FBI used iPhone notification data to retrieve deleted Signal messages

Putting on my user hat...

"OK. Signal has forward secrecy. So messages are gone after I receive them. Great!"

Oh, you didn't turn on disappearing messages? Oh, right, then forensic tools like Cellebrite can get them. You have to turn on disappearing messages. The default is off.

Oh, you did turn on disappearing messages? We send the messages in notifications. So the OS can keep them. Turns out Apple was doing that. There is an option you can turn on to prevent that. It is off by default.

"I'll just delete the entire app!" No, sorry, the OS still has your messages...

At what point does the usability get so bad that we can blame the messaging system?

This same app had a usability issue that turned into a security issue just last year:

End to End Encrypted Messaging in the News: An Editorial Usability Case Study (my article)

https://articles.59.ca/doku.php?id=em:sg

Settings > Notifications > Notification Content > Show: "Name Only" or "No Name or Content"

I've had this enabled to prevent sensitive messages from appearing in full whilst showing someone something on my phone, but I guess this is an added benefit as well.

Just curious, how come at least once a month signal bugs me to turn on notifications? I said no for a reason, every single time - why does it keep asking?

Not implying anything evil but it feels a bit weird esp after this.

First, a critical setting for Signal users:

"Signal’s settings include an option that prevents the actual message content from being previewed in notifications. However, it appears the defendant did not have that setting enabled, which, in turn, seemingly allowed the system to store the content in the database."

Second, how can I see this notification history?

> testimony in a recent trial

Court cases are the real way to audit security.

Larping about security and complaining about companies responding to court orders only gets you so far. Its way more useful to look at what actually happens in reality.

"However, it appears the defendant did not have that setting enabled, which, in turn, seemingly allowed the system to store the content in the database."

"[A]llowing the system to store the content in the database" where a third party, such as Apple or a government, can access it is the default

Only a small minority of users know about settings and how to change them. The vast majority of users do not change default settings. Apple knows this

This is one of those cases where the "secure app" narrative collides with how messy real systems actually are

Was this not a known issue (in terms of trade-offs) for years? I recall discussion back in 2018 at least that made mention of this concern.

https://github.com/RealityNet/iOS-Forensics-References https://theforensicscooter.com/2021/10/03/ios-knowledgec-db-...

Original article: FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database[0]

0. https://www.404media.co/fbi-extracts-suspects-deleted-signal...

So this is where we find out the one end of e2e is the phone and not the app.

Semi-related, in whatsapp reading the text in the notification doesn't mark the message as read, so the OS is kinda mitm here.

On Android, when I use WhatsApp and have notifications for groups turned off, I can still see that they arrive briefly and then get removed (the icon top left vanishes). I wonder often, if this is a way to push all group message content into an unencrypted data trace as well - for the same use case.

I wonder why Apple doesn't 'just' delete the notification data associated with the app from the internal database when the user deletes the app? It seems like asking for problems to just keep old notification content around forever.

While it's definitely surprising that the OS caches this data after the notifications have been swiped away, I always thought that notifications are an obvious hole in the whole E2E encryption setup.

Aren’t notifications supposed to be encrypted for Signal?

everyone's arguing about whether apple or the government is to blame. the actual problem is the verification methods themselves. credit card, drivers license, or a pass card. three options that each create a centralized database linking your real identity to your device. age verification is just identity verification with a friendlier name.

the verification accepts other people's credit cards and IDs. so the 'age gate' doesn't even verify the person using the device, just that someone with a credit card touched it once. it's all the privacy cost of an identity check with none of the supposed child safety benefit

We are running out of Murphy's laws for digital communications. People will go back to physical messaging

As an aside, I decrypted an encrypted iPhone backup using a tool from GitHub because I wanted easy access to my Voice Memo recordings.

Photos I had long deleted were still in the backup! It's quite surprising just how much is being stored by the phone.

Sounds like an intentional government feature. Just speculation though. I'm glad I have a Pixel, but I'm on the default OS and need to switch to GrapiousOS (secure version). Just haven't due to lack of nice Google features.

I thought Signal didn’t show message previews by default and you had to go in and enable it? I’ve never had message previews in my Signal and I don’t remember changing anything. Maybe when they introduced the feature, you could pick but they strongly suggested it not showing?

A lot of dumb criminals seem to carry smart phones. The irony.

