On April 22, Apple released an out-of-cycle update for iOS and iPadOS to fix a bug that could preserve incoming Signal notifications, and potentially from other apps, even when marked for deletion. In some cases, that content could remain in the operating system’s notification database even after messages were deleted or the app was uninstalled.

As we reported earlier, according to 404 Media the FBI exploited this situation in at least two legal proceedings, recovering the text of messages that users believed were no longer available. The problem didn’t affect Signal’s encryption, which remains intact, but rather how iOS handled certain push notifications: if the message content was shown in the preview, the system could save it outside the app’s boundaries.

This is a technical but important distinction. Signal can delete a message from its own app and protect it with end-to-end encryption during transmission, but it can’t control everything the operating system does with a notification once received. That’s where the bug came in: the message disappeared from Signal, but a copy of it could remain elsewhere.

What changed with the patch

The bug is tracked as CVE-2026-28950 and was fixed on April 22 in iOS 26.4.2, iPadOS 26.4.2, iOS 18.7.8, and iPadOS 18.7.8. Apple described the issue as a “logging issue,” resolved through better data redaction, explaining that notifications marked for deletion could be unexpectedly retained on the device.

The patch does more than prevent new notifications from being retained. Signal clarified that once the update is installed, notifications already saved in error are deleted, and future ones should no longer be retained for deleted apps. Apple, according to 404 Media, also indicated that the update retroactively removes improperly saved notifications.

The fix is available for both the current iOS line and devices still on iOS 18. This is a relevant detail, because it extends the fix to installations not updated to the latest main branch. Public pressure had grown following 404 Media’s coverage and after Signal’s president Meredith Whittaker highlighted that notifications related to deleted messages should not remain in any operating system database.

A matter of boundaries

This case highlights something security-conscious developers know well, but often escapes users: encrypted messaging apps control only what happens within their own boundaries. Once content enters operating system territory, notifications, backups, clipboard, keyboards, previews, it follows that system’s rules too.

Signal’s encryption was and remains solid. The problem was elsewhere. You didn’t need to break Signal if the message text had already been copied into a notification retained by iOS.

For those using disappearing messages as part of a real security strategy, the guidance is straightforward: update immediately and verify that automatic updates are enabled. As a precaution, it’s also worth reviewing Signal’s settings: in Notifications preferences you can set the display to “Sender only” or “No name or message”, preventing message text from being exposed in system notifications.