Apple fixes bug that cops used to extract deleted chat messages from iPhones

Original Article ↗ Hacker News Discussion ↗

Nature of the Bug and Fix

  • iOS cached notification payloads (including message text) in local databases/logs for up to about a month.
  • Even after Signal messages were deleted or the app uninstalled, message contents could be recovered from this cache with forensic tools.
  • Apple’s update changes this so notifications “marked for deletion” are actually removed or better redacted; classified as a logging issue.
  • Some commenters note it’s unclear whether all dismissed notifications are now fully purged, or only some paths.

Push Notifications, Caching, and Privacy

  • Many participants stress that OS-level notification systems sit outside app-level E2E encryption and can log plaintext once rendered.
  • There is confusion and disagreement over how APNs/FCM work:
    • Some claim notification content typically passes through Apple/Google in plaintext.
    • Others emphasize that privacy-focused apps can send empty or encrypted payloads and generate local notifications on-device.
  • Several highlight that even timing and existence of notifications constitute sensitive metadata.

Signal and Other Messengers

  • Signal’s push payloads are described as empty “wake” signals; the app fetches encrypted messages and generates local notifications itself.
  • However, if Signal is configured to show full message previews, those previews were still cached by iOS and became recoverable.
  • Users note that disabling previews inside Signal (not just iOS settings) is important, and that this distinction is non-obvious.
  • Comparisons are made to WhatsApp, Telegram, Matrix, Snapchat; many consider some of these unsuitable for strong guarantees.

Platform and OS Trust Concerns

  • Recurrent theme: E2E crypto is limited by what the OS does with decrypted text (notifications, logs, knowledge databases, sync).
  • Some see this as an inherent, hard-to-solve category of risk so long as the OS is closed-source and heavily logs behavior.
  • Others argue iOS remains one of the more secure platforms, but acknowledge users ultimately must trust Apple’s claims.

iOS Versions, Auto-Updates, and UX

  • Apple backported the fix to iOS 18, but some report that updating re-enabled automatic updates and pushed toward iOS 26.
  • Experiences differ on whether auto-updates get silently toggled back on; some call this manipulative.
  • iOS 26 is described by some as buggy and to be avoided for now.

Forensics, Cellebrite, and “Bug vs Backdoor”

  • The extraction described used standard forensic tools (e.g., Cellebrite, Magnet) on an unlocked or accessible phone, not server-side access.
  • Some wonder whether such bugs are accidental or deliberate “bugdoors”; others invoke the “stupidity over malice” explanation.
  • There is debate over Apple’s relationship with forensic vendors and whether Apple might acquire or analyze their tools.