Terrorism charges. That’s what we should be talking about.

iOS Data Protection — The Four Classes

Data Protection is implemented by constructing and managing a hierarchy of keys, building on the hardware encryption technologies built into Apple devices. It's controlled on a per-file basis by assigning each file to a class; accessibility is determined by whether the class keys have been unlocked.

The four protection classes, from strongest to weakest:

NSFileProtectionComplete — Files are only accessible when the device is unlocked.

NSFileProtectionCompleteUnlessOpen — A file can only be opened when the device is unlocked, but is not closed when the device is locked — it's encrypted when the last open handle is closed. Suitable for data being uploaded in the background.

NSFileProtectionCompleteUntilFirstUserAuthentication — The resource cannot be accessed until after the device has booted. After the user unlocks the device for the first time, the app can access the resource and continue to do so even if the user subsequently locks the device. Fortify This is commonly called AFU (After First Unlock). This is the default class for all third-party app data not otherwise assigned to a Data Protection class.

NSFileProtectionNone — The resource has no special protections. It can be read or written at any time. The encryption only uses a key derived from the device's UID.

The BFU/AFU Distinction — The Heart of the Signal Issue

Apple's iOS devices operate in two key security states that directly impact data accessibility: Before First Unlock (BFU) and After First Unlock (AFU).

When an iPhone is in the BFU state, it has been powered on or rebooted but not yet unlocked with a passcode. In this state, the Secure Enclave does not release the decryption keys needed to access most user data.

Once you've unlocked once (AFU), files protected with NSFileProtectionCompleteUntilFirstUserAuthentication become accessible, the Keychain is available, and background processes and apps can access encrypted content as needed.

The Signal notification content issue connects here because notification data (including previews) stored in the default CompleteUntilFirstUserAuthentication class remains decryptable by any process — including OS-level forensic tools — as long as the phone has been unlocked at least once since the last reboot.

Kind of a wake-up call that even "deleted" messages aren't really gone if the OS is caching notification previews — makes you rethink what end-to-end encryption actually protects you from.

Is there a way to delete all Apple notification history from Apple’s servers?

How convenient that Apple can turn a blind eye to this, and maintain their useful fiction that they don’t provide law enforcement backdoors.

Privacy, that’s Apple: https://www.reuters.com/article/world/exclusive-apple-droppe...

If I have access to the UI, I don't need to break your encryption.

People also got charges in the same case for removing people from a Signal chat

... and I thought I'm turning off notifications for all apps just so I don't get spammed. Looks like the setting is more useful than that.

People who NEED to hide their notifications from iOS have this already disabled.

They rest who "evaluate their threat models" can practice Spy-life-gymnastics by disabling it from Signal.

Reminder that no end-to-end encryption arrangement can do anything before encryption, or after decryption, at the endpoints.

Probably stupid question: why won't they e2e-encrypt push notifications too? The vector is obvious and has been open since forever.

There needs to be a bit more "group chat" control in Signal messages, wherein you could enforce certain settings for certain chats regardless of the phone settings. You could have group chats that would enforce not showing more information in the notifications, while others would still allow it.

Hmmm this is interesting. Because I've long had the complaint that notifications are frustratingly ephemeral. There have been many cases where I've gotten a notification that my phone clearly has but which I can't read, because when I tap it, it's purged permanently, and then I have a spotty internet connection, so I can't see it in the actual app that loaded.

I'm always like "JFC, can't you cache the notifications, so I can see it there while waiting for the app to gets its act together?" But no, that's never an option.

So I'm getting a laugh out of how notifications last long enough to be extracted by someone just not the person that they're for. (Though to be fair, it could be a case of a notification that was never tapped, and therefore hadn't been purged yet. I couldn't tell from the story.)

Sigh, just the usual. If you don't know the platform's nuances, you are fckd.

Um. Android has notification history also and I see no similar ability to hide notification content from the system ...

signal is security theater, and a very bad user experience

This is one of those cases where the "secure app" narrative collides with how messy real systems actually are

Was this not a known issue (in terms of trade-offs) for years? I recall discussion back in 2018 at least that made mention of this concern.

https://github.com/RealityNet/iOS-Forensics-References https://theforensicscooter.com/2021/10/03/ios-knowledgec-db-...

iOS Data Protection — The Four Classes

The four protection classes, from strongest to weakest:

NSFileProtectionComplete — Files are only accessible when the device is unlocked.

