FBI Exploits iPhone Push Database to Pull Signal Messages

The FBI used a forensic method to retrieve deleted Signal messages from a defendant’s iPhone in a terrorism-related case. According to testimony relayed by 404 Media, agents did not recover content from the Signal app itself. Instead, they extracted message text from iOS’s hidden push-notification data storage, which can keep incoming notification content for up to about a month. The device had Signal deleted, but the notification database still held message previews/content. The FBI reportedly used specialized forensic tools with physical access to the iPhone to pull the data directly from that system-level store. The article notes that iOS notification storage affects many messaging apps, making this an iOS design issue rather than a Signal-specific encryption break. Signal’s end-to-end encryption was described as intact: the FBI’s approach intercepted content outside Signal’s control, through iOS notification handling. There is a Signal setting to block message content from appearing in push notifications, but the defendant allegedly had not enabled it. The article also says users can disable this notification content storage feature. Telegram CEO Pavel Durov responded publicly on X, arguing that Telegram’s Secret Chats never display message content in push notifications (a design choice dating back to 2013). He criticized Signal’s dependencies on US tech companies (naming AWS, Microsoft, and Intel SGX) and framed the incident as a dependency/design gap. This is tied to a Texas case involving alleged vandalism at an ICE detention facility and the shooting of a police officer, and it is described as a first prosecution under the Trump administration’s “Antifa” terrorist designation.