So the fix for that should be not to let your phone’s unencrypted notification database have access to the content of your encrypted messages.
It’s not like if the Signal Foundation didn’t call out this vulnerability already
Because of an iPhone, not Signal:
“We learned that specifically on iPhones, if one’s settings in the Signal app allow for message notifications and previews to show up on the lock screen, [then] the iPhone will internally store those notifications/message previews in the internal memory of the device,” a supporter of the defendants who was taking notes during the trial told 404 Media. 404 Media granted the person anonymity to protect them from retaliation.
I knew there was a reason I always turn any preview off for notifications.
I guess notifications being constantly broken in Beeper (app I use for Messenger and Signal) are a good thing now.
iPhone: “Your messages are encrypted and cannot be recovered, not even by Apple.”
Also iPhone: Prints your unencrypted messages right on the Lock Screen so anyone with access to your phone can read them.
This is interesting from a OpSec standpoint, it never occurred to Apple to flush the notification screen cache on a regular basis. There in no Notifications History viewer. Once you respond to or clear a notification it is unrecoverable in the iOS UI. But for some reason the cache of its existence remains stored, unencrypted, on your phone.
PSA: You can tell iPhone not to display the content of messages on your Lock Screen, just that those messages came in, but I don’t know if this prevents the contents from being cached by this service in the first place. Hell, I don’t know if turning notifications off completely would prevent this caching from occurring (someone who knows for sure, please chime in). It’s a bizarre and frightening oversight on Apple’s part.
