TLDR: signal content in Apple notification can be retrieved even after signal app deletion.

I saw from this reddit thread: Signal messages retrieved from iPhone after uninstalling app. : signal

Referencing this news article: Pretti Killing May Affect ICE Prairieland “Antifa Cell” Terrorism Trial

The mention of signal is in court documents here: March 10: Federal Trial Day 12 - Support the Prairieland Defendants

Signal chat evidence from Sharp’s device (Exhibit 158):
Messages were recovered from Sharp’s phone through Apple’s internal notification storage — Signal had been removed, but incoming notifications were preserved in internal memory. Only incoming messages were captured (no outgoing).

  • anon_8675309@lemmy.worldEnglish
    391·
    1 day ago

    That’s my biggest issue with notifications. Notifications should just notify you that something happened and you need to open the app to find out. Carrying actual data ON the notification is a no-no.

    But what do I know, I’m an old developer not one of these modern vibe kiddies.

    • WolfLink@sh.itjust.worksEnglish
      10·
      13 hours ago

      Signal already has that setting. It’s up to the user to decide their level of convenience vs security.

    • phx@lemmy.worldEnglish
      3·
      10 hours ago

      Yeah. It’s not just signal either that could be an issue. Sure, I want my private messages to be private, but there are financial apps, business email, and many other bits of very sensitive information that could be captured in those messages

    • NotMyOldRedditName@lemmy.worldEnglish
      3·
      18 hours ago

      The actual notification telling you there is a message shouldn’t contain the content if its sensitive, it should only carry an ID to said message, and im certain this is what signal does. Thats like the most utter basic thing about notifications.

      Once that notification arrives, the system decides what to show you after fetching the message from the ID in the background. You can opt to keep that private or show it.

      In this case if you opt to show it, it leaks.

      • rezifon@lemmy.worldEnglish
        19·
        23 hours ago

        Signal has supported this for many years. Users can choose full content notifications, name only, or no-content notifications.

        • baggachipz@sh.itjust.worksEnglish
          33·
          22 hours ago

          I believe what’s in the payload is not the same as what the user chooses to see. That is, it’s sent no matter what but the user can set what’s visible on the lock screen. I could be wrong though.

          • eco_game@discuss.tchncs.deEnglish
            12·
            21 hours ago

            That’s a separate OS setting. Signal itself has its own setting for which content is actually sent in the notification.

          • rezifon@lemmy.worldEnglish
            37·
            20 hours ago

            Why do you so confidently assert things which you do not know but merely believe without checking?

      • blargh513@sh.itjust.worksEnglish
        2·
        15 hours ago

        That’s not the problem here. Showing a notification with content is not a big deal.

        In the case stated here, the big deal is that the notification HISTORY was preserved after removal of Signal. That’s because both Apple and Google do the same thing. They keep a notification history. Not on a per-app basis, ALL apps notification history is stored.

        I know that on Androids, it is turned off by default and you can turn it on, so you get the impression that Android doesn’t have this issue. I am going to guess as I do not own an apple anything that iOS has notification history turned on by default. This is the real problem. This is not anything Signal can control for unless they were to not support notifications which would render their app useless, so that’s not an option.

    • Chais@sh.itjust.worksEnglish
      417·
      1 day ago

      And you believed that?? Do you also believe Micro$lop when they tell you that Windows is the best OS?

  • earthworm@sh.itjust.worksEnglish
    105·
    2 days ago

    Basically, they didn’t do this:

    (I’m on Android, so I don’t know what the options look like in iOS, but they should be identical.)

    • blargh513@sh.itjust.worksEnglish
      3·
      15 hours ago

      This is the problem, not what is shown in the per-app notifications. Don’t turn on notification history.

    • Crackhappy@lemmy.worldEnglish
      6·
      1 day ago

      Thank you internet stranger. I’m going to do this but fuck me if I can get my family to change their settings. They don’t even know they can create a poll.

      Don’t ask me. I made all of you admins do I don’t have to answer questions like how do I make a poll. Click the + button. Yeah. The one on your fucking screen right now.

      No grandpa. We are not trying to figure out who is trans. No popop none of are naxies (I hope)

      Anyway, click the +. Right there. That is how you create a poll.

    • Rioting Pacifist@lemmy.worldEnglish
      43·
      2 days ago

      It would be nice if Signal let you do this per conversation.

      It’s sort of a victim of its own success, I use it for both things that do and don’t require opsec

      • The D Quuuuuill@slrpnk.netEnglish
        8·
        23 hours ago

        and on some level it’s important for good opsec that things that don’t require opsec be done with good opsec

        • Rioting Pacifist@lemmy.worldEnglish
          2·
          17 hours ago

          That doesn’t work in reality, as evidenced here, it’s far more likely people compromise their security for convenience than the other way around.

          Also sometimes opsec requires in get messages from certain chats quickly. Knowing where ICE are in a timely manner is important.

