this post was submitted on 07 Apr 2026
283 points (98.6% liked)

Technology

84354 readers
3485 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
283
Signal messages retrieved from iOS notification, as seen in Prairieland federal trial (media.fedia.io)
submitted 4 weeks ago by frocalannifo@fedia.io to c/technology@lemmy.world
85 comments fedilink hide all child comments
 

TLDR: signal content in Apple notification can be retrieved even after signal app deletion.

I saw from this reddit thread: Signal messages retrieved from iPhone after uninstalling app. : signal

Referencing this news article: Pretti Killing May Affect ICE Prairieland "Antifa Cell" Terrorism Trial

The mention of signal is in court documents here: March 10: Federal Trial Day 12 - Support the Prairieland Defendants

Signal chat evidence from Sharp’s device (Exhibit 158):
Messages were recovered from Sharp’s phone through Apple’s internal notification storage — Signal had been removed, but incoming notifications were preserved in internal memory. Only incoming messages were captured (no outgoing).

top 50 comments
sorted by: hot top controversial new old
[–] SnoringEarthworm@sh.itjust.works 106 points 3 weeks ago* (last edited 3 weeks ago) (6 children)

Basically, they didn't do this:

(I'm on Android, so I don't know what the options look like in iOS, but they should be identical.)

[–] RIotingPacifist@lemmy.world 43 points 3 weeks ago (2 children)

It would be nice if Signal let you do this per conversation.

It's sort of a victim of its own success, I use it for both things that do and don't require opsec

[–] Quill7513@slrpnk.net 8 points 3 weeks ago (1 children)

and on some level it's important for good opsec that things that don't require opsec be done with good opsec

load more comments (1 replies)
load more comments (1 replies)
[–] Bazoogle@lemmy.world 18 points 3 weeks ago (4 children)

You also don't need to do this on Android unless you are concerned about random people seeing the messages on your screen. Signal on Android does not use Google's push notification service

[–] Quexotic@infosec.pub 10 points 3 weeks ago

You most certainly do. I looked in my notification history in my founding of signal messages.

Then I turned off my notification history.

[–] electric_nan@lemmy.ml 7 points 3 weeks ago (8 children)

It's not about how it's pushed. It's how it's displayed (and stored) on the phone.

[–] mic_check_one_two@lemmy.dbzer0.com 4 points 3 weeks ago* (last edited 3 weeks ago) (2 children)

It’s both. Governments have started subpoenaing the push notification servers for data, instead of targeting individual devices. That little pop-in that says who the message was from, and maybe a little bit of the body of the text? Yeah, the push notification server handled that, and the government has access to that server. So any notification you see on your screen, you can be pretty positive that the government has also seen.

But this is about the notification data being stored in a part of the phone that isn’t encrypted. Signal is (or at least claims to be) E2E encrypted, so it shouldn’t be possible for a warrant to get access to the messages in the app. But since the phone is storing those notifications in a separate area (which isn’t encrypted), the warrant was able to read them.

The point is that there are two different attack vectors, and you should harden your device against both.

load more comments (2 replies)
load more comments (7 replies)
[–] Quill7513@slrpnk.net 6 points 3 weeks ago

as far as i know signal uses Google's notification service and if you want it to not you need to use Molly

[–] 0_o7@lemmy.dbzer0.com 5 points 3 weeks ago

Signal on Android does not use Google's push notification service

Source? I'm pretty sure it falls back to a different mechanism when it doesn't find google services. And that is only on the version downloaded from their website.

https://github.com/signalapp/Signal-Android/issues/13290

[–] Kupi@sh.itjust.works 11 points 3 weeks ago* (last edited 3 weeks ago)

They are similar

[–] Crackhappy@lemmy.world 6 points 3 weeks ago

Thank you internet stranger. I'm going to do this but fuck me if I can get my family to change their settings. They don't even know they can create a poll.

Don't ask me. I made all of you admins do I don't have to answer questions like how do I make a poll. Click the + button. Yeah. The one on your fucking screen right now.

No grandpa. We are not trying to figure out who is trans. No popop none of are naxies (I hope)

Anyway, click the +. Right there. That is how you create a poll.

[–] napkin2020@sh.itjust.works 6 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

They shouldn't have have to do this though.

[–] Quill7513@slrpnk.net 8 points 3 weeks ago

there's a lot of things under fascism that shouldn't be needed

[–] blargh513@sh.itjust.works 3 points 3 weeks ago* (last edited 3 weeks ago)

This is the problem, not what is shown in the per-app notifications. Don't turn on notification history.

[–] ZoteTheMighty@lemmy.zip 58 points 3 weeks ago (3 children)

But Apple told me in an ad that they're better for privacy?!?

load more comments (3 replies)
[–] scytale@piefed.zip 53 points 4 weeks ago* (last edited 3 weeks ago) (3 children)

I learned about this a couple of months ago and I've since disabled previews in notifications. It's unfortunately the nature of how notifications are delivered to you. You should be fine by disabling message previews in your notification settings.

[–] in_my_honest_opinion@piefed.social 35 points 3 weeks ago (1 children)
[–] spectrums_coherence@piefed.social 14 points 3 weeks ago (4 children)

I think on android, signal do not use Google's push notification. They simple send a dummy push, and the signal app wakes up to retrive the latest message directly from signal server.

So Google never have your notification content. I am not sure if they do the same on iOS.

That being said if your attack model includes people reading your notification lock screen, then you should disable showing signal notification.

