Apple Resolves Critical Bug Allowing Extraction of Deleted iPhone Messages
Apple has recently addressed a significant security vulnerability affecting iPhones and iPads, which permitted law enforcement agencies to retrieve messages that users had deleted or that had automatically disappeared from messaging applications. This issue arose because the content of these messages, when displayed in notifications, was inadvertently stored on the device for up to a month.
In a security advisory, Apple acknowledged that notifications marked for deletion could be unexpectedly retained on the device. This statement directly refers to a problem highlighted earlier this month by 404 Media, an independent news outlet. Their report revealed that the FBI had successfully extracted deleted Signal messages from an individual’s iPhone using forensic tools. The extraction was possible because the message content displayed in notifications was stored within the phone’s database, even after the messages were deleted within the Signal app.
Following these revelations, Meredith Whittaker, president of Signal, urged Apple to rectify the issue. She emphasized that notifications for deleted messages shouldn’t remain in any OS notification database.
The exact reason why notification content was logged remains unclear, but the recent fix indicates that Apple considered it a bug. The company has also extended this fix to users operating on the older iOS 18 software.
Privacy advocates have expressed concern over the FBI’s ability to circumvent a security feature relied upon by at-risk users. Messaging apps like Signal and WhatsApp offer functionalities that allow users to set timers for automatic message deletion. This feature is particularly valuable for individuals seeking to maintain the confidentiality of their conversations, especially if their devices are seized by authorities.
