signal app icon 3Signal's Mac app displays recently received messages in the Notification Center on macOS, and this feature could compromise a user's disappearing private messages, as discovered by security researcher Alec Muffett and reported by Motherboard.

One of Signal's main advantages is its ability to send disappearing messages, so that after a predetermined amount of time the message is deleted from the app.

Muffett pointed out on Twitter this week that Signal's default Mac app settings somewhat defy this security measure due to the way Macs handle notifications. So, even if you send a self-destructing message within the Signal app, the messages remain on the recipient's Mac Notification Center, displaying your name and message details. Muffett was running macOS 10.13.4 and Signal version 1.9.0.

signal app notifications

Mac security researcher Patrick Wardle then investigated the issue further, discovering that the "deleted" Signal messages that remain in the Notification Center are saved on the Mac's disk inside the operating system. While this is true of any app that displays notifications, it's particularly troublesome for Signal users in need of high-level security, like government workers or journalists.

Any malicious third parties would still need to get their hands on your Mac to get into your message history, so as Motherboard pointed out, "this is not a major threat for most people." Still, this could be a major security risk for high-level Signal users, since this means that any disappearing messages that popped up in Notification Center can be recovered later, "even after they are gone within the Signal app."

Wardle summed up his findings:

In short, anything that gets displayed as a notification (yes, including 'disappearing' Signal messages) in the macOS Notification Center, is recorded by the OS.

If the application wants the item to be removed from the Notification Center, it must ensure that the alert is dismissed by the user or programmatically! However, it is not clear that this also 'expunges' the notifications (and the their contents) from the notification database...i'm guessing not! If this is the case, Signal may have to avoid generating notifications (containing the message body) for disappearing messages...

Wardle said that Signal's iOS app does not appear to have a similar issue at this time, although the app "should be investigated." Of course, any Signal Mac user who is worried about potential privacy risks can navigate to Signal's Preferences menu on the top-left corner of the screen when the app is open, click Notifications, and "Disable notifications."

Tag: Signal

Top Rated Comments

497902 Avatar
48 months ago
Lol, right. I wouldn’t trust any of these supposedly secure messaging systems. Just because they haven’t discovered an exploit yet, doesn’t mean its not there and being exploited. Turning off features to patch of security holes after they’ve been made public isn’t going to do you much good at all.
Feel free to check the source code yourself then if you doubt it.
Score: 4 Votes (Like | Disagree)
497902 Avatar
48 months ago
In short: Disable this feature, problem solved.
Score: 3 Votes (Like | Disagree)
C DM Avatar
48 months ago
99.999% of the time, no point whatsoever.

Either the content is not worth encoding or it is being monitored by people more sophisticated in breaking the cypher than you are at encoding it. The "one time pad" is still the only unbreakable encryption method but, since it relies upon distributing multiple copies of the pad (to the sender and recipient(s)), it isn't secure either.
Well, sounds like there isn't a point to locks either since someone somewhere can certainly pick whatever one you might use.
Score: 1 Votes (Like | Disagree)
twistedpixel8 Avatar
48 months ago
This is ridiculous. You need to assume that anything you send to someone has been read and potentially recorded. These "disappearing messages" are misleading and anyone who takes them for temporary is simply naive.
Score: 1 Votes (Like | Disagree)
alexander258954 Avatar
48 months ago
I find it hilarious that someone can have the capacity and understanding of macOS to create a macOS app but somehow still doesn't understand that notifications are stored infinitely in Notification Center until the user manually clears them out. Hilarious but also annoying. Please Apple can we please please stop with the paper trails? I will never stop clearing (force quitting) my recent iOS apps and obsessively clearing Notification Center. They should auto-clear out after about an hour in my opinion. I don't care about the wallpaper I downloaded, decided I didn't like, and deleted a month ago. What is the point in showing me a notification from a month ago?