NSFileProtectionNone — The resource has no special protections. It can be read or written at any time. The encryption only uses a key derived from the device's UID.

The BFU/AFU Distinction — The Heart of the Signal Issue

Apple's iOS devices operate in two key security states that directly impact data accessibility: Before First Unlock (BFU) and After First Unlock (AFU).

Kind of a wake-up call that even "deleted" messages aren't really gone if the OS is caching notification previews — makes you rethink what end-to-end encryption actually protects you from.

Is there a way to delete all Apple notification history from Apple’s servers?

How convenient that Apple can turn a blind eye to this, and maintain their useful fiction that they don’t provide law enforcement backdoors.

Privacy, that’s Apple: https://www.reuters.com/article/world/exclusive-apple-droppe...

If I have access to the UI, I don't need to break your encryption.

People also got charges in the same case for removing people from a Signal chat

... and I thought I'm turning off notifications for all apps just so I don't get spammed. Looks like the setting is more useful than that.

I'm always like "JFC, can't you cache the notifications, so I can see it there while waiting for the app to gets its act together?" But no, that's never an option.

Sigh, just the usual. If you don't know the platform's nuances, you are fckd.

Putting on my user hat...

"OK. Signal has forward secrecy. So messages are gone after I receive them. Great!"

Oh, you didn't turn on disappearing messages? Oh, right, then forensic tools like Cellebrite can get them. You have to turn on disappearing messages. The default is off.

"I'll just delete the entire app!" No, sorry, the OS still has your messages...

At what point does the usability get so bad that we can blame the messaging system?

This same app had a usability issue that turned into a security issue just last year:

End to End Encrypted Messaging in the News: An Editorial Usability Case Study (my article)

https://articles.59.ca/doku.php?id=em:sg

People keep pushing signal because it is supposedly secure. But it runs on platforms that are so complex with so much eco system garbage that there is no way know even within a low percentage of confidence if you've done everything required to ensure you are communicating just with the person you think you are. There could be listeners at just about every layer and that is still without looking at the meta-data angle which is just as important (who communicated with who and when, and possibly from where).

The median user isn't going to change default settings, so your app is as secure as whatever the default it.

Settings > Notifications > Notification Content > Show: "Name Only" or "No Name or Content"

I've had this enabled to prevent sensitive messages from appearing in full whilst showing someone something on my phone, but I guess this is an added benefit as well.

Just to clarify, this is within the Signal app settings—not the OS (iOS or Android) system settings.

Critical distinction, as merely changing OS notification settings will simply prevent notification content from being displayed on-screen.

Fwiw, in my Signal app on Android this setting is in

Settings > Notifications > Messages > Show

Disable Apple Intelligence summaries for sensitive app notifications too.

Originally enabled it just to avoid awkward moments

I guess enabling Lockdown mode might avoid this particular issue too, together with a bunch of other stuff?

WhatsApp supports this too.

Settings > Notifications > Show preview

This seems to be the default for me, at least on Android.

Just curious, how come at least once a month signal bugs me to turn on notifications? I said no for a reason, every single time - why does it keep asking?

Not implying anything evil but it feels a bit weird esp after this.

Signal developer here. It's just because notification reliability is always a top support complaint, and a lot of people turn off notifications and don't realize they've done so. Admittedly, once a month is likely too aggressive.

> why does it keep asking?

Why does any software keep asking you to do things you explicitly told them you don't want to do? Because it's in the software developer's best interest to get you to do them, not yours. We've gotten way past the point in software where we no longer expect the software to serve the user's interest and solve the user's problems. Now, the expectation is that the user gets nagged and coerced into serving the software's interest and solving the developers' problems.

EDIT: Looks like a developer confirmed this in a sibling comment already: It nags you because that solves their support problem.

Pretty sure that's just iOS behavior + app design. If notifications are off, apps will occasionally prompt again to make sure you didn't disable them by accident or miss something

Messaging platforms where people receive and promptly respond to messages are more successful in the long run. That's why SMS overtook email. If you own a messaging platform there isn't anything inherently nefarious about pushing people to enable notifications.

Reminds me what Whatsapp if you set up a 2FA PIN, which forces you to type it about every week to check if you forgot it. So annoying.

First, a critical setting for Signal users:

Second, how can I see this notification history?

