Executive TL;DR
- Apple fixes iPhone bug that allowed cops to extract deleted chat messages
- Notification texts were stored on a local database outside of the messaging app
- Users can change settings to only show notification alerts without content
The Buzz Score
The Internet’s Verdict: 70% Hyped, 30% Skeptical
What’s the Issue?
The bug allowed notifications to be retained on the device even after the app that generated them was removed.
This was a bug that left it cached on the device. Apple and Google have put themselves in the middle of most notifications, causing the contents to pass through their servers, which means that they are subject to all the standard warrantless wiretapping directly from governments, as well as third-party attacks on the infrastructure in place to support that monitoring.
Impact and Solution
The impact of the bug was that notifications marked for deletion could be unexpectedly retained on the device.
A logging issue was addressed with improved data redaction, with a CVE-2026-28950 classification.
Oh, I was originally confused about this because I had thought the push notifications were end-to-end encrypted, so they couldn’t be cached in readable form by the push notification service, and only decrypted by the app on device upon receiving the notification. But it seems like after the notification was decrypted by the app and shown to the user using OS APIs, the notification text was then stored by the OS in some kind of notification history DB locally on the device?
Conclusion
Apple’s fix addresses the issue, but users should still be aware of their notification settings to maintain privacy.
Focus Keyword: iPhone Bug
