Apple Fixes iPhone Bug That Retained Deleted Signal Notifications

Apple has released emergency iPhone and iPad security updates to fix CVE-2026-28950, a Notification Services flaw that could cause deleted notifications to remain stored on a device. The bug affected iOS and iPadOS notification handling, not Signal’s encrypted message store.

The fix arrived in iOS 26.4.2, iPadOS 26.4.2, iOS 18.7.8, and iPadOS 18.7.8. Apple says the issue involved notifications marked for deletion being “unexpectedly retained” on the device, and that it addressed the problem with improved data redaction.

The update follows reporting that the FBI recovered Signal message content from an iPhone through Apple’s internal notification storage, even after Signal had been removed from the device. The recovered content reportedly came from notification records, not from Signal’s encrypted database.

Why this iPhone security update matters

The case highlights a privacy gap that many users may not expect. A deleted message inside an encrypted app may still leave traces elsewhere if the phone’s operating system stores notification content.

Signal messages remained encrypted in the app itself, according to public reporting. The issue came from iOS retaining notification data that should have been deleted, which could expose message previews during forensic analysis of the device.

This makes CVE-2026-28950 different from a typical remote hacking flaw. The main risk is local data retention. Someone with access to the device, legal authority, or forensic tooling could potentially recover sensitive notification content that a user believed was gone.

At a glance

Item	Details
Vulnerability	CVE-2026-28950
Affected component	Apple Notification Services
Fixed in	iOS 26.4.2, iPadOS 26.4.2, iOS 18.7.8, iPadOS 18.7.8
Issue type	Logging and data retention flaw
Apple’s description	Deleted notifications could remain on the device
Fix	Improved data redaction
App linked in reports	Signal
Signal app encryption broken	No
Main risk	Sensitive notification content could remain recoverable
User action	Install the latest iOS or iPadOS update

What Apple patched

Apple’s advisory lists the bug under Notification Services. The company says notifications marked for deletion could be retained unexpectedly, and the fix improves how data is redacted.

The update covers recent iPhones and iPads through iOS 26.4.2 and iPadOS 26.4.2. Apple also released iOS 18.7.8 and iPadOS 18.7.8 for older supported devices that remain on the iOS 18 branch.

Apple did not publish detailed technical notes explaining how long notification content could remain on a device or every app category affected. The public advisory focuses on the notification deletion problem and the patched operating system versions.

How Signal messages entered the story

404 Media reported that FBI investigators recovered copies of Signal messages from a suspect’s iPhone through Apple’s notification storage. BleepingComputer reported that the recovered data did not come from Signal’s encrypted message store, but from iPhone notification storage.

Help Net Security reported that Signal later confirmed CVE-2026-28950 and the bug used in the FBI recovery were the same issue. Signal also said users do not need a separate Signal-side action once the Apple patch is installed, because preserved notifications should be deleted and future notifications for deleted apps should not be preserved.

Signal also thanked Apple for addressing the issue quickly, according to BleepingComputer. The company said preserving private communication requires action across the wider ecosystem, not only inside encrypted messaging apps.

What users should do now

• Install iOS 26.4.2 or iPadOS 26.4.2 on supported devices.
• Install iOS 18.7.8 or iPadOS 18.7.8 if your device remains on iOS 18.
• Open <strong>Settings</strong>, then <strong>General</strong>, then <strong>Software Update</strong>.
• Turn on automatic updates if you do not already use them.
• Review notification previews for sensitive apps.
• In Signal, reduce notification content by showing only the sender name or no name and no content.
• Avoid showing sensitive message previews on the lock screen.

How to reduce Signal notification exposure

The Apple patch addresses the CVE, but users who handle sensitive conversations can also limit what appears in notifications. This reduces the amount of message content that iOS can display or store in the first place.

In Signal, users can open <strong>Signal Settings</strong>, then <strong>Notifications</strong>, then <strong>Notification content</strong>. From there, they can set previews to <strong>Name Only</strong> or <strong>No Name or Content</strong>.

This setting does not replace the Apple update. It adds a second privacy layer by limiting what notification previews reveal on the device.

Why encrypted apps still depend on the operating system

Encrypted messaging apps protect message content inside their own systems, but they still rely on mobile operating systems for notifications, backups, permissions, storage, and app lifecycle behavior.

That creates shared responsibility. Signal can encrypt messages inside the app, but iOS controls how notifications appear, how notification previews get logged, and when related data should disappear from the device.

CVE-2026-28950 shows why notification settings matter. A message preview can become sensitive data once it appears outside the app, especially on a locked device or a phone later examined with forensic tools.

FAQ