Apple fixes bug that cops used to extract deleted chat messages from iPhones(techcrunch.com)

473 pointsby cdrnsf8 hours ago26 comments

dlcarrier8 hours ago
This was a bug that left it cached on the device. Apple and Google have put themselves in the middle of most notifications, causing the contents to pass through their servers, which means that they are subject to all the standard warrantless wiretapping directly from governments, as well as third-party attacks on the infrastructure in place to support that monitoring.
If you don't want end-to-end messages made available to others, set your notifications to only show that you have a message, not what it contains or who its from.
- gruez8 hours ago
  > Apple and Google have put themselves in the middle of most notifications, causing the contents to pass through their servers, which means that they are subject to all the standard warrantless wiretapping directly from governments, as well as third-party attacks on the infrastructure in place to support that monitoring.
  >If you don't want end-to-end messages made available to others, set your notifications to only show that you have a message, not what it contains or who its from.
  This incorrect on two counts:
  1. As per what you wrote immediately before the quoted text, the issue was that the OS keeps track of notifications locally. Google/Apple's notification servers have nothing to do with this
  2. It's entirely possible to still have end-to-end messaging even if you're forced to send notifications through Google/Apple's servers, by encrypting data in the notification, or not including message data at all. Indeed that's what signal does. Apple or Google's never sees your message in cleartext.
  - saagarjha6 hours ago
    If Signal wants to show you a notification with message text, it needs to put it on the screen through an OS service. That service was storing the plaintext on the device.
    avianlyric5 hours ago
    Through an OS service yes, but not a hosted backend service. Obviously that service has store the notification in plaintext (although everything on an iPhone is encrypted at rest, but notification crypto keys have to stay in active memory for the lock screen to work), otherwise it wouldn’t be able to display the notification text.
    Apple support applications sending encrypted notifications, where the OS launches the app the decrypt the notification body locally and pass it back to the OS for display.
    wpm4 hours ago
    This is correct, but my understanding of it is that the push notification (which is not the same thing as the actual "Notification" that is shown on the screen) basically contains a "hey $DEVICE, go talk to $APP_NOTO server they got something for you".
    APNS just taps on the device's metaphorical shoulder and hands them a courtesy phone "call for you sir"
    Vinnl5 hours ago
    Yes, but that service is running locally.
    dmitrygr3 hours ago
    > it needs to put it on the screen through an OS service. That service was storing the plaintext on the device.
    Technically, so can the OS's text drawing primitive while drawing Signal's UI.
  - mdavidn7 hours ago
    You are correct, but you omitted one complication: Clients trust Google's and Apple's servers to faithfully exchange the participants' public keys.
    pcl7 hours ago
    Apps (such as Signal) that care about end-to-end encryption do their own key management. So, Apple / Google servers only ever see ciphertext, and don't have access to the key material that's used for the encryption.
    toast07 hours ago
    Afaik, e2e messengers don't include ciphertext with push notifications. It's an empty push to wake the client. Then the client contacts the origin to fetch the ciphertext.
    saagarjha6 hours ago
    This is how it used to work; notifications can be encrypted now and Signal uses an extension to decrypt them.
    xmx987 hours ago
    Sending public keys through the notification system is an unnecessary complication.
    soamv7 hours ago
    Which clients?
    ls6127 hours ago
    Isn’t that what Contact Key Verification solves? Or do I misunderstand how that works?
    qurren7 hours ago
    ... and hold participants' private keys truly private, which you cannot verify without a rooted phone.
  - totetsu3 hours ago
    What about when my notifications are showing up on my MacBook next to the phone via mirroring?
    ChadNauseam3 hours ago
    talking totally out of my ass, but apple seems to have robust infrastructure for e2ee communication between your devices, for example it is known that location information in find my is not visible to apple. I’d be surprised if the channel to send iphone notifications to your mac wasn’t also e2ee
    zadikian2 hours ago
    Unless something has changed since I last did this, the app's server initiating the apns doesn't encrypt using some public key for the destination. So no e2ee at that layer. But you could encrypt the payload and have the app decrypt it if you're managing the keys yourself.
- asteroidburger7 hours ago
  Both Apple and Google offer the ability for your app to intercept and modify messages before being displayed. Use that to send encrypted messages and decrypt them there, using your own code on the user’s device.
