The FBI recovered deleted Signal messages from a suspect's iPhone by extracting data from the device's internal notification database. The messages were preserved because the defendant had not enabled Signal's setting to hide message content from notification previews. Even after Signal was uninstalled, incoming notification data remained cached in iOS storage. The article explores possible technical mechanisms, including BFU/AFU device states, push notification token persistence after app deletion, and law enforcement forensic tools. Notably, Apple changed how iOS 26.4 validates push notification tokens around the same time this case became public.
Table of contents
Notification history was accessed even after Signal was deletedBut how does this internal storage work?Sort: