Push Notification Privacy: How Deleted Photos Get Exposed (2026)
The FBI recovered deleted Signal messages - including shared photos - from an iPhone by extracting them from the push notification database. When lock screen previews are enabled, iOS caches notification content in internal storage that survives app deletion. Apple patched the vulnerability in iOS 26.4.2 on April 22, 2026 (CVE-2026-28950), but the damage was already done. End-to-end encryption means nothing if your phone is keeping a plaintext copy of every notification that hits your lock screen. This affects every messaging app that shows content in notifications, not just Signal.
What Happened: FBI Recovered Deleted Signal Messages
In early 2026, the FBI obtained an iPhone belonging to a suspect connected to an attack on the Prairieland ICE detention center. The device had Signal installed, but the messages had been deleted. That should have been the end of it. Signal uses the Signal Protocol for end-to-end encryption, messages are stored locally, and once you delete a conversation it's gone from the app's database.
Except the FBI used Cellebrite - a forensic extraction tool used by law enforcement worldwide - and pulled the messages right out of the phone's push notification database. Not the app. Not the encrypted storage. The notification cache that iOS maintains internally for delivering and displaying push alerts.
The recovered data included message text and shared photos. Content that was supposed to be encrypted, ephemeral, and deleted turned out to be sitting in a system-level database that most people don't even know exists.
How Push Notifications Store Your Photos
Here's how this works. When a messaging app sends you a notification, the content of that notification has to live somewhere on your phone so iOS can display it on your lock screen and in Notification Center. If you have lock screen previews enabled - which is the default on every iPhone - iOS caches the full notification content, including any inline image thumbnails, in a system-level SQLite database.
This database is separate from the app's own storage. It's managed by the operating system, not by Signal or any other app. When you delete a conversation in Signal, Signal wipes its own encrypted database. It can't touch the notification cache because that's owned by iOS.
The result: your deleted messages keep living in a part of the phone that the app has no control over. Forensic tools like Cellebrite and GrayKey can extract this data even after a phone has been locked or the app has been uninstalled.
Are push notifications private? Not by default, no. Even on encrypted messaging apps, the notification layer can expose message content and photo thumbnails to anyone with physical access and the right extraction tools. Sending photos securely requires thinking beyond just the messaging app itself.
Apple assigned this CVE-2026-28950 and released a fix in iOS 26.4.2 on April 22, 2026. The patch encrypts the notification database at rest and purges cached content when the originating app is deleted. But for anyone running an older iOS version - or anyone whose phone was extracted before the patch - the vulnerability was wide open.
Every Messaging App Is Affected
Signal got the headlines because it's the gold standard for encrypted messaging. But this isn't a Signal problem. It's an iOS notification system problem, and it affects every app that puts message content into push notifications.
WhatsApp shows message text and photo thumbnails in notifications by default. So does iMessage. Telegram, Facebook Messenger, Instagram DMs - all of them push notification content to the lock screen unless you've specifically turned it off. That means all of them were feeding the same notification database that Cellebrite extracted.
The irony with iMessage is especially sharp. Apple markets iMessage as a secure, encrypted messaging platform. But Apple's own notification system was caching iMessage content in an unencrypted database on the same device. The encryption protected messages in transit and at the app layer, while the OS quietly stored plaintext copies one level below.
Instagram DMs are in an even worse position. Meta is removing encryption from Instagram DMs entirely, so those messages won't even have the app-level protection that Signal and WhatsApp provide. Add the notification cache on top, and Instagram photo sharing has essentially zero privacy layers left.
Signal actually had a defense against this before the news broke. There's a setting in Signal called "Notification Content" that lets you choose between showing the full message, just the sender's name, or nothing at all. If you set it to "No Name or Content," Signal sends a generic push notification that doesn't include any message data - so there's nothing for iOS to cache. Most people don't know this setting exists.
How to Protect Your Photos From Notification Leaks
The good news is you can shut this down right now. These steps take about two minutes and they'll close the notification cache vulnerability on your phone.
1. Update to iOS 26.4.2 or later. This is the most important step. Apple's patch encrypts the notification database and cleans up cached content when apps are deleted. Go to Settings → General → Software Update.
2. Disable lock screen previews. Go to Settings → Notifications → Show Previews and change it from "Always" to "When Unlocked"or "Never." This prevents iOS from caching the full notification content when your phone is locked. It's the single biggest change you can make.
3. Turn off notification content in Signal. Open Signal → Settings → Notifications → Notification Content and select "No Name or Content."You'll still get a buzz when a message arrives, but Signal won't send any text or photos to the notification system.
