Blog Details

Apple’s latest iOS replace fixes a flaw in its notification database that made it capability for legislation enforcement to ogle deleted push notifications on a particular person’s iPhone or iPad. The security flaw used to be a technique legislation enforcement businesses accumulate the FBI might perchance well possibly circumvent Apple’s strict stance towards consumer privateness, the Digital Frontier Foundation writes, in particular since the firm has required a court notify to section notification records since 2023.

In step with Apple’s replace notes, iOS 26.4.2 introduces “improved data redaction” to contend with a controversy where “notifications marked for deletion could be unexpectedly retained on the device.” The replace is available now on “iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later and iPad mini 5th generation and later,” Apple says.

The FBI’s exhaust of this explicit iOS notification flaw used to be first reported on by 404 Media, who learned the company aged a instrument to access Signal notification records stored domestically on an iPhone even after it used to be deleted. Signal CEO Meredith Whitaker later acknowledged the problem on Bluesky, writing that “notifications for deleted [messages] shouldn’t remain in any OS notification database, and we’ve asked Apple to address this.” On the time, Whitaker directed Signal customers to regulate their settings in notify that push notifications from the app didn’t consist of the name of the messenger or message converse. In response to at the present time’s news, Signal acknowledged on Bluesky that it is miles “very chuffed that at the present time Apple issued a patch and a security advisory.”

The privateness of your notifications is inclined in at least two locations, per the EFF. In the cloud, where they salvage routed by draw of a firm’s servers and jog partially logged in metadata, and on the local storage of the phone where they’re bought. Apple’s replace must always mild ideally affect deleted notifications accurately inaccessible, but limiting what’s in point of fact visible in notifications within the principle situation will seemingly be worth brooding about.

Replace, April 22, 6:40PM ET: This story used to be as much as this point after undergo consist of comment from Signal.