Apple has patched an iPhone and iPad security flaw that could leave deleted messages sitting in notification history for up to a month, a quiet but awkward reminder that ”delete” on a phone is sometimes more of a suggestion than a guarantee. The bug mattered because it let forensic tools recover message content that users believed had already vanished, including disappearing chats from privacy-focused apps like Signal.
The notification cache flaw was fixed in a security update released on April 22, 2026, with Apple saying notifications marked for deletion could be unexpectedly retained on the device. The company says the patch is available on devices running iOS 26 and has also been backported to users still on iOS 18.
How the notification cache flaw worked
The issue came down to iOS notification caching. When a message arrived, the operating system stored the notification content locally, and that copy could persist even after the original chat was deleted inside the app. In practice, that meant the ”gone” version and the ”still on the phone” version were two very different things.
According to reporting cited by TechCrunch, investigators had been able to pull deleted Signal messages from an iPhone using forensic tools because the notification database preserved what users saw on screen. In theory, the same behavior could have affected messages from other apps as well, since plenty of them surface content through notifications in the first place. Apple has not explained why the caching behavior existed at the operating-system level, which is the sort of silence that usually means nobody wants to talk about the plumbing.
Why Signal pushed the issue into the open
The flaw did not stay buried for long. Signal president Meredith Whittaker publicly criticized the behavior, arguing that deleted-message notifications should not linger in any operating system database. Apple’s own wording now backs that up, describing the issue as significant rather than shrugging it off as a small bug.
For privacy-minded users, the embarrassing part is not that an app failed to hide a message, but that the phone itself kept a copy after the user acted on the original. That puts Apple in the same uncomfortable club as other platform makers that have had to clean up ”temporary” data paths that turned out to be much less temporary than advertised.
What iPhone users should do now
If you rely on disappearing messages, the practical move is simple: update now. The fix is already live for current iPhones and iPads, and the broader lesson is that notification previews are often a weak link in privacy setups, even when the chat app itself does everything right.
The bigger question is whether Apple will say more about notification retention in future releases or quietly move on and hope nobody asks about it again. Given how much modern messaging depends on push alerts, this probably won’t be the last time a convenience feature collides with the promise of private communication.