  - Zak7 hours ago
    That framing Makes it sound like the app developer has to do something active to keep message cleartext out of notifications. That's not how it is on Android.
    A Firebase Cloud Messaging push notification contains what the app developer's server puts in it. That could include the message body or it could just be an instruction to the app to poll the server for new messages. It has nothing to do with the notification that's displayd on an Android device. Those are entirely local.
    An app that cares about privacy wouldn't send anything more than a poll instruction over FCM.
    avianlyric5 hours ago
    You can implement either approach on iOS as well.
    But if you have strong end-to-end encryption for messages, then you don’t have to care about the transport anymore, you assume they’re all compromised. At that point you might as well use the push notification system as your transport, given both OSs allow applications to intercept the push notification locally and decrypt it before it’s displayed to the user.
    asteroidburger2 minutes ago
    Plus, decrypting using a key stored locally cuts out a network roundtrip, which has battery and data usage impacts.
    saagarjha6 hours ago
    This has performance/reliability tradeoffs.
  - ls6127 hours ago
    In fact this is what both iMessage and Signal (and maybe Whatsapp too but I can’t tell from a quick google) do.
- BLKNSLVRan hour ago
  > set your notifications to only show that you have a message, not what it contains or who its from.
  I'm pretty sure that's the default in GrapheneOS. Or at least that's how mine behaves.
- 1r0nym4n5 hours ago
  Right, it would be too hard to just have a server send a notification and to jumble that notification locally with the read of the unlocked message without it going through Apple/Google servers.
- ya3r2 hours ago
  Telegram secure chat messages do this by default.
- unethical_ban5 hours ago
  Incorrect. At least according to the Matrix (chat) app FAQs I have read recently.
  With Matrix apps, certain metadata is pushed from the chat server, to a push server, through Google and then to my device. But the message is not part of that data - it's E2EE. What happens is the app wakes up from the metadata notification, and then fetches the message and displays it in the notification field.
  Your last point is correct, at least until/unless this is remedied in Android, too.
- sneakan hour ago
  This is misinformation, and is false.
  For many apps, they choose to do it this way. For most e2ee apps, they do not. The notification displayed on screen does not need to be the notification pushed through APNS.
- xmx987 hours ago
  You are right in that it is Google’s and Apple’s OS notification api, and we do give them the plaintext messages.
- asdfman1237 hours ago
  Seems like you should use an app like Signal for anything sensitive at all so you don't have to worry about megacorp ecosystems as much.
  - jdwithit7 hours ago
    As mingus88 said, this story is literally in response to Apple leaking messages sent through Signal. Doesn't matter if the message is securely transmitted if the operating system then keeps it lying around in plain text in a cache.
    From the linked article:
    > The independent news outlet reported that the FBI had been able to extract deleted Signal messages from someone’s iPhone using forensic tools, due to the fact that the content of the messages had been displayed in a notification and then stored inside a phone’s database — even after the messages were deleted inside Signal.
    stavros7 hours ago
    You can easily configure Signal not to show the message contents if you want, though.
    barbsan hour ago
    That's what Signal does on my iPhone, I thought it was the default?
    jim334427 hours ago
    The original comment mentions this but gives the wrong reasoning. The APNs are encrypted either way, but this setting prevents Signal from decrypting them client-side and letting the notification cache store it. Yeah this is more secure because it means not trusting Apple to do their job right with local storage, but it's also kind of a reasonable thing to trust.
    QuantumNomad_4 hours ago
    Except even when you turn off message previews, it has to be specifically from within Signal settings. Not the iOS settings for notifications for the Signal app. To the user it looks the same, so it’s easy to make the mistake of turning off the previews in iOS settings instead of from within Signal settings. I didn’t even know there was a difference between the two until the recent posts about it.
  - mingus887 hours ago
    Nope, Signal messages were stored in the phones notification DB even after the app was deleted
    https://www.404media.co/fbi-extracts-suspects-deleted-signal...
    7 hours ago
    undefined
    Slash324 hours ago
    totally agree
  - ryanisnan7 hours ago
    This is also an oversimplification. If I understand the issue correctly, the notification with the message contents was what was cashed locally and then accessed. This same vulnerability would exist with Signal if you had the notifications configured to display the full message contents. In this case, it has nothing to do with either Apple or Signal.
