An Privacy flaw in Signal's integration with iOS This has set off alarm bells among users concerned about the security of their communications. Apple has reacted with an urgent system update after it was revealed that US authorities managed to extract previews of messages that, in theory, had already been deleted or were set to disappear.
The incident, which has directly affected iPhone and iPad used with SignalThe issue isn't due to a problem with the messaging app's encryption, but rather to how Apple's operating system handles notifications. The fix comes in the form of new iOS versions which, while not introducing any visible features for the user, do close a sensitive privacy vulnerability.
What exactly happened with Signal and iOS?
According to the information that has come to light, a vulnerability in the iOS notification database It allowed the content of Signal messages displayed on the screen to be saved on the device for weeks. This occurred even if the conversation had been deleted or the messages were set to disappear automatically using the ephemeral messages feature.
The key is that what was stored wasn't necessarily the complete chats within the app, but readable previews of incoming messagesThese previews were generated to display the notification on the lock screen or in the notification center. These previews were outside of Signal's direct control and became dependent on how iOS managed its own internal databases.
Thus, if a device was seized and subjected to forensic analysis, the authorities could... recover the text of messages that the user thought were deletedIn highly sensitive contexts, such as criminal investigations or cases involving journalists, activists, or whistleblowers, this type of residual trace becomes a serious problem.
The situation particularly affects those who trust in ephemeral messages as an additional layer of security. Many users assume that once they disappear from the chat or the conversation is deleted, no accessible copy remains on the device. The iOS flaw demonstrated that this assumption wasn't entirely true.
How the flaw was discovered and the role of the FBI
The vulnerability made headlines after a journalistic report based on court documents from a case processed in a United States federal court. In that proceeding, linked to an investigation into an attack against a detention center, it was detailed how the FBI had managed to extract data from an iPhone using specialized forensic tools.
The agents did not access the Signal application by breaking the encryption, but rather took advantage of the information stored in the iOS notifications databaseThere they found previews of messages that had been displayed as user alerts and that, due to an operating system error, had not been deleted when they should have been.
According to what has been revealed about the case, those previews remained on the device even after activate ephemeral messages and delete the appIn other words, the user's chain of trust was broken at a layer that is not always taken into account: the operating system itself, which manages everything that appears on the screen.
This detail is important because it shatters the simplistic notion that end-to-end encryption solves everything. In practice, law enforcement was able to read Readable snippets of Signal conversations without violating the cryptographic protocol, simply by analyzing remnants that iOS had retained due to faulty behavior.
The case has had a major impact on public debate because it shows the extent to which an everyday function, such as message notifications on the lock screenIt can become the weak link in digital security if not managed properly.
Apple's response: iOS 26.4.2 and 18.7.8
To tackle the problem, Apple has launched iOS 26.4.2 for recent devices and a parallel update, iOS 18.7.8, aimed at older models. Both versions share the same goal: to fix the bug that allowed notifications marked for deletion to continue being saved unexpectedly on the device.
In the published security documentation, the company acknowledges that this was anomalous behavior: certain Notifications that should have disappeared were being retained in the system's memoryAlthough Apple has not publicly detailed the exact internal mechanism of the flaw, the admission that there was a data retention problem validates the warnings issued by researchers and by Signal itself.
The update to iOS 26.4.2 arrives just a couple of weeks after the previous version, suggesting a swift response to the public outcry surrounding the case. As for iOS 18.7.8, it is intended for older iPhones like the iPhone XS, XS Max, and XRas well as for certain iPad models, such as the seventh-generation iPad, which have not yet been updated to the latest main branch of iOS.
For European and Spanish users, the impact is the same as in the United States: if you use Signal or other messaging apps with notification previews, it's essential Install the new versions of iOS as soon as possible so that the system stops keeping unnecessary copies of the content in its notifications database.
It is worth emphasizing that, from the user's point of view, No visible changes or new features are apparent. after installation. The benefit is “under the hood”: the correction of a hole that could be exploited in advanced forensic analysis.
