signal app icon 3Signal's Mac app displays recently received messages in the Notification Center on macOS, and this feature could compromise a user's disappearing private messages, as discovered by security researcher Alec Muffett and reported by Motherboard.

One of Signal's main advantages is its ability to send disappearing messages, so that after a predetermined amount of time the message is deleted from the app.

Muffett pointed out on Twitter this week that Signal's default Mac app settings somewhat defy this security measure due to the way Macs handle notifications. So, even if you send a self-destructing message within the Signal app, the messages remain on the recipient's Mac Notification Center, displaying your name and message details. Muffett was running macOS 10.13.4 and Signal version 1.9.0.

signal app notifications

Mac security researcher Patrick Wardle then investigated the issue further, discovering that the "deleted" Signal messages that remain in the Notification Center are saved on the Mac's disk inside the operating system. While this is true of any app that displays notifications, it's particularly troublesome for Signal users in need of high-level security, like government workers or journalists.

Any malicious third parties would still need to get their hands on your Mac to get into your message history, so as Motherboard pointed out, "this is not a major threat for most people." Still, this could be a major security risk for high-level Signal users, since this means that any disappearing messages that popped up in Notification Center can be recovered later, "even after they are gone within the Signal app."

Wardle summed up his findings:

In short, anything that gets displayed as a notification (yes, including 'disappearing' Signal messages) in the macOS Notification Center, is recorded by the OS.

If the application wants the item to be removed from the Notification Center, it must ensure that the alert is dismissed by the user or programmatically! However, it is not clear that this also 'expunges' the notifications (and the their contents) from the notification database...i'm guessing not! If this is the case, Signal may have to avoid generating notifications (containing the message body) for disappearing messages...

Wardle said that Signal's iOS app does not appear to have a similar issue at this time, although the app "should be investigated." Of course, any Signal Mac user who is worried about potential privacy risks can navigate to Signal's Preferences menu on the top-left corner of the screen when the app is open, click Notifications, and "Disable notifications."

Tag: Signal

Top Rated Comments

497902 Avatar
54 months ago
Lol, right. I wouldn’t trust any of these supposedly secure messaging systems. Just because they haven’t discovered an exploit yet, doesn’t mean its not there and being exploited. Turning off features to patch of security holes after they’ve been made public isn’t going to do you much good at all.
Feel free to check the source code yourself then if you doubt it.
Score: 4 Votes (Like | Disagree)
497902 Avatar
54 months ago
In short: Disable this feature, problem solved.
Score: 3 Votes (Like | Disagree)
C DM Avatar
54 months ago
99.999% of the time, no point whatsoever.

Either the content is not worth encoding or it is being monitored by people more sophisticated in breaking the cypher than you are at encoding it. The "one time pad" is still the only unbreakable encryption method but, since it relies upon distributing multiple copies of the pad (to the sender and recipient(s)), it isn't secure either.
Well, sounds like there isn't a point to locks either since someone somewhere can certainly pick whatever one you might use.
Score: 1 Votes (Like | Disagree)
twistedpixel8 Avatar
54 months ago
This is ridiculous. You need to assume that anything you send to someone has been read and potentially recorded. These "disappearing messages" are misleading and anyone who takes them for temporary is simply naive.
Score: 1 Votes (Like | Disagree)
alexander258954 Avatar
54 months ago
I find it hilarious that someone can have the capacity and understanding of macOS to create a macOS app but somehow still doesn't understand that notifications are stored infinitely in Notification Center until the user manually clears them out. Hilarious but also annoying. Please Apple can we please please stop with the paper trails? I will never stop clearing (force quitting) my recent iOS apps and obsessively clearing Notification Center. They should auto-clear out after about an hour in my opinion. I don't care about the wallpaper I downloaded, decided I didn't like, and deleted a month ago. What is the point in showing me a notification from a month ago?