[–] in_my_honest_opinion@piefed.social 9 points 3 weeks ago

The message preview notification is handled similarly in IOS and Android. The issue isn't people seeing the notification, it's that the content of the message being passed to the phone's launcher. Which is unencrypted.

load more comments (3 replies)
[–] eleijeep@piefed.social 12 points 3 weeks ago (1 children)

Does that actually prevent the app from sending the content through Apple’s servers or does it just prevent iOS from showing it in the notification area?

[–] Bazoogle@lemmy.world 6 points 3 weeks ago

The only way apple is seeing it is when the notification is displayed. It only sees the contents of the notification itself. So it would still see who sent you a message, but it wouldn't say what it was

[–] Bazoogle@lemmy.world 11 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

It's worth noting apps can avoid this on Android: https://tuta.com/blog/google-push-alternative#alternatives-to-google-push

Any FDroid app cannot use Firebase for push notifications since it's proprietary: https://forum.f-droid.org/t/firebase-allowed-in-fdroid-apps/7540

[–] WhyJiffie@sh.itjust.works 7 points 3 weeks ago* (last edited 3 weeks ago)

It's not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.

It's because the system saves the notifications apps posted to the notification menu.

but yes. don't use firebase push notifications if you can avoid it. use a unifiedpush based system. base signal app does not support it, only molly. there are some difficulties though with that that are unique to signal.

[–] anon_8675309@lemmy.world 38 points 3 weeks ago (4 children)

That’s my biggest issue with notifications. Notifications should just notify you that something happened and you need to open the app to find out. Carrying actual data ON the notification is a no-no.

But what do I know, I’m an old developer not one of these modern vibe kiddies.

[–] WolfLink@sh.itjust.works 10 points 3 weeks ago

Signal already has that setting. It’s up to the user to decide their level of convenience vs security.

[–] baggachipz@sh.itjust.works 4 points 3 weeks ago (2 children)

A notification doesn’t have to carry any data in its payload; Signal devs could take care of that.

[–] rezifon@lemmy.world 19 points 3 weeks ago (6 children)

Signal has supported this for many years. Users can choose full content notifications, name only, or no-content notifications.

load more comments (6 replies)
load more comments (1 replies)
load more comments (2 replies)
[–] HumbleExaggeration@feddit.org 35 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

So you are telling me an app is encrypting the shit out of every message so it can secretly delivered to another person. An then the persons phone decrypts the message and broadcasts it to an apple server, so it can get send back and make the phone go 'ding'?

Shouldnt the notification be handled inside signal somehow, so this is the only app with the decrypted message?

What is next, everything from my ram needs to go through google servers to be transmitted to my display?

[–] RunningInRVA@lemmy.world 56 points 3 weeks ago

The Signal server would send a backend notification to the client app via the Apple Push Notification Service. The app is then able to wake up, at which point it fetches new messages (securely) from the Signal servers. The app then generates a local notification with a preview of the received message. iOS is then logging those messages.

[–] Bazoogle@lemmy.world 12 points 3 weeks ago (3 children)

This is not always the same on Android. Any app from FDroid will not use Google's push notification service because it is proprietary, meaning it violates the rules for FDroid. Signal does not use Google's notification service

[–] WhyJiffie@sh.itjust.works 4 points 3 weeks ago (5 children)

It's not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.

It's because the system saves the notifications apps posted to the notification menu.

load more comments (5 replies)
[–] napkin2020@sh.itjust.works 4 points 3 weeks ago

I'm pretty sure Signal has two builds: one with Google service and one without.

load more comments (1 replies)
[–] woelkchen@lemmy.world 10 points 4 weeks ago (5 children)

Well, of course. All notification contents go through Apple's servers (or Google's in case of Android).

[–] Bazoogle@lemmy.world 20 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

Not all, no. There are alternatives on Android:

The good news is that alternative methods for push notifications are available, namely SSE (Server Sent Events) and WebSockets.

Additionally, a new open source project, UnifiedPush is becoming increasingly popular. UnifiedPush is an open source, private alternative to Google for notifications.

https://tuta.com/blog/google-push-alternative#alternatives-to-google-push

Signal for android uses web sockets for notifications

load more comments (1 replies)
[–] AbidanYre@lemmy.world 12 points 3 weeks ago (2 children)

Why would a notification need to leave my device at all?

[–] Goodlucksil@lemmy.dbzer0.com 12 points 3 weeks ago

Because it's FAANG

load more comments (1 replies)
load more comments (3 replies)
[–] x00z@lemmy.world 10 points 3 weeks ago (1 children)

This has been done before and is already pretty well known.

[–] frongt@lemmy.zip 4 points 3 weeks ago (1 children)

When I saw it hit the news before, it was because they were reading notifications off Google servers, which contained at least part of the message. Not because they were reading the device's notification history.

load more comments (1 replies)
[–] TheFrirish@tarte.nuage-libre.fr 9 points 3 weeks ago (1 children)

Honestly I have a much much much MUCH MUCH bigger issue with the fact that it is an American and Centralised service.

FBI still can't access it though.

[–] stringere@sh.itjust.works 3 points 3 weeks ago* (last edited 3 weeks ago) (3 children)

Is there a good decent e2e messenger not in the US? Would love an alternative.

[–] forestbeasts@pawb.social 3 points 3 weeks ago

There's Matrix which is selfhostable but "good" is pushing it and the cryptography is a bit iffy (probably more incompetence than malice). Though selfhosting it means you don't need the end to end encryption quite as much... until the court gets involved of course.

-- Frost

load more comments (2 replies)
[–] ImmersiveMatthew@sh.itjust.works 4 points 3 weeks ago

Just more evidence that Apple is not that concerned about privacy as this is a hole they absolutely could close.

[–] frocalannifo@fedia.io 3 points 3 weeks ago

Added the full content of the original post to the body of this thread.

load more comments
view more: next ›