Signal push notifications could present privacy vulnerability, says Durov
The comments followed recent reports that law enforcement officials retrieved deleted Signal messages through device push notification logs.
Pavel Durov, co-founder of the Telegram messaging application, said that push notifications may create a persistent, critical vulnerability to user privacy, allowing data retrieval even after messages and messaging applications that allow push notification data storage have been deleted from a device.
Durov cited a recent report, originally published by 404 Media, that the United States Federal Bureau of Investigation (FBI) was able to retrieve deleted messages from a Signal user by accessing device notification logs on an Apple iPhone, Durov said on Friday:
Cointelegraph reached out to Signal about the FBI’s data retrieval but did not receive a response by the time of publication.
The reports suggest investigators can retrieve message content from locally stored notification data and metadata, rather than breaking end-to-end encryption itself, raising broader privacy concerns.