Edit: If you disable the notifications for an app they're just hidden but if you re-enable them in Sys Prefs all the old notifications come back. They don't go anywhere. How great is that :) :) :) :) :) :) :)
Score: 1 Votes (Like | Disagree)
Kaibelf Avatar
54 months ago
Honestly if you are getting a message that is compromising you likely don’t want t popping up as a banner on a larger screen than necessary anyway.
Score: 1 Votes (Like | Disagree)

Popular Stories

2022 back to school apple

Apple Launches 2022 Back to School Offer: Up to $150 Gift Card With Mac or iPad

Friday June 24, 2022 5:08 am PDT by
Apple today launched its annual "Back to School" promotion for college/university students in the United States and Canada. This year's promotion offers a free Apple gift card with the purchase of an eligible Mac or iPad, rather than free AirPods like last year. Apple is also offering students 20% off AppleCare+ plans during the promotion. Apple is offering a $150 gift card with the purchase ...
widgets ios 16 feature

Gurman: iPhone 14 Pro to Feature Always-On Display Showing iOS 16's New Lock Screen Widgets

Sunday June 26, 2022 7:36 am PDT by
iPhone 14 Pro models are widely expected to feature always-on displays that allow users to view glanceable information without having to tap to wake the screen. In the latest edition of his Power On newsletter for Bloomberg, Mark Gurman said the feature will include support for iOS 16's new Lock screen widgets for weather, fitness, and more. "Like the Apple Watch, the iPhone 14 Pro will be...
m2 mac mini screen feature

Gurman: Apple Planning M2 Pro Mac Mini, New Apple TV With A14 Chip, Revamped HomePod With S8 Chip, and More

Sunday June 26, 2022 6:31 am PDT by
In the latest edition of his Power On newsletter for Bloomberg, Mark Gurman outlined additional M2 Macs on Apple's product roadmap, including new Mac mini models with M2 and M2 Pro chips, new 14-inch and 16-inch MacBook Pro models with M2 Pro and M2 Max chips, and a new Mac Pro tower with M2 Ultra and "M2 Extreme" chips. Following the M2 series of Macs, Gurman said the first M3 series of...
13 inch macbook pro m2 mock feature 2

Base 13-Inch MacBook Pro With M2 Chip Has Significantly Slower SSD Speeds

Sunday June 26, 2022 2:52 pm PDT by
Following the launch of Apple's new 13-inch MacBook Pro with the M2 chip, it has been discovered that the $1,299 base model with 256GB of storage has significantly slower SSD read/write speeds compared to the equivalent previous-generation model. YouTube channels such as Max Tech and Created Tech tested the 256GB model with Blackmagic's Disk Speed Test app and found that the SSD's read and...
M2 Pro and Max Feature

Apple's Upcoming M2 Pro Chip for High-End MacBook Pro and Mac Mini Will Reportedly Be 3nm

Monday June 27, 2022 7:31 am PDT by
TSMC will manufacture Apple's upcoming "M2 Pro" and "M3" chips based on its 3nm process, according to Taiwanese industry publication DigiTimes. "Apple reportedly has booked TSMC capacity for its upcoming 3nm M3 and M2 Pro processors," said DigiTimes, in a report focused on competition between chipmakers like TSMC and Samsung to secure 3nm chip orders. As expected, the report said TSMC will...
airpods pro 2 1

AirPods Pro 2 Said to Feature Upgraded H1 Chip, Find My, Heart Rate Detection, USB-C and More

Friday June 24, 2022 9:48 am PDT by
The next-generation AirPods Pro could come with a long list of new features that include heart rate detection, the ability to function as a hearing aid, and a USB-C port according to a report from 52Audio. The site claims that it has received new information on the AirPods Pro 2, and it has used that information to provide some renders on what the earbuds might look like. Design wise, there...
tesla carplay hack

Tesla Apple CarPlay Hack Updated to Work With Any Tesla Model

Monday June 27, 2022 3:38 am PDT by
Polish developer Michał Gapiński has released a new and improved version of his "Tesla Android Project" which brings Apple's CarPlay experience to more Tesla vehicles than ever before. According to Gapiński, version 2022.25.1 provides "100% functional CarPlay integration for any Tesla," and comes with several new features and bug fixes. The project now supports DRM video playback so that...