"Apple's iOS 26.4.2 introduces 'improved data redaction' to address an issue where 'notifications marked for deletion could be unexpectedly retained on the device.'"
"The FBI's use of this particular iOS notification flaw was first reported on by 404 Media, who learned the agency used a tool to access Signal notification data stored locally on an iPhone even after it was deleted."
"Signal CEO Meredith Whitaker later acknowledged the issue on Bluesky, writing that 'notifications for deleted [messages] shouldn't remain in any OS notification database, and we've asked Apple to address this.'"
"The privacy of your notifications is vulnerable in at least two places, according to the EFF. In the cloud, where they get routed through a company's servers and likely partially logged in metadata, and on the local storage of the phone where they're received."
Apple's iOS 26.4.2 update addresses a security flaw in its notification database that allowed law enforcement to access deleted push notifications. This flaw enabled agencies like the FBI to bypass Apple's privacy measures, which require a court order for notification data access. The update introduces improved data redaction to ensure deleted notifications are not retained on devices. Signal's CEO highlighted the issue, urging Apple to prevent deleted message notifications from remaining in the database. The Electronic Frontier Foundation notes vulnerabilities in notification privacy both in the cloud and on local devices.
Read at Engadget
Unable to calculate read time
Collection
[
|
...
]