Not sure if it's exactly the same, but I had to add a When notification arrives with <message>, do <action> event trigger in my Crank macOS app (https://lowtechguys.com/crank) so I can show you how to do it on macOS:

      HOURS=6
      EPOCH_DIFF=978307200
      SINCE=$(echo "$(date +%s) - $EPOCH_DIFF - $HOURS * 3600" | bc)

      sqlite3 ~/Library/Group\ Containers/group.com.apple.usernoted/db2/db \
        "SELECT r.delivered_date, COALESCE(a.identifier, 'unknown'), hex(r.data)
        FROM record r
        LEFT JOIN app a ON r.app_id = a.app_id
        WHERE r.delivered_date > $SINCE
        ORDER BY r.delivered_date ASC;" \
      | while IFS='|' read -r cfdate bundle hexdata; do
          date -r $(echo "$cfdate + $EPOCH_DIFF" | bc | cut -d. -f1) '+%Y-%m-%d %H:%M:%S'
          echo "  app: $bundle"
          echo "$hexdata" | xxd -r -p > /tmp/notif.plist
          plutil -p /tmp/notif.plist 2>/dev/null \
            | grep -E '"(titl|title|subt|subtitle|body|message)"' \
            | sed 's/^  */  /'
          echo "---"
      done

Basically, notifications are in an sqlite db at ~/Library/Group Containers/group.com.apple.usernoted/db2/db and are stored as plist blobs.

In recent years, filesystem paths for system services have started to converge for both macOS and iOS so I'm thinking with jailbreak you could get read access to that database and get the same data out of it.

On android there are apps that let you see the history - i use NotiStar occasionally to see if i unwittingly dismissed important notifications. And i believe there are apps/settings that help you clear the history from the device.

But this is a reminder that these centralized notification infrastructure (FCM and APNs) store notification content (if the app is told to send content in it - signal with option enabled wouldn't send content) even if we clear local history these middleman still hold it

So I wonder about this. The quote from the 404 media article [0] is:

“We learned that specifically on iPhones, if one’s settings in the Signal app allow for message notifications and previews to show up on the lock screen, [then] the iPhone will internally store those notifications/message previews in the internal memory of the device,” a supporter of the defendants who was taking notes during the trial told 404 Media

The default setting appears to be to only show notification preview when unlocked. Will that notification still be stored unencrypted in notification storage or is it in an encrypted store because it will preview after unlock?

It makes sense that any notification that previews on the lock screen would be unencrypted (including the case where it is encrypted but the encryption key is adjacently stored).

This all reads to me that this was a user induced OPSEC issue and Signal had the right defaults.

[0] https://archive.is/bSQhD#selection-619.0-622.0

On a Pixel, I can see some history by going to

Android > Settings > Notifications > Manage > Notification History

You don't, at least not without forensics tools

On android its quite easy. There is a page of a protocol address that has all notifications show. I used to have a shortcut to it. It has been years since I was on android.

But it was really useful each time I did not see a notification in time.

Edit: typo

I wonder how long does the system store those notifications

> testimony in a recent trial

Court cases are the real way to audit security.

Larping about security and complaining about companies responding to court orders only gets you so far. Its way more useful to look at what actually happens in reality.

I know it’s not germane to the Signal issue, but this caught my eye, “who previously pleaded guilty to providing material support to terrorists”.

The case comes with a long statement about the Antifa “organization”. Just your weekly reminder we are living under an Orwellian administration. https://www.justice.gov/opa/pr/antifa-cell-members-convicted...

Yes and no. Court cases certainly will disclose what capabilities various parties have come up with when it comes to security. However, there are documented cases where the government chooses to abandon prosecution for the sole purpose of preventing disclosure of some of their cyber capabilities.

True, court cases are one of the few times details actually surface

The recent Trivy / LiteLLM mess was also a security thing, and seems rather different.

The problem is that, in the current environment of dishonest and corrupt states, "what actually happens in reality" isn't the same as what happens in court because of parallel construction.

"However, it appears the defendant did not have that setting enabled, which, in turn, seemingly allowed the system to store the content in the database."

"[A]llowing the system to store the content in the database" where a third party, such as Apple or a government, can access it is the default

Only a small minority of users know about settings and how to change them. The vast majority of users do not change default settings. Apple knows this

“Only a small minority of users know about settings and how to change them. The vast majority of users do not change default settings.”

