iOS Bug Preserved Deleted Signal Messages Long Enough for FBI Recovery

Apple has shipped a patch for an iOS defect that left supposedly-deleted Signal messages recoverable by forensic tooling. The flaw meant the operating system retained message artifacts on disk after the Signal client believed them purged, opening a gap that federal investigators reportedly exploited during at least one case to reconstruct conversations users expected to be gone.

The issue sits at the intersection of application-level guarantees and platform-level storage behavior. Signal’s disappearing-message and delete-for-me features depend on the OS honoring file deletion semantics; when iOS caches or journals data outside the app’s sandbox view, the end-to-end encryption story weakens at rest even while the wire protocol remains sound. This is a recurring pattern in mobile forensics — the ciphertext is safe, the artifacts around it are not.

For threat models that include device seizure, the takeaway is that app-reported deletion is not the same as secure erasure until the underlying platform confirms it. Users relying on ephemeral messaging for sensitive communication should apply the iOS update immediately and assume historical devices may still contain recoverable remnants.