A New Case Exposed the Clever Workaround the FBI Uses to Read Secure Messages on iPhones
Law enforcement used Apple’s push notifications database to gather messages sent through Signal, and convict defendants for terrorism activities.
BY CHLOE AIELLO, REPORTER @CHLOBO_ILO
Illustration: Getty Images
A new case from Texas shows that law enforcement may have more access to supposedly secure iPhone messages than previously thought.
In a case involving vandalism and fireworks set off at an ICE facility in Alvarado, Texas, the FBI extracted messages received through the app Signal, despite the fact that the defendant reportedly had used disappearing messages, and even deleted the app. 404 Media first reported the news. The messages were used to charge people for activities related to “Antifa,” which President Donald Trump designated a domestic terrorist organization in September of last year.
According to 404, the FBI was able to retrieve messages from the defendant’s smartphone, rather than from the Signal app itself, which has a reputation for being extremely secure thanks to end-to-end encryption. Copies of incoming messages, however, were saved to the iPhone’s internal notification storage, specifically its push notifications, which show a preview of incoming messages on iPhones.
One defendant’s attorney provided notes to 404 Media. “They were able to capture these chats [because] of the way she had notifications set up on her phone—anytime a notification pops up on the lock screen, Apple stores it in the internal memory of the device,” the notes read.
There are settings on the Signal app that can block the content of messages appearing in push notifications, according to 404. And Apple itself offers iPhone users various options to keep the contents of messages or even who sent them from appearing.
Defendants were ultimately convicted of multiple offenses, including rioting, providing material support to terrorists, conspiracy to conceal documents, and attempted murder of a police officer.
This case isn’t the first time push notifications have been mined for information, according to 404 Media. Apple maintains a list of push token requests it has received from global governments on its website. From January through June 2025, alone, Apple received requests for push notification data from the U.S., the U.K., Australia, Belgium, Canada, Finland, France, Germany, and Norway. In that time, it granted all the countries, aside from Belgium, at least some of the data they requested.