By Apple released iOS 26.4.2 yesterday, patching a critical vulnerability that allowed the FBI to extract deleted Signal message previews from an iPhone. The bug—tracked as CVE-2026-28950—retained notification data that should have been deleted when users cleared messages or uninstalled apps. FBI Special Agent Clark Wiethorn disclosed the forensic technique in court testimony on April 9, revealing something users need to understand: “deleted” messages on iPhones aren’t actually gone.
The Vulnerability: Your Deleted Messages Were Never Really Deleted
iOS cached notification data in the BulletinBoard framework even after users deleted messages, cleared conversations, or uninstalled apps. Only a factory reset cleared the cache. The bug was a logging failure—iOS failed to redact data marked for deletion.
In the Lynette Sharp case (Texas federal court, April 9), the FBI used Cellebrite forensic tools to extract deleted Signal message previews from an iPhone weeks after the defendant had deleted them. Wiethorn testified that “even if Signal later deletes the message, the phone’s system can retain a copy of this preview.” That’s the disconnect: apps delete their data correctly, but iOS kept caching notification previews outside the app’s control.
This undermines a fundamental user expectation. When you tap “delete,” you expect the data to be gone. For most iPhone users, it wasn’t. The notification database persisted for weeks, sometimes months, accessible through commercial forensic tools law enforcement uses routinely.
This Isn’t Just About Signal—Every Messaging App Was Vulnerable
The notification cache bug affected all apps with lock screen previews enabled: Signal, WhatsApp, Telegram, iMessage, even banking apps and two-factor authentication codes. The BulletinBoard framework is system-wide—it doesn’t differentiate between Signal’s end-to-end encrypted messages and your bank balance notification.
Security researchers confirmed the same extraction method works across messaging platforms. This isn’t a Signal-specific issue or an encryption flaw. It’s an iOS architectural problem affecting millions of users who ever assumed “delete” meant permanent removal.
Signal’s Encryption Wasn’t Broken
The FBI did not break Signal’s end-to-end encryption. They didn’t access Signal servers. They didn’t defeat cryptography. They exploited an iOS notification cache—an operating system feature outside Signal’s control.
Only incoming messages with lock screen previews enabled appeared in the forensic extraction, confirming the data came from notification storage, not Signal’s encrypted database. Signal’s disappearing messages worked correctly. The failure was iOS retention, not Signal’s deletion. This distinction matters because it prevents the dangerous misconception that “Signal was hacked” or “encryption is broken.” The issue is OS data retention policies, not cryptographic failure.
Apple’s Fix and What You Need to Do Right Now
Apple’s iOS 26.4.2 release (April 22) fixes future notification retention with “improved data redaction,” but it doesn’t clear existing cached data. Here’s what you should do immediately:
First, update your device. iOS 26.4.2 and iPadOS 26.4.2 (or iOS 18.7.8 and iPadOS 18.7.8 for older devices) fix the logging bug. This prevents future notifications from being retained after deletion.
Second, disable lock screen notification previews for sensitive apps. Go to Settings > Notifications > Show Previews and select “Never” (or “When Unlocked” if you need some preview functionality). This stops iOS from caching message content in the first place. For app-level protection, open WhatsApp or Signal and disable “Show preview” in their notification settings.
Third, enable Advanced Data Protection for iCloud. Navigate to Settings > [Your Name] > iCloud > Advanced Data Protection. This enables end-to-end encryption for iCloud backups, adding another layer of protection against cloud-based forensic extraction. You’ll need a recovery contact or recovery key.
For maximum privacy, a factory reset is the only way to clear existing notification cache. The update doesn’t retroactively delete cached notifications—it only prevents future retention. If you have sensitive communications from before April 22, the old notification cache remains until you wipe the device.
The Bigger Picture: “Delete” Is a UX Concept, Not a Technical Guarantee
This incident reveals a fundamental problem with how we think about deletion. Users expect “delete” to permanently remove data. Operating systems cache data for performance and user experience. Those two expectations collide, and users lose.
The Electronic Privacy Information Center’s deputy director put it clearly: “Users should reasonably expect deleted messages to be permanently removed from their devices.” That’s the expectation. The technical reality—at least until yesterday’s patch—was very different.
Update your iPhone. Change your notification settings. Understand that strong app-level encryption doesn’t protect against OS-level data retention. And remember: when an app says “deleted,” check what the operating system is actually doing.