4. Do the same for WhatsApp. Open WhatsApp → Settings → Notifications → turn off "Show Preview" for both Message Notifications and Group Notifications. This stops WhatsApp from pushing photo thumbnails into the notification cache.
5. Review all messaging apps. Check every app that shows message content in notifications. Telegram, Messenger, Slack, email apps - each one is potentially feeding the same cache. Disable content previews in each app's notification settings.
6. Consider disappearing messages. On Signal and WhatsApp, enable disappearing messages for sensitive conversations. This won't prevent the notification cache issue directly, but it reduces the window of exposure by ensuring the app-level copies are cleaned up on a schedule.
How to Protect Your Photos
The notification cache problem is a symptom of a bigger issue: messaging apps were never designed for sharing photos you actually care about keeping private. They're designed for quick communication, and privacy takes a back seat to convenience at every layer - push notifications, cloud backups, thumbnail caches, link previews.
If you're sharing photos that matter - family moments, personal documents, anything you wouldn't want extracted from a phone - the question isn't which messaging app has the best encryption. It's whether a messaging app is the right tool at all.
This is exactly why we built Viallo. It's a private photo sharing platform where photos are stored on EU servers with no AI scanning, no notification caching, and no device-level copies that outlive the sharing session. You create an album, share a link, and recipients view photos directly in their browser - no app installation, no push notifications, no local database for forensic tools to pick through. Photos are delivered in full resolution with EXIF metadata intact, and you control access at any time.
The core difference is architectural. When you share a photo through Signal or WhatsApp, a copy of that photo now lives on the recipient's device - in the app's storage, in the notification cache, potentially in iCloud backups. When you share through a link-based platform, the photo stays on the server and is viewed remotely. There's nothing to extract because there's nothing stored locally.
Some basics that apply regardless of how you share photos: strip EXIF location data before sharing sensitive images, use strong device passcodes (forensic tools have a much harder time with 6+ digit alphanumeric codes), and keep your OS updated so patches like the iOS 26.4.2 notification fix are applied quickly. Check out our guide on whether deleted photos are really deleted for a deeper look at what platforms actually keep after you hit delete.
Try Viallo Free
Share your photo albums with a single link. No account needed for viewers.
Start Sharing FreeFrequently Asked Questions
What is the best way to share photos securely through messaging?
If you must use a messaging app, Signal with notification content disabled is the strongest option. Set Signal's Notification Content to "No Name or Content" and enable disappearing messages. For sharing photo albums with multiple people, a link-based platform like Viallo avoids the notification cache problem entirely because photos are never downloaded to the recipient's device or pushed through notifications. Google Photos shared albums also bypass notifications, but Google scans every upload with AI.
How do I disable notification previews on iPhone?
Go to Settings → Notifications → Show Previews and select "When Unlocked" or"Never." This is the system-wide setting. You can also configure it per app by tapping on individual apps in the Notifications list. For messaging apps, you should additionally check each app's own settings - Signal, WhatsApp, and Telegram all have separate in-app toggles for notification content that are independent of the iOS setting.
Is it safe to share photos through Signal?
Signal's encryption is genuinely strong - messages and photos are encrypted end-to-end using the Signal Protocol, and Signal can't access your content on their servers. The risk isn't Signal's encryption but your phone's notification system. Before iOS 26.4.2 (patched April 22, 2026, CVE-2026-28950), iOS cached notification content in an unencrypted database that forensic tools could extract. Update your phone, disable notification previews in Signal's settings, and Signal is one of the safest options available for one-to-one photo sharing.
What is the difference between end-to-end encryption and notification privacy?
End-to-end encryption protects your messages while they're being transmitted between devices - no one in the middle, including the app maker, can read them. Notification privacy is about what happens after the message arrives on your phone. Your OS needs to display the notification, so it caches the content in a system database that's separate from the app's encrypted storage. You can have perfect encryption and still leak everything through notifications. They're two different layers that both need to be locked down.
Can police see my deleted Signal photos?
Before the iOS 26.4.2 patch, yes - if they had physical access to your iPhone and used a forensic extraction tool like Cellebrite or GrayKey. The FBI demonstrated this in the Prairieland ICE detention center case. After updating to iOS 26.4.2, the notification database is encrypted and cached content is purged when apps are deleted. On Android, notification caching behavior varies by manufacturer and OS version. Disabling notification previews on both platforms is the most reliable protection regardless of OS version.