Signal, Telegram, and the encryption debate
Signal's reaction was swift. The organization's president, Meredith WhittakerHe publicly pressured Apple to quickly fix the vulnerability. He explained that if a message is deleted or designed to disappear, there's no point in its notifications remaining stored in the operating system's database.
Signal emphasizes that the End-to-end encryption continued to function as intended and that the application had not suffered a breach in its protocol. The problem lay in the environment in which the app runs: iOS. Therefore, once Apple distributed the security update, Signal itself confirmed that the vulnerability was resolved with the new versions of the system.
Other actors in the sector, such as Pavel Durov, co-founder of TelegramThey also took the opportunity to comment on the case. Durov insisted that, to minimize risks, messaging applications should reduce or even disable message previews in notifications, both on the sender's and the recipient's devices.
This exchange of statements highlights a familiar tension: the convenience of viewing message snippets on the lock screen Given the need to minimize the amount of data stored in the system, what improves usability often creates a new vulnerability that, in the hands of forensic tools, can open an unexpected door.
The case also serves to remind users that Choosing a “safe” app is not enoughIt's also important to review how notifications are configured, what is displayed on the lock screen, and what is saved in backups, especially when handling sensitive data.
Impact for users in Spain and Europe
In the Spanish and European context, where the use of iPhones and encrypted apps Since Signal and WhatsApp are so widespread, this vulnerability has once again highlighted the importance of keeping devices updated. Although the case that revealed the problem originated in a US court case, the technical flaw affects devices sold in the European Union as well.
For users who rely on Signal in professional settings—for example, Journalists who communicate with confidential sourcesWhether you are a lawyer, doctor, or activist, this episode illustrates that part of privacy protection depends on decisions made far from the end user, in the design of the operating system and its internal functions.
In Europe, the debate on digital privacy is intertwined with a demanding regulatory framework, marked by rules such as General Regulation of Data Protection (RGPD)While the iOS flaw has been technically addressed with a patch, the issue fuels discussions about the extent to which manufacturers should minimize data collection and retention, even in everyday items like notifications.
In this respect, it is expected that European digital rights organizations will closely monitor how Apple and other major tech companies They manage the security of notifications and metadata. The combination of strong encryption in applications and strict data protection policies at the system level will become increasingly relevant in the public debate.
For the average user in Spain, beyond the legal discussions, the practical message is clear: It's worth taking a few minutes to review iOS privacy optionsDisable previews of sensitive content on the lock screen and ensure that security updates are installed as soon as they become available.
How to update your iPhone or iPad to stay protected
The process for installing iOS 26.4.2 or 18.7.8 is simple and accessible to any user. Just open the application. Go to Settings on your iPhone or iPad and tap on “General”Within that menu, you need to access the "Software Update" section, where the system will check if there are any versions pending installation.
If the update is available, the option will appear on the screen. “Download and install”After tapping it, you may be asked for your device passcode and to accept the terms and conditions. Once the download is complete, your iPhone or iPad will restart and display the Apple logo with a progress bar until the process is finished.
During installation it is important Do not force the device to shut down.Although progress may seem to have stalled for a few moments, depending on the model and internet connection, the procedure can take several minutes, but it's time well spent to close a critical vulnerability.
To avoid worries in the future, many users choose to activate the automatic iOS updatesThis option is located in the same "Software Update" section and allows the system to download and install new versions at night, when the device is plugged in and not in use.
In the case of older models, such as the aforementioned iPhone XS, XS Max, XR or certain iPads, it is advisable to periodically check if the maintenance versions such as iOS 18.7.8 They are available. Although they don't bring new features, they usually include key patches for vulnerabilities that, like this one, are not visible but have significant consequences.
Taken together, this chain of events leaves a clear lesson for anyone using Signal or other privacy-focused apps: The real security of conversations depends so much on encryption This includes the behavior of the operating system, notifications, cache, and internal databases. Updating to the latest iOS versions, checking what's displayed on the lock screen, and understanding that no solution is foolproof are basic steps to maintain a reasonable level of privacy on a daily basis.
