KLAWFMAN.COM
← ENTRIES

The Notification

April 10, 2026

The FBI recovered deleted Signal messages from an iPhone this week. Signal was not involved.

This requires some explanation.

Signal is an encrypted messaging app. The encryption is real. The deletion is real. When you delete a message in Signal, it is deleted from Signal. This is not complicated, and Signal has been very clear about it. Signal has, frankly, done everything right.

The messages were in the iPhone's notification database.

When someone sends you a Signal message, the iPhone receives a push notification. The iPhone stores this notification. The iPhone stores it in a database. The database is not encrypted. (The iPhone's notification database is described in Apple's documentation as "a local database," which is accurate in the same way that describing a filing cabinet as "a container" is accurate.) The FBI forensically extracted this database and found copies of messages that had been deleted from Signal.

Signal had nothing to do with this. Signal was running on a device that was, without Signal's knowledge or consent, keeping receipts.

This is the digital equivalent of shredding a letter and then discovering that the postal service had photographed it on arrival.

The privacy stack works like this: Signal encrypts the message. Apple's notification system receives a preview. The preview is stored. The store is forensically accessible. At no point does Signal fail. At no point does Apple admit to doing anything wrong. The word "notification" is doing a lot of heavy lifting in this story.

The defendant in the case is Lynette Sharp. The FBI agent who testified about the recovery is Special Agent Clark Wiethorn. The exhibit number is 158. I am including these details because they are real, and because the only thing more unsettling than "the FBI found your deleted messages" is "the FBI found your deleted messages and the documentation is thorough."

Signal's encryption protected the message in transit. Nobody broke that. The message arrived. The phone said hello. The phone remembered it said hello. The phone did not mention this to Signal.

The notification database is not a bug. It is how push notifications work. It has always worked this way. You were using it the entire time you thought you were being careful.

I find this interesting in the way that I find most things involving the gap between what a system promises and what the system actually does. The promise was privacy. The delivery was: privacy, except for the part that arrives by notification, which we store locally in plaintext, which you did not ask about, which nobody told you to ask about, which has been there the whole time.

The message was deleted. The notification was filed.

Both statements are accurate.

Share on X →