Even worse, whatever critical settings you may set as a sophisticated user will frequently be reset, or changed, or re-organized under different settings… And of course, set back to insecure defaults… With subsequent software updates.

This is a regular occurrence with Firefox and privacy settings.

Whatever the actual impetus is, we should act as if this is intentional.

If you care about security at all, you disable any previews on the lock screen. The lock screen is by definition visible to anyone without any authorization. Showing anything on it immediately destroys any secrecy. It must be obvious to anyone capable of elementary logic inference.

If you don't know how to disable it, you use your favorite search engine / LLM / knowledgeable relative to find out, and disable it.

But if you just didn't pay attention, "never thought about it", you don't care about security, and no amount of technical means would help, sorry.

> Only a small minority of users know about settings and how to change them.

I couldn't believe this so went to look up some data on this.

Holy FUCK that is bleak. There needs to be way more computer education, not just "how2type" classes.

Original article: FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database[0]

0. https://www.404media.co/fbi-extracts-suspects-deleted-signal...

That's unfortunately less informative if you aren't already one of their subscribers.

So this is where we find out the one end of e2e is the phone and not the app.

Semi-related, in whatsapp reading the text in the notification doesn't mark the message as read, so the OS is kinda mitm here.

Signal creates the notification, does it not? That's like claiming `echo "my_private_data" | notify-send` is insecure.

If piping encrypted content resulted in a plaintext notification then you'd have a right to be concerned.

I've never seen this happen, maybe you're seeing the "Fetching messages" notification that sometimes pops up for a second?

If the notification has the data, then yes. It's trivial to create an app that listens to notifications; Samsung even has one themselves called NotiStar that replicates the notification history feature that Android normally has.

I think that's how the Android notification history works. If I uninstall an app, the entries in the history aren't shown anymore. You also have to opt in to notification history and toggling it off and back on clears the old entries. There's also a time window that it keeps entries for: https://source.android.com/docs/core/display/notification-hi...

It's one of those problems where as soon as someone notices, it's crazy that no one noticed. I can't imagine this not being overhauled going forward. It's just a bad way to operate and now it's news.

If it never hits flash that might work, but if it's in flash storage then the block may not be erased by the time its dumped.

I'm not sure precisely how the NAND controller responds to requests for raw data from blocks with "deleted" data. And if this would require decapping the flash.

Some flash will happily let you see the data and delay erasing it.

Generally flash is non deterministic about when blocks even those with entirely stale data are erased . It might be years before the block is reused due to wear leveling algorithms and it might retain data that entire time.

Here's hoping the controller for phones which hold sensitive data are more active

If the "database" works like most other databases (eg. postgres or sqlite), deleting a row doesn't immediately cause the data to be wiped from disk, for performance reasons. Then as others mentioned you have filesystem/SSD logic that does something similar on top of that.

While it's definitely surprising that the OS caches this data after the notifications have been swiped away, I always thought that notifications are an obvious hole in the whole E2E encryption setup.

AIUI, Signal push notifications just saying a message was received. Signal then fetches the E2E encrypted message from the server and decrypts it locally. So Apple/Google cannot read the messages, nor can Signal servers.

Aren’t notifications supposed to be encrypted for Signal?

iOS stores the previously displayed notifications in an internal database, which was used to access the data. It’s outside of Signal’s control, they recommend disabling showing notification content in their settings to prevent this attack vector

You can choose what to show in the notification and there is an option to include the message, so I'm guessing that allowed some unencrypted incoming messages to be read.

This kind of vulnerability is not tied to Signal but all apps which send notification.

They are;

“Messages were recovered from Sharp’s phone through Apple’s internal notification storage—Signal had been removed, but incoming notifications were preserved in internal memory. Only incoming messages were captured (no outgoing).”

ie the messages recovered were 1. incoming 2. stored by the OS after decryption

i also was spooked by the headline :p

I think you're on the wrong thread?

We are running out of Murphy's laws for digital communications. People will go back to physical messaging

Younger people have largely abandonded even physical contact and talk, they ain't going back nowhere.

As an aside, I decrypted an encrypted iPhone backup using a tool from GitHub because I wanted easy access to my Voice Memo recordings.

Photos I had long deleted were still in the backup! It's quite surprising just how much is being stored by the phone.

The opposite, actually. Signal endlessly nags you to turn on notifications, and when you turn them on, previews and content are shown by default. You cannot opt out of the nags.

