TLDR: signal content in Apple notification can be retrieved even after signal app deletion.
I saw from this reddit thread: Signal messages retrieved from iPhone after uninstalling app. : signal
Referencing this news article: Pretti Killing May Affect ICE Prairieland “Antifa Cell” Terrorism Trial
The mention of signal is in court documents here: March 10: Federal Trial Day 12 - Support the Prairieland Defendants
Signal chat evidence from Sharp’s device (Exhibit 158):
Messages were recovered from Sharp’s phone through Apple’s internal notification storage — Signal had been removed, but incoming notifications were preserved in internal memory. Only incoming messages were captured (no outgoing).
You also don’t need to do this on Android unless you are concerned about random people seeing the messages on your screen. Signal on Android does not use Google’s push notification service
as far as i know signal uses Google’s notification service and if you want it to not you need to use Molly
Source? I’m pretty sure it falls back to a different mechanism when it doesn’t find google services. And that is only on the version downloaded from their website.
https://github.com/signalapp/Signal-Android/issues/13290
You most certainly do. I looked in my notification history in my founding of signal messages.
Then I turned off my notification history.
It’s not about how it’s pushed. It’s how it’s displayed (and stored) on the phone.
It’s both. Governments have started subpoenaing the push notification servers for data, instead of targeting individual devices. That little pop-in that says who the message was from, and maybe a little bit of the body of the text? Yeah, the push notification server handled that, and the government has access to that server. So any notification you see on your screen, you can be pretty positive that the government has also seen.
But this is about the notification data being stored in a part of the phone that isn’t encrypted. Signal is (or at least claims to be) E2E encrypted, so it shouldn’t be possible for a warrant to get access to the messages in the app. But since the phone is storing those notifications in a separate area (which isn’t encrypted), the warrant was able to read them.
The point is that there are two different attack vectors, and you should harden your device against both.
This doesn’t make sense as the whole phone is encrypted. Do what magical unencrypted space is it stored. The push notification server yes that is an issue
if your whole phone is encrypted this likely doesn’t apply to you so long as you have a strong passpharse (6 characters or more) and a good data shredding policy (shred after 5 wrong guesses)
however, that is not most people
Source? I am not seeing anything about that. The only problem I have seen on Android is when applications use firebase for notifications, which is most play store apps to be fair, just no FDroid apps or some privacy preserving apps
Android Settings>Notifications>History. If this is on, you can clearly see past Signal notifications, including sender name and message preview (if you enabled those in Signal). I don’t know whether there is any ‘hidden’ history/cache that is stored even with notification history disabled.
I know about the setting. Why are you saying that information is sent to Google’s servers? As far as I have found, that information is only stored locally on your phone
Edit: If this is just about the fact it’s on the phone locally, of course if they have your actual phone they can see it. Signal is end to end encrypted, but it isn’t go to be encrypted on each end, otherwise you couldn’t read messages. Them getting your actual phone is very different from them intercepting the communication without you knowing
Read the original story. This whole thing is about retrieving data from the phone itself, not from Apple or Google servers.
Gotcha. I misunderstood. I didn’t think it would be just that, because of course if they have your phone they have the contents. Signal encrypts end to end, but if they have the end device of course it isn’t encrypted.
Well, kind of. They could have your phone, but you have a strong passcode locking Signal, or you could have uninstalled Signal, as in the OP. In those cases, the full Signal conversations would be protected, while any notification history stored by the system would be recoverable.
The issue is that even if a message is deleted, message content can be retrieved through notification history.