      • rezifon@lemmy.worldEnglish
        3·
        20 hours ago

        I imagine that the signal devs viewed it as a similar concern as when you mistype your password the error message doesn’t give you any way to know if the password is wrong or if the account doesn’t exist.

        If only some of your notifications are sanitized then those are the suspicious ones. If all of your notifications are sanitized then none of them are suspicious. Or, at least, they’re all equally suspicious, opaque, and unidentifiable.

    • Bazoogle@lemmy.worldEnglish
      212·
      1 day ago

      You also don’t need to do this on Android unless you are concerned about random people seeing the messages on your screen. Signal on Android does not use Google’s push notification service

      • ɔiƚoxɘup@infosec.pubEnglish
        9·
        1 day ago

        You most certainly do. I looked in my notification history in my founding of signal messages.

        Then I turned off my notification history.

      • electric_nan@lemmy.mlEnglish
        81·
        1 day ago

        It’s not about how it’s pushed. It’s how it’s displayed (and stored) on the phone.

        • mic_check_one_two@lemmy.dbzer0.comEnglish
          73·
          1 day ago

          It’s both. Governments have started subpoenaing the push notification servers for data, instead of targeting individual devices. That little pop-in that says who the message was from, and maybe a little bit of the body of the text? Yeah, the push notification server handled that, and the government has access to that server. So any notification you see on your screen, you can be pretty positive that the government has also seen.

          But this is about the notification data being stored in a part of the phone that isn’t encrypted. Signal is (or at least claims to be) E2E encrypted, so it shouldn’t be possible for a warrant to get access to the messages in the app. But since the phone is storing those notifications in a separate area (which isn’t encrypted), the warrant was able to read them.

          The point is that there are two different attack vectors, and you should harden your device against both.

          • Auli@lemmy.caEnglish
            2·
            1 day ago

            This doesn’t make sense as the whole phone is encrypted. Do what magical unencrypted space is it stored. The push notification server yes that is an issue

            • The D Quuuuuill@slrpnk.netEnglish
              1·
              24 hours ago

              if your whole phone is encrypted this likely doesn’t apply to you so long as you have a strong passpharse (6 characters or more) and a good data shredding policy (shred after 5 wrong guesses)

              however, that is not most people

        • Bazoogle@lemmy.worldEnglish
          21·
          1 day ago

          Source? I am not seeing anything about that. The only problem I have seen on Android is when applications use firebase for notifications, which is most play store apps to be fair, just no FDroid apps or some privacy preserving apps

          • electric_nan@lemmy.mlEnglish
            91·
            1 day ago

            Android Settings>Notifications>History. If this is on, you can clearly see past Signal notifications, including sender name and message preview (if you enabled those in Signal). I don’t know whether there is any ‘hidden’ history/cache that is stored even with notification history disabled.

            • Bazoogle@lemmy.worldEnglish
              24·
              1 day ago

              I know about the setting. Why are you saying that information is sent to Google’s servers? As far as I have found, that information is only stored locally on your phone

              Edit: If this is just about the fact it’s on the phone locally, of course if they have your actual phone they can see it. Signal is end to end encrypted, but it isn’t go to be encrypted on each end, otherwise you couldn’t read messages. Them getting your actual phone is very different from them intercepting the communication without you knowing

              • electric_nan@lemmy.mlEnglish
                9·
                1 day ago

                Read the original story. This whole thing is about retrieving data from the phone itself, not from Apple or Google servers.

                • Bazoogle@lemmy.worldEnglish
                  1·
                  21 hours ago

                  Gotcha. I misunderstood. I didn’t think it would be just that, because of course if they have your phone they have the contents. Signal encrypts end to end, but if they have the end device of course it isn’t encrypted.

              • nforminvasion@lemmy.worldEnglish
                6·
                1 day ago

                The issue is that even if a message is deleted, message content can be retrieved through notification history.

  • TheFrirish@tarte.nuage-libre.frFrançais
    9·
    1 day ago

    Honestly I have a much much much MUCH MUCH bigger issue with the fact that it is an American and Centralised service.

    FBI still can’t access it though.

      • TheFrirish@tarte.nuage-libre.frFrançais
        2·
        13 hours ago

        As of now the most complete alternative (albeit controversial) is the decentralised SimpleX Chat. But it’s not as easy to use as Signal.

      • badgermurphy@lemmy.worldEnglish
        3·
        18 hours ago

        Good? No.

        I think it is telling about Signal, though, that despite being in a privacy-unfriendly jurisdiction, federal authorities can only extract data from it when its users mess up.

        I don’t think you’ll get much better until some of these other services mature more. Some of them seem painted into a corner where improving them further seems to involve rewriting big sections of them, like Matrix, so I am less optimistic about those.

      • forestbeasts@pawb.socialEnglish
        3·
        18 hours ago

        There’s Matrix which is selfhostable but “good” is pushing it and the cryptography is a bit iffy (probably more incompetence than malice). Though selfhosting it means you don’t need the end to end encryption quite as much… until the court gets involved of course.

