TLDR: signal content in Apple notification can be retrieved even after signal app deletion.
I saw from this reddit thread: Signal messages retrieved from iPhone after uninstalling app. : signal
Referencing this news article: Pretti Killing May Affect ICE Prairieland “Antifa Cell” Terrorism Trial
The mention of signal is in court documents here: March 10: Federal Trial Day 12 - Support the Prairieland Defendants
Signal chat evidence from Sharp’s device (Exhibit 158):
Messages were recovered from Sharp’s phone through Apple’s internal notification storage — Signal had been removed, but incoming notifications were preserved in internal memory. Only incoming messages were captured (no outgoing).
It would be nice if Signal let you do this per conversation.
It’s sort of a victim of its own success, I use it for both things that do and don’t require opsec
I imagine that the signal devs viewed it as a similar concern as when you mistype your password the error message doesn’t give you any way to know if the password is wrong or if the account doesn’t exist.
If only some of your notifications are sanitized then those are the suspicious ones. If all of your notifications are sanitized then none of them are suspicious. Or, at least, they’re all equally suspicious, opaque, and unidentifiable.
and on some level it’s important for good opsec that things that don’t require opsec be done with good opsec