FBI Extracts Deleted Signal Incoming Messages from iPhone Using Internal Notification Storage

• April 12, 2026

In a recent development highlighting the complexities of digital privacy, the Federal Bureau of Investigation (FBI) managed to recover deleted Signal messages from an iPhone, without access to the messaging app itself. This case involved an iPhone linked to a suspect under investigation, where the Signal application had been removed by the time the authorities examined the device.

Recovery of Incoming Messages Through Notification Data

The FBI’s method centered on the internal handling of notifications by Apple devices. Specifically, every time a Signal message appeared on the iPhone’s lock screen, the device saved a copy of the notification content to its internal memory system. Despite the messages being erased from within Signal itself, this stored notification data provided a partial archive that the FBI could extract.

According to court materials, only incoming messages could be successfully restored, as this snapshot-like data was limited to notifications displayed to the user. Outgoing messages or other communication aspects were not recoverable under this method. The recovered messages, presented as part of legal proceedings, demonstrated how certain device features could retain information even after deliberate deletion efforts.

This finding sheds light on an overlooked aspect of mobile security — how operating systems manage transient notification data. While Signal is renowned for its end-to-end encryption and privacy safeguards within the app environment, the underlying system’s notification storage can inadvertently create a vulnerability.

Apple’s architecture includes a mechanism where notifications received by apps are cached locally to improve user experience, allowing messages or alerts to be briefly viewed on the lock screen or notification center. However, this cache can become a source for data retrieval if the device is accessed by forensic experts, particularly in criminal investigations.

The case raises important considerations for users prioritizing confidentiality. Even when employing privacy-focused messaging services and removing them from the device, residual data outside the app’s control may persist. Users and privacy advocates may need to assess these nuances within device security models to better understand the limits of message deletion.

The FBI’s ability to extract these messages emphasizes the evolving landscape of digital evidence gathering, where device characteristics apart from app encryption can influence available data. It remains unclear how widespread this technique is or how it might be countered in future mobile operating system updates.

As messaging applications continue to improve encryption and privacy features, the interplay with the operating system’s data management will remain a critical factor in overall message security.

The FBI successfully retrieved incoming Signal messages from an iPhone after the app was deleted, using notifications stored in the device’s internal memory.