signal app icon 3Signal's Mac app displays recently received messages in the Notification Center on macOS, and this feature could compromise a user's disappearing private messages, as discovered by security researcher Alec Muffett and reported by Motherboard.

One of Signal's main advantages is its ability to send disappearing messages, so that after a predetermined amount of time the message is deleted from the app.

Muffett pointed out on Twitter this week that Signal's default Mac app settings somewhat defy this security measure due to the way Macs handle notifications. So, even if you send a self-destructing message within the Signal app, the messages remain on the recipient's Mac Notification Center, displaying your name and message details. Muffett was running macOS 10.13.4 and Signal version 1.9.0.

signal app notifications

Mac security researcher Patrick Wardle then investigated the issue further, discovering that the "deleted" Signal messages that remain in the Notification Center are saved on the Mac's disk inside the operating system. While this is true of any app that displays notifications, it's particularly troublesome for Signal users in need of high-level security, like government workers or journalists.

Any malicious third parties would still need to get their hands on your Mac to get into your message history, so as Motherboard pointed out, "this is not a major threat for most people." Still, this could be a major security risk for high-level Signal users, since this means that any disappearing messages that popped up in Notification Center can be recovered later, "even after they are gone within the Signal app."

Wardle summed up his findings:

In short, anything that gets displayed as a notification (yes, including 'disappearing' Signal messages) in the macOS Notification Center, is recorded by the OS.

If the application wants the item to be removed from the Notification Center, it must ensure that the alert is dismissed by the user or programmatically! However, it is not clear that this also 'expunges' the notifications (and the their contents) from the notification database...i'm guessing not! If this is the case, Signal may have to avoid generating notifications (containing the message body) for disappearing messages...

Wardle said that Signal's iOS app does not appear to have a similar issue at this time, although the app "should be investigated." Of course, any Signal Mac user who is worried about potential privacy risks can navigate to Signal's Preferences menu on the top-left corner of the screen when the app is open, click Notifications, and "Disable notifications."

Tag: Signal

Top Rated Comments

497902 Avatar
497902
78 months ago
Lol, right. I wouldn’t trust any of these supposedly secure messaging systems. Just because they haven’t discovered an exploit yet, doesn’t mean its not there and being exploited. Turning off features to patch of security holes after they’ve been made public isn’t going to do you much good at all.
Feel free to check the source code yourself then if you doubt it.
Score: 4 Votes (Like | Disagree)
497902 Avatar
497902
78 months ago
In short: Disable this feature, problem solved.
Score: 3 Votes (Like | Disagree)
C DM Avatar
C DM
78 months ago
99.999% of the time, no point whatsoever.

Either the content is not worth encoding or it is being monitored by people more sophisticated in breaking the cypher than you are at encoding it. The "one time pad" is still the only unbreakable encryption method but, since it relies upon distributing multiple copies of the pad (to the sender and recipient(s)), it isn't secure either.
Well, sounds like there isn't a point to locks either since someone somewhere can certainly pick whatever one you might use.
Score: 1 Votes (Like | Disagree)
twistedpixel8 Avatar
twistedpixel8
78 months ago
This is ridiculous. You need to assume that anything you send to someone has been read and potentially recorded. These "disappearing messages" are misleading and anyone who takes them for temporary is simply naive.
Score: 1 Votes (Like | Disagree)
alexander258954 Avatar
alexander258954
78 months ago
I find it hilarious that someone can have the capacity and understanding of macOS to create a macOS app but somehow still doesn't understand that notifications are stored infinitely in Notification Center until the user manually clears them out. Hilarious but also annoying. Please Apple can we please please stop with the paper trails? I will never stop clearing (force quitting) my recent iOS apps and obsessively clearing Notification Center. They should auto-clear out after about an hour in my opinion. I don't care about the wallpaper I downloaded, decided I didn't like, and deleted a month ago. What is the point in showing me a notification from a month ago?

Edit: If you disable the notifications for an app they're just hidden but if you re-enable them in Sys Prefs all the old notifications come back. They don't go anywhere. How great is that :) :) :) :) :) :) :)
Score: 1 Votes (Like | Disagree)
Kaibelf Avatar
Kaibelf
78 months ago
Honestly if you are getting a message that is compromising you likely don’t want t popping up as a banner on a larger screen than necessary anyway.
Score: 1 Votes (Like | Disagree)
Read All Comments

Popular Stories

iPhone 15 Pro FineWoven

Apple Reportedly Stops Production of FineWoven Accessories

Sunday April 21, 2024 6:03 am PDT by
Apple has stopped production of FineWoven accessories, according to the Apple leaker and prototype collector known as "Kosutami." In a post on X (formerly Twitter), Kosutami explained that Apple has stopped production of FineWoven accessories due to its poor durability. The company may move to another non-leather material for its premium accessories in the future. Kosutami has revealed...
Read Full Article423 comments
Provenance Emulator

PlayStation and SEGA Emulator for iPhone and Apple TV Coming to App Store [Updated]

Friday April 19, 2024 8:29 am PDT by
The lead developer of the multi-emulator app Provenance has told iMore that his team is working towards releasing the app on the App Store, but he did not provide a timeframe. Provenance is a frontend for many existing emulators, and it would allow iPhone and Apple TV users to emulate games released for a wide variety of classic game consoles, including the original PlayStation, GameCube, Wii,...
Read Full Article177 comments
iOS 17 All New Features Thumb

iOS 17.5 Will Add These New Features to Your iPhone

Sunday April 21, 2024 3:00 am PDT by
The upcoming iOS 17.5 update for the iPhone includes only a few new user-facing features, but hidden code changes reveal some additional possibilities. Below, we have recapped everything new in the iOS 17.5 and iPadOS 17.5 beta so far. Web Distribution Starting with the second beta of iOS 17.5, eligible developers are able to distribute their iOS apps to iPhone users located in the EU...
Read Full Article
apple vision pro orange

Apple Vision Pro Customer Interest Dying Down at Some Retail Stores

Monday April 22, 2024 2:12 am PDT by
Apple Vision Pro, Apple's $3,500 spatial computing device, appears to be following a pattern familiar to the AR/VR headset industry – initial enthusiasm giving way to a significant dip in sustained interest and usage. Since its debut in the U.S. in February 2024, excitement for the Apple Vision Pro has noticeably cooled, according to Bloomberg's Mark Gurman. Writing in his latest Power On...
Read Full Article289 comments
top stories 20apr2024

Top Stories: Nintendo Emulators on App Store, Two New iOS 17 Features, and More

Saturday April 20, 2024 6:00 am PDT by
It was a big week for retro gaming fans, as iPhone users are starting to reap the rewards of Apple's recent change to allow retro game emulators on the App Store. This week also saw a new iOS 17.5 beta that will support web-based app distribution in the EU, the debut of the first hotels to allow for direct AirPlay streaming to room TVs, a fresh rumor about the impending iPad Air update, and...
Read Full Article9 comments