    7 hours ago
    undefined
  - 7 hours ago
    undefined
6thbit8 hours ago
The "bug" discussed in the article is only part of the problem.
The main problem, which is notifications text is stored on a DB in the phone outside of signal, is not addressed. To avoid that you have to change your settings.
In this case, the defendant had deleted the signal app completely, and that likely internally marks those app's notifications for deletion from the DB, so the bug fixed here is that they were not removing notifications from the local database when the app that generated them was removed, now they do.
```
  Impact: Notifications marked for deletion could be unexpectedly retained on the device
  Description: A logging issue was addressed with improved data redaction.
  CVE-2026-28950
```
They classify this as "loggging issue" so it sounds like notifications were not actually in the database itself but ended up in some log.
- firesteelrain3 hours ago
  This tweet seems to imply it’s logs, json, plist and SQLite DB.
  Biome — /private/var/mobile/Library/Biome/streams/.../Notification/segments/ — the raw title/body logs
  2. BulletinBoard + UserNotificationsCore — /var/mobile/Library/{BulletinBoard,UserNotificationsCore}/.{json,plist} — delivered + dismissed state
  3. CoreDuet — /var/mobile/Library/CoreDuet/coreduetdClassD.db — SQLite that re-ingests Biome events
  https://x.com/zeroxjf/status/2047081983449178128?s=46
  - saagarjhaan hour ago
    I don’t think they are correct
- concinds7 hours ago
  You're speculating. "Marked for deletion" could mean after you dismiss it, not just after you delete the whole app.
  - 6thbit6 hours ago
    i'll speculate further: it could've been on the dismiss notification code, and when you delete the app the OS dismisses the removed app's notifications, triggering the same code path.
    in this case as per reporting, defendant removed the app. unclear if they first dismissed them.
- twoodfin7 hours ago
  SQLite WAL?
- saagarjha6 hours ago
  Why do you think they aren't the same thing?
nxobject8 hours ago
Note that Signal offers the option to use generic “You’ve received messages” notifications - it’s good practice in general.
- thire32 minutes ago
  That's the first thing that came to mind. Glad that they already thought about it!
- sunnybeetroot8 hours ago
  So does every app, go to iOS settings > notifications shows previews > never.
  - rvnx8 hours ago
    Most likely changes the preview on the client-side, but the message is still full on the server-side
    33 minutes ago
    undefined
  - Barbing8 hours ago
    Is setting it from Signal directly more trustworthy?
    Or maybe it’s impossible for iOS to store the preview content if it never showed in the first place, but not sure if it’s even documented.
  - elashri8 hours ago
    I wish it can be disabled for particular apps and not an all or nothing situation.
    Barbing8 hours ago
    Can be!
    Settings > Apps > choose an app > Lock Screen Appearance: Show Previews - Never
    bradyd8 hours ago
    That setting is available for each individual app.
modeless8 hours ago
Oh, I was originally confused about this because I had thought the push notifications were end-to-end encrypted, so they couldn't be cached in readable form by the push notification service, and only decrypted by the app on device upon receiving the notification. But it seems like after the notification was decrypted by the app and shown to the user using OS APIs, the notification text was was then stored by the OS in some kind of notification history DB locally on the device?
- saagarjha6 hours ago
  Something of that sort.
- bigyabai5 hours ago
  > I had thought the push notifications were end-to-end encrypted
  Much of the metadata is plaintext, in both Apple and Google's Push Notification architecture.
  - modeless4 hours ago
    My understanding is that in Signal's implementation of push notifications the message text is end-to-end encrypted by Signal and decrypted on device by the Signal app. The decryption is not handled by the OS's push notification system.
    tadfisher4 hours ago
    If I am reading this right, your understanding is incorrect. Signal's "new messages" push message payload is empty. Upon receiving a message of this type, the Signal app wakes up, fetches the actual messages, and (optionally) displays local notifications for them.
    At no point does the push message payload contain message text or metadata, encrypted or not.
    thire30 minutes ago
    So that means iOS is caching the local notifications, not the push event... I wonder why it was needed to begin with, especially for a month
pixel_popping8 hours ago
In privacy circles, this was always known, as Google/Apple often sends notification content to their servers (which means that it bypass the App realm).
