A critical data persistence vulnerability in mobile notification services has been addressed following reports that it was being used by law enforcement to recover messages intended to be deleted. This flaw highlights the difference between application-level encryption and operating system-level data storage.
Tracked as CVE-2026-28950, the flaw in iOS and iPadOS notification services allowed notifications to be retained on the device even after the associated application and its data were removed. Reports indicate that federal forensics teams successfully recovered Signal messages from this storage, bypassing the app’s encrypted database. @[Apple](urn:li:organization:162479) implemented a fix via improved data redaction in iOS 26.4.2 and iPadOS 26.4.2.
For enterprise privacy, this incident proves that end-to-end encryption is only as secure as the notification hooks it uses. When sensitive data is leaked to the OS notification center, it falls outside the app’s secure container and becomes subject to device-level forensics and potential exfiltration.
– Immediately update all @[Apple](urn:li:organization:162479) iPhones and iPads to iOS 26.4.2 or higher to neutralize data persistence in notifications.
– Enforce MDM policies that restrict notification previews on the lock screen for sensitive communications apps.
– Instruct users to utilize the “Clear All” notification command periodically to ensure manual purging of the OS-level notification database.
– Monitor for anomalous forensic tool artifacts in device audit logs where physical access is a known threat.
The persistence of deleted data at the OS layer represents a critical privacy failure that requires both technical patching and policy-driven data hygiene. #CodeDefence #Apple #Privacy #MobileSecurity
/