        – Frost

  • scytale@piefed.zipEnglish
    53·
    2 days ago

    I learned about this a couple of months ago and I’ve since disabled previews in notifications. It’s unfortunately the nature of how notifications are delivered to you. You should be fine by disabling message previews in your notification settings.

  • HumbleExaggeration@feddit.orgEnglish
    394·
    1 day ago

    So you are telling me an app is encrypting the shit out of every message so it can secretly delivered to another person. An then the persons phone decrypts the message and broadcasts it to an apple server, so it can get send back and make the phone go ‘ding’?

    Shouldnt the notification be handled inside signal somehow, so this is the only app with the decrypted message?

    What is next, everything from my ram needs to go through google servers to be transmitted to my display?

    • RunningInRVA@lemmy.worldEnglish
      54·
      2 days ago

      The Signal server would send a backend notification to the client app via the Apple Push Notification Service. The app is then able to wake up, at which point it fetches new messages (securely) from the Signal servers. The app then generates a local notification with a preview of the received message. iOS is then logging those messages.

    • frongt@lemmy.zipEnglish
      51·
      1 day ago

      When I saw it hit the news before, it was because they were reading notifications off Google servers, which contained at least part of the message. Not because they were reading the device’s notification history.

      • x00z@lemmy.worldEnglish
        1·
        1 day ago

        That’s true. Technically it’s different. The end result is kind of the same though.

  • DarkFuture@lemmy.worldEnglish
    58·
    17 hours ago

    Another reason not to own Apple products.

    Don’t think I’ve ever seen a company with shittier products better at tricking the gullible into buying them.

    Anything you can do on a Mac/iPhone you can do on a PC/Android for half the price. Windows is a much more compatible and intuitive OS. And so is Android.

    Source: I’ve worked in IT for over 20 years. I’ve worked with a ton of other techs. They all hated Apple. I actually just got done working on a Mac that our media department brought me because they were also tricked by advertising into thinking you need a Mac to do media stuff. It was a nightmare and my hatred for Apple has only increased.

    P.S. Please don’t bother telling me how Linux is superior to Windows. I know Lemmy likes Linux. I don’t care. It’s not as compatible as Windows and not suitable for a work environment. I have my problems with Microsoft. This comment is about hating Apple more.

    • luckyeddy@sh.itjust.worksEnglish
      1·
      12 hours ago

      Well, I’m here to tell you that <insert operating system here> is way better to use for <insert task>

  • Bazoogle@lemmy.worldEnglish
    131·
    2 days ago

    This is not always the same on Android. Any app from FDroid will not use Google’s push notification service because it is proprietary, meaning it violates the rules for FDroid. Signal does not use Google’s notification service

    • WhyJiffie@sh.itjust.worksEnglish
      62·
      2 days ago

      It’s not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.

      It’s because the system saves the notifications apps posted to the notification menu.

      • Bazoogle@lemmy.worldEnglish
        54·
        1 day ago

        It’s not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.

        Is is 100% because of firebase. Here is an example payload from firebases official document:

        {
  "message":{
    "token":"bk3RNwTe3H0:CI2k_HHwgIpoDKCIZvvDMExUdFQ3P1...",
    "notification":{
      "title":"Portugal vs. Denmark",
      "body":"great match!"
    }
  }
}

        https://firebase.google.com/docs/cloud-messaging/customize-messages/set-message-type

        Notification history is purely local to the device. It is not sent to any servers.

        • WhyJiffie@sh.itjust.worksEnglish
          3·
          1 day ago

          that is the documentation of firebase, not signal. firebase just shows a common example there that is easy to implement for beginners and lazy devs. but developers can send whatever they want through firebase. I wouldn’t be surprised if that’s what facebook messenger is doing, but if a developer cares about their users privacy, they can just send a simple message through firebase, and make the app so that when receiving that, it checks for new messages by itself.

          this is what the molly fork does with unifiedpush. the UP server, commonly ntfy.sh, only sees that the mollysocket server sent this to your molly client:

          {"urgent": true}

          Notification history is purely local to the device. It is not sent to any servers.

          I did not claim so. but when your phone is confiscated, it’s possible to read that out

          • 0_o7@lemmy.dbzer0.comEnglish
            11·
            23 hours ago

            Why are you using an example molly client using unified push on a post about Signal?

            Signal isn’t molly and cannot unified push at all.

            Can you point to signal source code with this implementation?

        • olorin99@kbin.earth
          4·
          1 day ago

          Notification history is purely local to the device. It is not sent to any servers.

          Yes the notifications were retrieved from the phones local storage. Firebase was not involved in anyway.

  • woelkchen@lemmy.worldEnglish
    177·
    2 days ago

    Well, of course. All notification contents go through Apple’s servers (or Google’s in case of Android).