Some people talking about it (different but in the same scope of issue): https://blog.davidlibeau.fr/push-notifications-are-a-privacy...
- massel8 hours ago
  I expect that Signal encrypts the notification data prior to sending it to Apple, then decrypts it on-device using a Notification Service Extension – this is a common pattern to avoid trusting Apple with any sensitive data.
  That would mean Apple stored the cleartext on-device after decryption.
  - eggnet7 hours ago
    Signal doesn’t provide anything in the message other than… “there are pending messages.” Signal wakes up, fetches them, then generates notifications on the phone itself.
- 6thbit8 hours ago
  in the case reported the content did not leave the device. feds retreived them directly from the phone.
- rvnx8 hours ago
  + Messengers like Snapchat and WhatsApp;
  despite "end-to-end" encryption (for WhatsApp) they are sending copy of some messages based on keywords to authorities, PRISM-like.
  Officially to protect kids, but who knows what is in this keywords list.
650REDHAIR3 hours ago
I’m frustrated that Signal isn’t notifying users about this.
I disabled notifications and instead Signal reminded me to re-enable them…
random33 hours ago
Makes you think what’s the biggest concerns wrt Mythos — is it finding or fixing the vulnerabilities that’s scarier :))
chislobog5 hours ago
Looking at the detritus in the filesystem on Jailbroken iOS devices you will observe that iOS decides to vacuum, purge, and let linger all sorts of databases and logs until something triggers a cleanup which is usually time or an iCloud sign-out induced erase and subsequent sync. People have been complaining for years about excessive phantom “system storage” and “other data.” Interestingly the photos thumbs database can grow seemingly indefinitely in size for some weeks or more if you’re regularly deleting all of your photos and saving to photos from apps or taking photos. I suspect that there a lot of behavioral data records that is left on most devices until a convenient period of inactivity passes and the possible user behavior analysis and reporting functions of iOS allow whatever cleanup happens after processing on device. It would be useful to capture iCloud backup restores from physical devices to corellium virtual devices with some creative matching of your existing idevices identifiers. Could see what triggers a cleanup during backups, local or otherwise, get a good look at what is being restored from iCloud. I also think it’s possible that iCloud can sync a database, say safari bookmarks, pushing it to the device inducing a state where the device bookmarks are moved to inaccessible tables and left there, unavailable to the end user, but not out of sync with the current active session state. Of course this is just my musing based on observations of weekly ffs extractions of a few devices over the last 5 years.
- handedness5 hours ago
  My observations from when I daily drove iOS (no more) mirror yours: the incredible amount of cruft that would accumulate was astonishing. At one point I had a device that was majority full of system storage and other data. The same was true across family devices, too.
  Some years ago I stopped depending on Apple's purchased downloaded movies for long flights, after an instance of having the files downloaded to the device beforehand, but Apple deciding I didn't have the DRM keys to play said files during a long transoceanic flight. I then moved to storing DRM-free movies in VLC, but iOS prioritized keeping system storage and other data cruft around, and wiped VLC's stored files. Talk about paying for an expensive device and media you don't really own.
  I'd imagine the metadata picture that could be synthesized from that data could be extensive in some cases. This stuff is hard and I'm sure there are good reasons for caching things, especially on a device positioned to primarily act as a readily available front end for online stores, but I have a hard time believing that Apple's executing it well.
itopaloglu838 hours ago
Thankfully Apple backported the fix the iOS 18 as well.
- ilikepi8 hours ago
  Not only that, but iOS 18.7.8 actually seems to be available to devices capable of running iOS 26 without any workarounds, unlike 18.7.3 through .6. It makes me wonder if those intermediate releases really were supposed to be available but weren't due to some issue on the distribution side that no one bothered to fix.
  - lynndotpy7 hours ago
    Very serious vulns were being exploited in the wild, I think that's what forced their hand. I don't think Apple ever had a discrepancy like the one with iOS 18.7.3 through .6 being held back.
    For those on iOS 18, beware that the update to iOS 18.7.8 will toggle Automatic Updates back on. Make sure to switch it back off so you don't wake up to a nasty surprise when iOS 26 is non-consensually forced onto your iPhone.
