Apple records a failure in notifications that could leave copies of deleted messages and compromise your privacy

Apple has released iPhone and iPad patches that correct a failure in the reporting system that, in certain circumstances, left copies of marked removal messages stored in the device. The company identifies this problem as CVE-2026-28950 and describes it as a data record-related failure that has been solved by improving the process of writing sensitive information.

According to official information, the defect allowed notifications that the user had indicated to delete to be unexpectedly retained in the device's database. The exact technical scope and date of introduction of the judgement are not clear, so the doubt remains as to whether before this patch there were other occasions when forensic tools were able to access these records to recover content that was thought to be removed.

Apple distributed different corrections according to device families: the update is applied with iOS 26.4.2 and iPadOS 26.4.2 in more recent models, and in some teams with previous generations the correction appears in iOS 18.7.8 and iPadOS 18.7.8. Among the above terminals are from the iPhone XR and iPhone 11 forward to the newest models of the iPhone and iPad Pro and iPad Air line. For the full list and official notice, Apple offers details on its security page ( support.apple.com).

The public discovery of the relevance of this type of notice-keeping came after a journalistic investigation that revealed how the FBI could recover copies of incoming Signal messages from an accused person's phone using data stored in the device's notification database, even after the uninstallation of the app. This report opened the debate on the extent to which the content of notifications can survive user actions and be accessible to third parties with physical access to the terminal. The research work is available at 404 Average, who reported on the case and its implications.

The problem revealed a classic vulnerability in the balance between usability and privacy: notifications are designed to show useful information without the user having to open the application, but that same functionality can leave traces in local storage. The Electronic Frontier Foundation has stressed that it is not always easy for users to know which metadata or content can be revealed from a notification, or whether these data are left in an unencrypted format accessible to forensic tools.

In this context, Signal recalled in a public statement that the application already offers controls to prevent the content of the messages from appearing in the notifications. The practical recommendation for those who want to reduce risks is to adjust the preferences within Signal in Profile → Notifications → Show, and choose options that limit or remove the display of the content within the notifications. Signal also stated that, once the Apple patch is installed, the notifications that were mistakenly kept will be deleted and that no future notifications of already uninstalled applications will be kept, so, according to the company, no additional action is needed to protect its users in iOS. Your analysis and statements can be reviewed on the official Signal blog ( signal.org).

Beyond the case in point, this episode serves as a reminder of several practical lessons: system updates are not only aesthetic or performance corrections, but also solve problems with privacy implications; physical access to the device remains one of the most powerful vectors for information extraction; and app configuration options - especially in safe messaging services - are a protection layer worth reviewing if sensitive communications are handled.

If you use an iPhone or iPad affected, it is wise to install the operating system version Apple has published as soon as possible. In addition, it is appropriate to review the notification settings in the apps that handle private information and, where necessary, restrict the display of messages on the lock screen. For those who manage devices of people at risk, these measures combined with physical access policies and encrypted backup help to minimize exposure.

In short, Apple has addressed the failure with a technical correction focused on data writing and internal record management; however, the lesson remains that digital ecosystems need constant monitoring and transparency to preserve the privacy of communications. To further the subject and follow up, you can consult the official Apple sources, the news report that brought the matter to light in 404 Average the analysis and recommendations of the EFF and the communications of Signal in his blog.