Deleted Didn’t Mean Gone: Apple Fixes iPhone Bug Exploited in FBI Probe
Apple has rolled out an urgent update to fix a logging flaw (CVE-2026-28950) that allowed deleted notifications to remain stored on devices. The issue came to light after the FBI retrieved Signal messages from an iPhone, highlighting how system-level bugs can undermine app-level encryption. The flaw affected iPhones from the iPhone 11 onward and several iPad models. Apple’s latest updates-iOS 26.4.2 and iPadOS 26.4.2-remove retained notification data, ensuring deleted alerts are properly wiped.
Apple has pushed out an urgent software update to fix a quiet but serious flaw that could let deleted message alerts linger on devices - a loophole that reportedly helped the Federal Bureau of Investigation recover messages from the encrypted app Signal. The issue taps into a long-running tension between Apple and law enforcement over user privacy- a debate that first exploded during the Apple vs FBI encryption dispute and continues to shape how secure our phones really are.
At the centre of the problem is a bug in Apple’s notification system. Normally, when you delete an app or clear notifications, that data should disappear completely. But in this case, notifications marked for deletion were still being quietly stored on the device. This meant that even if a user deleted an app like Signal, known for its strong encryption, traces of incoming messages could still exist in the phone’s internal notification database. These weren’t visible to users, but they could potentially be accessed using forensic tools if someone had physical access to the device.
Apple has now classified the issue as a logging flaw (CVE-2026-28950) and fixed it by improving how sensitive data is removed, or “redacted,” from the system.
How the FBI case brought this to light
The flaw came into focus after a report revealed that the FBI was able to extract copies of Signal messages from an iPhone tied to a criminal investigation. Even though the app had been deleted, message content was still retrievable - not from Signal itself, but from stored notification data.
Advertisement
This is important because apps like Signal are designed so that even the company cannot access user messages. But this case showed that the weak point wasn’t the app it was the operating system handling notifications.
Who is affected
Apple says the bug impacted a wide range of devices, including iPhones starting from the iPhone 11 and several iPad models. The fix has been rolled out in the latest updates, including iOS 26.4.2 and iPadOS 26.4.2, along with patches for older versions.
Advertisement
Basically if your device supports the latest update, you should install it.
What Apple and Signal are saying
Apple has kept its explanation brief, saying only that notifications meant to be deleted were “unexpectedly retained.” It has not clarified how long the issue existed or how widely it may have been exploited. Signal, on the other hand, reassured users that no action is needed beyond updating the device. Once updated, any leftover notification data tied to deleted apps will be wiped automatically.
The company also thanked Apple for acting quickly - a rare moment of alignment between privacy-focused apps and platform providers.
Why this matters beyond one bug
This incident highlights a bigger issue: even if an app is secure, the system around it might not be. Notifications, backups, and logs can all leave behind digital traces.
Privacy experts have long warned that notifications can leak more information than users realise. In many cases, they may include message previews, sender names, or metadata- all of which can be sensitive.
What you should do
The fix is straightforward- update your device. For extra privacy, users can also limit what appears in notifications by changing settings to show only names or no content at all. The bigger takeaway is simple: encryption alone doesn’t guarantee privacy. As this case shows, sometimes the smallest system-level bug can quietly undo it.