  - itopaloglu837 hours ago
    I think that was another attempt by Apple to push users to iOS 26, but after seeing how many people with compatible devices refuse to upgrade, they finally caved in and provided an update.
    lynndotpy7 hours ago
    They caved, but they're still pulling out new tactics to trick users into installing iOS 26.
    The new iOS 18 update will _also_ toggle Automatic Updates back on. I had it happen just now on my 13 Mini against my will. I had to go back into settings and very carefully navigate to disable automatic updates.
  - layer87 hours ago
    There seems to have been a change of mind, maybe also due to the severity of the exploits. The non-availability of security updates for models that are upgradable to a newer major version has been Apple's practice for many years now.
    The way major upgrades are presented in the Settings UI makes it clear that users installing these security updates while not upgrading to a newer major version do so very intentionally. So Apple is now supporting these users deliberately.
varun_ch7 hours ago
This makes me wonder: Cellebrite makes tools for law enforcement to break into iPhones, likely exploiting weaknesses/vulnerabilities. Does Apple buy Cellebrite’s tools and reverse engineer them? Or would they not have a way of acquiring them legally?
- kstrauser4 hours ago
  I can’t imagine a scenario where Apple couldn’t legally buy them on the grey market. I can imagine it being illegal to sell them, like contractual restrictions blocking purchasers from reselling them. But short of the tools being a munition or controlled substance, you can buy whatever you want.
- saagarjha6 hours ago
  Cellebrite sells their lower-level devices to Apple directly for things like data transfer at Apple Stores. The ones above that are unlikely to be sold to Apple.
  - tredre35 hours ago
    > Cellebrite sells their lower-level devices to Apple directly for things like data transfer at Apple Stores.
    Please substantiate that claim. Why would Apple need mystical third party devices to transfer data? They've designed both the user devices and the software, and they're both capable of exchanging data, and I'm sure Apple can do even more once they put the devices in diagnostic mode. What am I missing? What is Cellebrite providing here?
    avianlyric5 hours ago
    Because it’s a pain in the arse to design, manufacture and build a specialist device just for use in your stores.
    I’m sure Apple could do everything that box does and more. But why bother designing, building and manufacturing your own specialist device when someone else already sells a perfectly good tool that does the job.
    Don’t forget this is for use in a retail store by people who will have been given 5mins training on how to use the device. You want something that just requires a person to plug two phones in and hit a big “go” button. And it needs to work 99% of the time with zero messing around.
    dewey4 hours ago
    They built specialized tools to update iOS through the cardboard box without opening it before it goes on sale. I’m sure they can build something with a big “go” button if it’s important.
    Petersipoi4 minutes ago
    Nobody is arguing whether or not Apple could build the box. Apple could do almost anything that another company does. "Why doesn't Apple build their own planes to ship iPhones". Well, obviously because it's way cheaper, faster, and rational to use the perfectly good existing planes/boxes/you-name-it.
    RulerOfan hour ago
    They did?
    jackvalentinean hour ago
    Yes!
    https://www.macworld.com/article/2107557/iphone-ios-update-i...
    https://talk.macpowerusers.com/t/apples-in-box-device-update...
  - jrflowers5 hours ago
    Do you have a link that talks about this in more detail?
- bilbo0s7 hours ago
  I bet Apple has access to Mythos now.
  Not saying they should use it to reverse engineer hacking tools.
  Just saying they have access to Mythos now.
  - klausa2 hours ago
    You bet that the company that was prominently mentioned as a parter in the announcement for a thing, has access to that thing?
    Wow, such a risky bet, I'm not sure it'll pay off.
  - 6 hours ago
    undefined
kippinsula5 hours ago
every time something like this surfaces I'm reminded how many privacy guarantees end at the app boundary. you can do all the e2e crypto you want, the OS layer is going to do whatever it does with your strings once they hit a render path. probably an unsolvable category of bug as long as notifications need to show readable text somewhere.
- riddlemethat5 hours ago
  If you want security through obscurity you can revert to IPoAC (RFC 1149).
  - Razengan3 hours ago
    Speech capable avians can spontaneously leak secrets
- Razengan3 hours ago
  > probably an unsolvable category of bug as long as notifications need to show readable text somewhere.
