signal app icon 3Signal's Mac app displays recently received messages in the Notification Center on macOS, and this feature could compromise a user's disappearing private messages, as discovered by security researcher Alec Muffett and reported by Motherboard.

One of Signal's main advantages is its ability to send disappearing messages, so that after a predetermined amount of time the message is deleted from the app.

Muffett pointed out on Twitter this week that Signal's default Mac app settings somewhat defy this security measure due to the way Macs handle notifications. So, even if you send a self-destructing message within the Signal app, the messages remain on the recipient's Mac Notification Center, displaying your name and message details. Muffett was running macOS 10.13.4 and Signal version 1.9.0.

signal app notifications

Mac security researcher Patrick Wardle then investigated the issue further, discovering that the "deleted" Signal messages that remain in the Notification Center are saved on the Mac's disk inside the operating system. While this is true of any app that displays notifications, it's particularly troublesome for Signal users in need of high-level security, like government workers or journalists.

Any malicious third parties would still need to get their hands on your Mac to get into your message history, so as Motherboard pointed out, "this is not a major threat for most people." Still, this could be a major security risk for high-level Signal users, since this means that any disappearing messages that popped up in Notification Center can be recovered later, "even after they are gone within the Signal app."

Wardle summed up his findings:

In short, anything that gets displayed as a notification (yes, including 'disappearing' Signal messages) in the macOS Notification Center, is recorded by the OS.

If the application wants the item to be removed from the Notification Center, it must ensure that the alert is dismissed by the user or programmatically! However, it is not clear that this also 'expunges' the notifications (and the their contents) from the notification database...i'm guessing not! If this is the case, Signal may have to avoid generating notifications (containing the message body) for disappearing messages...

Wardle said that Signal's iOS app does not appear to have a similar issue at this time, although the app "should be investigated." Of course, any Signal Mac user who is worried about potential privacy risks can navigate to Signal's Preferences menu on the top-left corner of the screen when the app is open, click Notifications, and "Disable notifications."

Tag: Signal

Top Rated Comments

497902 Avatar
81 months ago
Lol, right. I wouldn’t trust any of these supposedly secure messaging systems. Just because they haven’t discovered an exploit yet, doesn’t mean its not there and being exploited. Turning off features to patch of security holes after they’ve been made public isn’t going to do you much good at all.
Feel free to check the source code yourself then if you doubt it.
Score: 4 Votes (Like | Disagree)
497902 Avatar
81 months ago
In short: Disable this feature, problem solved.
Score: 3 Votes (Like | Disagree)
C DM Avatar
81 months ago
99.999% of the time, no point whatsoever.

Either the content is not worth encoding or it is being monitored by people more sophisticated in breaking the cypher than you are at encoding it. The "one time pad" is still the only unbreakable encryption method but, since it relies upon distributing multiple copies of the pad (to the sender and recipient(s)), it isn't secure either.
Well, sounds like there isn't a point to locks either since someone somewhere can certainly pick whatever one you might use.
Score: 1 Votes (Like | Disagree)
twistedpixel8 Avatar
81 months ago
This is ridiculous. You need to assume that anything you send to someone has been read and potentially recorded. These "disappearing messages" are misleading and anyone who takes them for temporary is simply naive.
Score: 1 Votes (Like | Disagree)
alexander258954 Avatar
81 months ago
I find it hilarious that someone can have the capacity and understanding of macOS to create a macOS app but somehow still doesn't understand that notifications are stored infinitely in Notification Center until the user manually clears them out. Hilarious but also annoying. Please Apple can we please please stop with the paper trails? I will never stop clearing (force quitting) my recent iOS apps and obsessively clearing Notification Center. They should auto-clear out after about an hour in my opinion. I don't care about the wallpaper I downloaded, decided I didn't like, and deleted a month ago. What is the point in showing me a notification from a month ago?

Edit: If you disable the notifications for an app they're just hidden but if you re-enable them in Sys Prefs all the old notifications come back. They don't go anywhere. How great is that :) :) :) :) :) :) :)
Score: 1 Votes (Like | Disagree)
Kaibelf Avatar
81 months ago
Honestly if you are getting a message that is compromising you likely don’t want t popping up as a banner on a larger screen than necessary anyway.
Score: 1 Votes (Like | Disagree)

Popular Stories

iPhone SE 4 Vertical Camera Feature

iPhone SE 4 Rumored to Use Same Rear Chassis as iPhone 16

Friday July 19, 2024 7:16 am PDT by
Apple will adopt the same rear chassis manufacturing process for the iPhone SE 4 that it is using for the upcoming standard iPhone 16, claims a new rumor coming out of China. According to the Weibo-based leaker "Fixed Focus Digital," the backplate manufacturing process for the iPhone SE 4 is "exactly the same" as the standard model in Apple's upcoming iPhone 16 lineup, which is expected to...
iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Just Two Months Away: Everything We Know

Monday July 15, 2024 4:44 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
iphone 14 lineup

Cellebrite Unable to Unlock iPhones on iOS 17.4 or Later, Leak Reveals

Thursday July 18, 2024 4:18 am PDT by
Israel-based mobile forensics company Cellebrite is unable to unlock iPhones running iOS 17.4 or later, according to leaked documents verified by 404 Media. The documents provide a rare glimpse into the capabilities of the company's mobile forensics tools and highlight the ongoing security improvements in Apple's latest devices. The leaked "Cellebrite iOS Support Matrix" obtained by 404 Media...
tinypod apple watch

TinyPod Turns Your Apple Watch Into an iPod

Wednesday July 17, 2024 3:18 pm PDT by
If you have an old Apple Watch and you're not sure what to do with it, a new product called TinyPod might be the answer. Priced at $79, the TinyPod is a silicone case with a built-in scroll wheel that houses the Apple Watch chassis. When an Apple Watch is placed inside the TinyPod, the click wheel on the case is able to be used to scroll through the Apple Watch interface. The feature works...
bsod

Crowdstrike Says Global IT Outage Impacting Windows PCs, But Mac and Linux Hosts Not Affected

Friday July 19, 2024 3:12 am PDT by
A widespread system failure is currently affecting numerous Windows devices globally, causing critical boot failures across various industries, including banks, rail networks, airlines, retailers, broadcasters, healthcare, and many more sectors. The issue, manifesting as a Blue Screen of Death (BSOD), is preventing computers from starting up properly and forcing them into continuous recovery...
New MacBook Pros Launching Tomorrow With These 4 New Features 2

M5 MacBook Models to Use New Compact Camera Module in 2025

Wednesday July 17, 2024 2:58 am PDT by
Apple in 2025 will take on a new compact camera module (CCM) supplier for future MacBook models powered by its next-generation M5 chip, according to Apple analyst Ming-Chi Kuo. Writing in his latest investor note on unny-opticals-2025-business-momentum-to-benefit-509819818c2a">Medium, Kuo said Apple will turn to Sunny Optical for the CCM in its M5 MacBooks. The Chinese optical lens company...