In a striking development that highlights vulnerabilities in even the most secure messaging apps, the FBI retrieve deleted Signal messages from iPhones. A new federal case out of Texas reveals how investigators accessed incoming message previews stored in the device’s internal notification database, bypassing Signal’s end-to-end encryption, its disappearing messages feature, and even the app’s complete deletion.
The case centers on vandalism and fireworks set off at an ICE detention facility in Alvarado, Texas. Defendants were charged in connection with activities linked to “Antifa,” which President Donald Trump designated a domestic terrorist organization in September 2025. According to court records, the FBI retrieve deleted Signal messages from a suspect’s smartphone despite the user having enabled disappearing messages and later deleting the app entirely.
Those recovered messages played a key role in the investigation, leading to convictions on multiple serious charges, including rioting, providing material support to terrorists, conspiracy to conceal documents, and attempted murder of a police officer.
Also Read: Google AI Edge Eloquent App
How the FBI Did It: The Push Notification Database Loophole
Unlike traditional methods that target the Signal app directly, investigators pulled the messages from the iPhone’s built-in push notification storage system. Here’s the key technical detail: whenever a Signal message preview appears on the lock screen, Apple’s iOS automatically saves a copy of that incoming notification in the device’s internal memory.
One defense attorney’s notes, shared with reporters, explained it plainly: “They were able to capture these chats because of the way she had notifications set up on her phone; anytime a notification pops up on the lock screen, Apple stores it in the internal memory of the device.”
This workaround still works even after the Signal app is deleted FBI retrieve deleted Signal messages, because the notification data is stored separately on the phone. Signal itself is widely praised for its strong end-to-end encryption, but the vulnerability lies not in the app, but in how iOS handles message previews for the lock screen and notifications.
What This Means for Privacy
The case is a wake-up call for anyone relying on secure messaging. Signal offers built-in settings that can block message content from appearing in push notifications entirely. Apple also provides users with multiple options to hide sender information or message previews in notifications. Yet, if those settings are not adjusted, incoming messages can leave a recoverable digital trail.
This isn’t an isolated incident. Apple publicly tracks government requests for push notification data and, from January through June 2025 alone, granted at least some FBI retrieve deleted Signal messages to the United States and several other countries (excluding Belgium). The transparency report underscores how law enforcement agencies worldwide are increasingly turning to device-level notification databases when app-level encryption proves impenetrable.
Practical Steps to Protect Yourself
For users concerned about similar access:
- In Signal, go to Settings → Notifications and disable message previews or content in notifications.
- On your iPhone, review Settings → Notifications → Signal and choose to show only the app icon or hide sensitive content.
- Consider disabling lock-screen previews for all messaging apps under Settings → Notifications → Show Previews.
While no system is foolproof, these simple adjustments can significantly reduce the risk of deleted messages being recovered through this method.
The Texas case, first detailed by 404 Media and now spotlighted in new reporting, serves as a timely reminder: even the most privacy-focused apps operate within the broader ecosystem of your device’s operating system. As law enforcement continues to refine its techniques, staying informed about these device-level vulnerabilities is essential for maintaining digital privacy because FBI retrieve deleted Signal messages in 2026 and beyond.
However, Apple has resisted government calls to reduce security measures on its products on multiple occasions. Notably, in 2016, CEO Tim Cook sent an open letter outlining the company’s intention to decline to produce a master key that would allow federal investigators to unlock devices, as asked during the San Bernardino shooting inquiry.