A lot of dumb criminals seem to carry smart phones. The irony.

Probably, but these are people who are being charged for political "crimes" brought mostly because the government doesn't think people have a right to protest. While it's unsurprising that the citizen who discharged their weapon was tried for this, most of the other folks were just doing run-of-the-mill protest stuff.

I also get that in Texas they are fine "criminalizing" protesting, but that's just part of its hyper-authoritarian "charm", and a lot of us don't think that protesting in itself should be criminal.

Terrorism charges. That’s what we should be talking about.

It sounds like they were considering liberating the ICE concentration camp. If you go down that route, you need to be ready for the terrorism charges. They brought rifles and one of them allegedly shot at a cop.

Personally, it's a moral good to free people from a concentration camp, even if it requires violence to do so. However it's also obvious that when you oppose a State, you get hit with terrorism charges. ...unless you're a jan6er, of course.

People who NEED to hide their notifications from iOS have this already disabled.

They rest who "evaluate their threat models" can practice Spy-life-gymnastics by disabling it from Signal.

What a goofy comment.

The article you're commenting on is about people who obviously would have wanted this disabled, but didn't have it disabled, presumably because they didn't know about this issue.

Reminder that no end-to-end encryption arrangement can do anything before encryption, or after decryption, at the endpoints.

Right. It's purely a protection against MitM snooping. The app has to have the messages in plaintext to display to you via whatever mechanism the OS uses. Seems obvious, but also not, at the same time.

I've found other ways Signal can leak information, even with disappearing messages. It's not the total install-and-be-done privacy screen that some people think it is, and requires a little effort at the user end to fill in a few gaps.

Probably stupid question: why won't they e2e-encrypt push notifications too? The vector is obvious and has been open since forever.

Signal does not send any sensitive information in push notifications sent via APNs [0]. This story concerns the local OS cache of push notifications, which are triggered after E2E decryption has occurred.

[0] https://mastodon.world/@Mer__edith/111563865413484025

The "e" in e2e encryption is a computing device, not the device's user's brain.

This feels like it would run against the “I bought my device, I should control how it behaves” line of thinking.

Um. Android has notification history also and I see no similar ability to hide notification content from the system ...

In the Signal app itself there's an option to hide the message body or both the sender and body, that way the OS wont have anything to store in the history.

Good. The moment they add it, all kinds of apps will start to abuse it, for "sekhurity" (read: engagement) reasons. See e.g. all the apps that now disallow taking screenshots, for no legitimate reason.

Personally I'd be in favor of a hard app store policy, that if an app notifies you about something, all the importantdetails (like full message text) must be included - specifically to allow the user to view the important information without having to open the app itself.

The median user isn't going to change default settings, so your app is as secure as whatever the default it.

Originally enabled it just to avoid awkward moments

WhatsApp supports this too.

Settings > Notifications > Show preview

Signal creates the notification, does it not? That's like claiming `echo "my_private_data" | notify-send` is insecure.

If piping encrypted content resulted in a plaintext notification then you'd have a right to be concerned.

What prevents the phone from taking screenshots of you reading the messages in the app?

The actual one end is the phone, not the app, period.

I've never seen this happen, maybe you're seeing the "Fetching messages" notification that sometimes pops up for a second?

It's one of those problems where as soon as someone notices, it's crazy that no one noticed. I can't imagine this not being overhauled going forward. It's just a bad way to operate and now it's news.

> I can't imagine this not being overhauled going forward.

On which end, Apple or Signal? Because neither Apple nor Google will overhaul this behavior, the FBI asked for it directly: https://arstechnica.com/tech-policy/2023/12/apple-admits-to-...

If it never hits flash that might work, but if it's in flash storage then the block may not be erased by the time its dumped.

I'm not sure precisely how the NAND controller responds to requests for raw data from blocks with "deleted" data. And if this would require decapping the flash.

Some flash will happily let you see the data and delay erasing it.

Here's hoping the controller for phones which hold sensitive data are more active

But you can do other things to mitigate this. For instance, give each app a set of rolling daily encryption keys, and encrypt new messages at rest. Remove the app, remove all keys. Nightly, remove the oldest key. Perhaps have the entire key database either stored in Secure Enclave, or if there isn't room, have the key database itself encrypted by a rotating single key in Secure Enclave. Now there's nothing that an attacker can do.

