Your Phone Notifications Reveal More Than You Realize. Here’s How to Lock Them Down
The trick used by law enforcement? Previews of each incoming Signal message were logged in the notification database kept by iOS. Even though Signal had deleted the conversations, and Signal itself was deleted, this database was still available to the FBI's forensics teams.There is some good news: Apple has pushed out an iOS 26.4.2 update that makes sure notification logs are properly cleaned up after the notifications have expired. Make sure your iPhone is updated (via General > Software Update) and you should be protected against this type of intrusion.Still, the events are concerning for anyone interested in protecting their own privacy. And even though Apple has improved iOS’s housekeeping, there are steps you can take to further minimize your risk in similar circumstances.What Did the FBI Do?Unsurprisingly, the FBI is reluctant to provide step-by-step instructions for how it breaks into smartphones and extracts data. Nevertheless, through reporting by 404 Media and analysis from experts such as cybersecurity specialist Andrea Fortuna, we can make some educated guesses about what happened.What seems clear is that the forensics team didn't break Signal's encryption, or hack into any Signal database, but focused its attention on the database of notifications logged by iOS. It's notable that the FBI could only extract incoming messages rather than outgoing ones, because messages being sent out from a device wouldn't show up in a notification.Given that Apple keeps iOS pretty tightly locked down, it seems likely that the analyzed iPhone was unlocked, or at least in an After First Unlock (AFU) state. When a phone reboots and first presents the lock screen, that's a Before First Unlock (BFU) state—but when you subsequently lock and unlock your phone through the day, that's AFU.Even though an app's messages may be gone, its notifications aren't.Photograph: David NieldBoth states show the lock screen and keep your phone protected from unwelcome visitors, but BFU comes with some extra security and encryption measures. It's one of the reasons Android phones now auto-reboot if they haven't been used for three days—because that very first unlock screen after a restart is slightly more secure.Your friends and family—and probably most of the people likely to steal your phone—will be stumped by both AFU and BFU. But for the advanced hacking tools most probably used by the FBI, BFU presents more of a challenge. We don't know for sure based on the information that's public, but the chances are that the iPhone in this case was in an AFU state or unlocked entirely.The 404 Media report mentions that the FBI had both physical access to the iPhone and “specialized software” to run on it, so this isn't a hack you're going to be hit by often. However, there are ways to make sure your message history can never be recovered.How Can You Protect Yourself?As the Electronic Frontier Foundation notes, we don't know much about the notification logs stored by iOS or Android. One key question is whether or not these logs are backed up to the cloud, which may mean they can be requested by law enforcement. (In the US, both Apple and Google need a judge's order before they'll agree to this.)There's no setting on your phone to wipe these notification logs or to stop them from being created and updated, short of completely resetting your handset. That will clear everything off it, notification logs and all—but it's probably not something you want to have to do every day. The recent iOS security update also takes steps to more effectively clear the logs of notifications that have been marked for deletion.An easier fix is to stop message content from appearing in notifications, so it never gets logged at all. In Signa
Discussion (0)