  Let screens always show garbled pixel vomit, decoded on device only by your private AR glasses
  - kippinsulaan hour ago
    threat model just shifts to whoever has a camera pointed at your face, but probably still an improvement.
shumatsumonobu4 hours ago
Apps can't tell iOS "don't keep this notification past display," so the payload just gets cached. Classic "deleted doesn't mean deleted" problem — the data lives in more places than you'd think. Good catch by Signal.
trinsic24 hours ago
I would never rely on a closed system for secure messaging to many unknowns.
- dewey4 hours ago
  And yet iOS is probably the most secure mobile platform for secure messaging. Especially in lock down mode.
  - trinsic22 hours ago
    Except, you cant really verify all of that. so IMHO that's just speculation based on the surfacing of news which can easily be distorted. Or maybe you can. Is there any sources on people that have evaluated the security of these features.
    dewey2 hours ago
    You can’t verify that even on an open OS as there will still be closed hardware blobs. At least with popular systems there’s a lot of state level hacking activity so zero days get patched routinely. Also Apple has a program for researchers where they get more access to the system (That program was criticized heavily though for the way it was implemented).
    It’s not a perfect system so right now you still have to trust someone at some point in the chain.
skrtskrt7 hours ago
It's not new that push notifications should be presumed to be insecure, with their content passing through - and probably persisted - outside the app sandbox and anything in control of in-app encryption.
Apple should have fixed this long ago (not that you can trust a closed system), but Signal should also have strong guardrails & warnings around allowing message content in push notifications.
benjx884 hours ago
Anthropic Mythos at work! iOS is so good and well built that only 1 bug was found and those patch. "It's either all a joke ... or none of it is." -Bruce Banner
- mplewis3 hours ago
  What did Anthropic have to do with any of this?
  - benjx882 hours ago
    It was an attempt at humor and banter, should've flag that or something.
maerF0x08 hours ago
Cat and Mouse, good. This is the adversarial setup that results in a better outcome for all.
unethical_ban8 hours ago
I wonder if the same flaw exists on Android/GrapheneOS.
classified25 minutes ago
Good. Now, are they fixing any of their other gazillion bugs?
ghstinda5 hours ago
I like apple, but would never trust them with privacy. NYPD uses ISMI catchers and other tech. This is a nothing burger or nothing donut.
cubefox7 hours ago
It is completely unclear from this article whether this means Apple does no longer cache dismissed notifications somewhere.
4 hours ago
undefined
tcfhgj7 hours ago
bug or backdoor?
- 6thbit7 hours ago
  "Never attribute to malice that which is adequately explained by stupidity."
takihito42 minutes ago
[dead]
ashishb6 hours ago
This has nothing to do with Apple/Firebase notification service.
It has to do with the fact that any notification displayed on your device goes via a separate system service which was caching them.
It is amusing to see how often people confuse device notifications with Apple notification service.
aucisson_masque6 hours ago
> This was because notifications that displayed the messages’ content were also cached on the device for up to a month.
Why can't we have notification history just like on Android then. It's very useful when you dismiss a notification you didn't want to, or you look for some old stuff.
lynndotpy7 hours ago
Heads up. They have released an iOS 18 update (good!) but, and please bear the caps:
UPDATING IOS WILL ENABLE AUTOMATIC UPDATES TO IOS 26.
(Bad!) This is a new shady tactic they're using trying to get iOS 18 users to install iOS 26.
- layer87 hours ago
  This was already the case for 18.7.7. However, after turning automatic updates off in 18.7.7, after updating to 18.7.8 it remained off (reproducibly on several devices I updated). Maybe there is a one-time flag that is set so that after turning off automatic updates after having been turned on automatically, they aren't automatically turned on again on subsequent updates.
  - lynndotpy6 hours ago
    Huh, my experience was the opposite. I don't think Apple undid my setting with iOS 18.7.7, but they did with iOS 18.7.8.
- xmx987 hours ago
  Thanks for the warning!
- jim334427 hours ago
  Avoid iOS 26 at all costs. I was forced to update to it because I needed to factory reset my phone, and it's super buggy. I'm not even one of those people harping on the Liquid Glass design decisions, those are w/e, the problem is just that the phone routinely freaks out doing basic tasks like trying to open the camera app or close the keyboard. They should roll it back.