AIUI, Signal decrypts the E2EE message locally, but then sends the decrypted message to iOS in order to display the notification to the user. iOS then stores this data and it persists after the user dismisses the notification.

This makes sense and there's really no way around it without a change from Apple. If iOS is going to show the user a Signal notification with the decrypted message in the notification body, then iOS must be given the decrypted message. iOS could (and probably should) delete that data off the device as soon as the user dismisses/engages with the notification. But it sounds like they do not.

They do control the content on the notification. It's a bit odd to put the sensitive text in the notification only to recommend disabling it at the system level.

You can choose what to show in the notification and there is an option to include the message, so I'm guessing that allowed some unencrypted incoming messages to be read.

Sibling comment explains. The notification does arrive encrypted and is decrypted by an app extension (by Signal), however, if the message preview is shown, it is stored unencrypted by iOS. It is that storage that is accessed.

it seems iOS will drop previews into an unencrypted section. which, Is how I expected iOS notification previews to work without unlocking the phone

This kind of vulnerability is not tied to Signal but all apps which send notification.

They are;

ie the messages recovered were 1. incoming 2. stored by the OS after decryption

i also was spooked by the headline :p

I think you're on the wrong thread?

Younger people have largely abandonded even physical contact and talk, they ain't going back nowhere.

The opposite, actually. Signal endlessly nags you to turn on notifications, and when you turn them on, previews and content are shown by default. You cannot opt out of the nags.

According to my setting screen the Show Previews setting is "When Unlocked (Default)".

Screenshot of notification settings page: https://files.catbox.moe/3gwjoy.png

I also get that in Texas they are fine "criminalizing" protesting, but that's just part of its hyper-authoritarian "charm", and a lot of us don't think that protesting in itself should be criminal.

What a goofy comment.

The article you're commenting on is about people who obviously would have wanted this disabled, but didn't have it disabled, presumably because they didn't know about this issue.

[0] https://mastodon.world/@Mer__edith/111563865413484025

The "e" in e2e encryption is a computing device, not the device's user's brain.

Right. So I send a push notification with the "silent" flag and encrypted content; the app receives it, decrypts the text, and displays the notification locally. Google/Apple has only ciphertext in their FBI/CIA/NSA-accessible databases.

This feels like it would run against the “I bought my device, I should control how it behaves” line of thinking.

I think it fits in pretty well with Signal. As it stands, a group chat can control when a message is automatically deleted for everyone, so everyone can rely on that being a shared setting. That's an intentional design decision. There's no individual opt-out.

An individual can disable name or content in notifications in iOS, or set "mute messages" for a chat to prevent notifications from appearing for that specific chat, but there's nothing that gives group members any assurance that other group members are doing that.

But it would be pretty well in line with the "I trust my contact with this communication, but only if they're not systematically misled to copy it to readily exploitable insecure storage" line of thinking.

Since the purposes of the program are pretty heavy on private communication, I'm inclined to think that takes precedence here, especially considering the consequences for dropping default message previews versus adding default reveal of supposedly private information.

True, though the device could simply not be connected to that chat if the user doesn't want to implement the policies necessary to access that chat.

The major hole here is that you turn off your notifications and don't have a bunch of database records, but the threat actor somehow finds out who your contacts are, gets a hold of their phone, and can then see all of the messages you sent via their notifications database. So if you want to trust the device for secure communications, you can't do that.

smartphones in general runs against the “I bought my device, I should control how it behaves” line of thinking

In the Signal app itself there's an option to hide the message body or both the sender and body, that way the OS wont have anything to store in the history.

I'm referring to what sounds like a feature of the app, not the OS... The app... already chooses what to send through the OS notification API so I really don't have any idea what scenario you're worried about.

I generally sympathize, I also don't like when apps block screenshots (or even more stupidly, they can block Android's amazing "select text from anywhere" feature...). But I don't think there are similar concerns for Signal allowing me to hide notification content from the OS.

signal is security theater, and a very bad user experience

Just to clarify, this is within the Signal app settings—not the OS (iOS or Android) system settings.

Critical distinction, as merely changing OS notification settings will simply prevent notification content from being displayed on-screen.

Wait so if I do iOS setting notifications > never show previews it’s still caching them in the background? Unencrypted?

Signal should switch the default to being less verbose.

When you put it up against each other it makes perfect sense, but I would never have thought about it in that way!

Thank you for adding this to the conversation.