemmy.world 1 points 45 minutes ago

That's true. Technically it's different. The end result is kind of the same though.

[–] Bazoogle@lemmy.world 8 points 14 hours ago (2 children)

This is not always the same on Android. Any app from FDroid will not use Google's push notification service because it is proprietary, meaning it violates the rules for FDroid. Signal does not use Google's notification service

[–] napkin2020@sh.itjust.works 2 points 43 minutes ago

I'm pretty sure Signal has two builds: one with Google service and one without.

[–] WhyJiffie@sh.itjust.works 2 points 11 hours ago (1 children)

It's not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.

It's because the system saves the notifications apps posted to the notification menu.

[–] Bazoogle@lemmy.world 0 points 11 hours ago (2 children)

It’s not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.

Is is 100% because of firebase. Here is an example payload from firebases official document:

{
  "message":{
    "token":"bk3RNwTe3H0:CI2k_HHwgIpoDKCIZvvDMExUdFQ3P1...",
    "notification":{
      "title":"Portugal vs. Denmark",
      "body":"great match!"
    }
  }
}

https://firebase.google.com/docs/cloud-messaging/customize-messages/set-message-type

Notification history is purely local to the device. It is not sent to any servers.

[–] WhyJiffie@sh.itjust.works 1 points 44 minutes ago* (last edited 44 minutes ago)

that is the documentation of firebase, not signal. firebase just shows a common example there that is easy to implement for beginners and lazy devs. but developers can send whatever they want through firebase. I wouldn't be surprised if that's what facebook messenger is doing, but if a developer cares about their users privacy, they can just send a simple message through firebase, and make the app so that when receiving that, it checks for new messages by itself.

this is what the molly fork does with unifiedpush. the UP server, commonly ntfy.sh, only sees that the mollysocket server sent this to your molly client:

{"urgent": true}

Notification history is purely local to the device. It is not sent to any servers.

I did not claim so. but when your phone is confiscated, it's possible to read that out

[–] olorin99@kbin.earth 2 points 8 hours ago

Notification history is purely local to the device. It is not sent to any servers.

Yes the notifications were retrieved from the phones local storage. Firebase was not involved in anyway.

[–] woelkchen@lemmy.world 10 points 14 hours ago (3 children)

Well, of course. All notification contents go through Apple's servers (or Google's in case of Android).

[–] Bazoogle@lemmy.world 18 points 14 hours ago* (last edited 14 hours ago)

Not all, no. There are alternatives:

The good news is that alternative methods for push notifications are available, namely SSE (Server Sent Events) and WebSockets.

Additionally, a new open source project, UnifiedPush is becoming increasingly popular. UnifiedPush is an open source, private alternative to Google for notifications.

https://tuta.com/blog/google-push-alternative#alternatives-to-google-push

Signal for android uses web sockets for notifications

[–] AbidanYre@lemmy.world 8 points 14 hours ago (1 children)

Why would a notification need to leave my device at all?

[–] Goodlucksil@lemmy.dbzer0.com 6 points 14 hours ago

Because it's FAANG

[–] WhyJiffie@sh.itjust.works 0 points 11 hours ago (1 children)

It's not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.

It's because the system saves the notifications apps posted to the notification menu.

[–] Bazoogle@lemmy.world 1 points 10 hours ago (1 children)

As I already replied om one of youe other comments:

It’s not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.

Is is 100% because of firebase. Here is an example payload from firebases official document:

{
  "message":{
    "token":"bk3RNwTe3H0:CI2k_HHwgIpoDKCIZvvDMExUdFQ3P1...",
    "notification":{
      "title":"Portugal vs. Denmark",
      "body":"great match!"
    }
  }
}

https://firebase.google.com/docs/cloud-messaging/customize-messages/set-message-type

Notification history is purely local to the device. It is not sent to any servers.

[–] frocalannifo@fedia.io 4 points 13 hours ago

Added the full content of the original post to the body of this thread.