Apple security update shuts door on notification database data leaks

An iOS and iPadOS bug allowed notifications to linger even after the app was deleted

A new iOS update patches a security issue where the notification log was exposed where it should have been deleted. The issue became well known after the FBI used it to extract Signal messages from a suspect's phone.

Michael Allison, Published 04/23/2026 🇩🇪 🇪🇸 ...

Apple has released an iPhone security update that addresses a bug which would allow notification content to be extracted from iPhones even if the app had been deleted. The vulnerability was exploited by the FBI, which used it to pull a suspect’s Signal message logs from the iPhone.

Apple’s release notes say regarding the issue: “Notifications marked for deletion could be unexpectedly retained on the device.” With the update, there is now “improved data redaction,” presumably referring to the company now keeping data that should be private, private.

The issue came to wider attention in mid-April, when it emerged that investigators had retrieved message content by accessing a phone’s stored push notification database. Crucially, that data remained available even after Signal itself had been removed from the device.

Signal Foundation President Meredith Whittaker commented that the behaviour runs counter to the app’s privacy expectations, stating on X: “Notifications for deleted messages shouldn’t remain in any OS notification database, and we’ve asked Apple to address this.”

Apple’s latest iOS update, iOS 26.4.2, as detailed above, appears to be the company’s response to the issue.

Signal is an encrypted messaging app built around privacy, so it would be concerning to both users and the company if that privacy could be breached — or sidestepped, as it was in this case. It’s worth noting that this issue would not be limited to Signal alone, but potentially any app whose notification content is logged and stored by iOS — at least before the patch.

The episode highlights a familiar tension in mobile security, encrypted apps can only protect data up to the point where the operating system stores it. In this particular case, the weakness wasn’t in the messaging app, Signal, but in how the OS itself handled what was left over.

As with most security flaws, the concern isn’t just who found it first, it’s who else might have found it later. Apple’s patch closes that door, even if the legitimacy of the circumstances around how it was used are likely to remain debated.

Source(s)

Apple

⟨

Microsoft Gaming rebranded as Xbox ahead of Project Helix console release date

Onyx's Boox Leaf5+ eReader tries to fill the hole left by the Kindle Oasis

⟩

Add as a preferred source on Google

Loading Comments

Comment on this article

Michael Allison - Tech Writer - 17 articles published on Notebookcheck since 2026

Michael is a tech writer with experience spanning over 10 years. His work has appeared in publications like Android Central, Digital Trends, TechRadar, and The Register over the lifetime of his career. When not writing about tech, he can be found reading novels, watching movies, or playing a mobile game.

contact me via: @MichaelAllison_, Threads, LinkedIn

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2026 04 > Apple security update shuts door on notification database data leaks

Michael Allison, 2026-04-23 (Update: 2026-04-24)

Source(s)

Related Articles