Edit: If you disable the notifications for an app they're just hidden but if you re-enable them in Sys Prefs all the old notifications come back. They don't go anywhere. How great is that :) :) :) :) :) :) :)
Score: 1 Votes (Like | Disagree)
Kaibelf Avatar
48 months ago
Honestly if you are getting a message that is compromising you likely don’t want t popping up as a banner on a larger screen than necessary anyway.
Score: 1 Votes (Like | Disagree)

Popular Stories

maxresdefault

Review: M1 Max MacBook Pro After Three Months

Wednesday January 19, 2022 11:30 am PST by
It's now been a few months since the M1 Pro and M1 Max MacBook Pro models launched in October, and MacRumors video editor Dan Barbera has been using one of the new machines since they debuted. Over on the MacRumors YouTube channel, Dan has shared a three month review of his MacBook Pro to see how it has held up over time and how it's changed his workflow. Subscribe to the MacRumors YouTube ...
airpodsinear 1

AirPods Save Woman's Life With Feature Everyone Should Know

Friday January 21, 2022 2:13 am PST by
Apple's AirPods have been credited with saving a woman's life after a potentially fatal fall, People reports. When a 60-year-old florist in New Jersey tripped and hit her head in her studio, she lost consciousness and awoke heavily bleeding. With nobody around to call for help, she realized she had her AirPods in, and used a "Hey Siri" command to call 911. An operator was able to stay on the ...
iphone se 2020 top

New iPhone SE Likely to Launch in April Based on Production Timeframe

Wednesday January 19, 2022 6:44 am PST by
Apple suppliers will begin producing display panels for the third-generation iPhone SE this month, with final assembly of the device likely to start in March, according to information shared by display industry consultant Ross Young. Based on this production timeframe, Young believes the third-generation iPhone SE is likely to launch in the second half of April, or perhaps in early May at...
iphone 13 earpods

Apple to Stop Including EarPods With Every iPhone Sold in France From Next Week

Friday January 21, 2022 3:21 am PST by
Apple will no longer include EarPods with every iPhone sold in France, starting on January 24, according to a notice posted by a French carrier (via iGeneration). Apple was previously required to include EarPods in the box with the iPhone due to a French law that required every smartphone sold in the country to come with a "handsfree kit," but the law has now been changed in favor of reducing the ...
Spring 2022 Apple Products Feature

New iPad Air, Macs, and iPhone SE With 5G Likely to Be Announced at Apple Event This Spring

Thursday January 20, 2022 8:32 am PST by
Earlier this week, Bloomberg's Mark Gurman tweeted that Apple "will be holding a spring event" to announce a new iPhone SE and other hardware. In a recent edition of his newsletter, Gurman said the event is likely to occur in March or April. Gurman did not elaborate on what "other hardware" will be announced at Apple's purported spring event, but rumors suggest at least four products are...
appleeducation

Apple's US Education Store Now Requires Institution Verification to Buy Discounted Products

Wednesday January 19, 2022 2:22 am PST by
Apple is now requiring that customers in the United States verify that they're active students, teachers, or staff members at an educational institution in order to access education discounts on products. Previously, little verification was needed for customers to purchase products through Apple's education store in the United States. Apple's education stores offer models of the iPad and Mac ...
AirPods 3 New Firmware Feature

Apple Updates AirPods 3 Firmware to Version 4C170

Tuesday January 18, 2022 11:46 am PST by
Apple today released a new 4C170 firmware update for the AirPods 3, an update from the prior 4C165 that was made available in December. Apple does not offer details on what's included in new firmware updates for the AirPods‌, so we don't know what improvements or bug fixes the new firmware brings. There is no standard way to upgrade the ‌AirPods‌‌ software, but firmware is...
appleprivacyad cleaned

iOS 15 Patched Security Hole That Potentially Exposed Users' Private Apple ID Information to Third-Party Apps

Thursday January 20, 2022 3:32 am PST by
Apple patched two significant security vulnerabilities when it released iOS 15 that could have potentially exposed users' private Apple ID information and in-app search history to malicious third-party apps and allowed apps to override user Privacy preferences, Apple has revealed in a recent support document update. With most iOS, macOS, tvOS, and watchOS updates, Apple provides a list of...
apple watch series 7 aluminum colors yellowbg

Apple Watch Charging Bug Fixed in watchOS 8.4 Release Candidate

Thursday January 20, 2022 4:01 pm PST by
The watchOS 8.4 release candidate that was seeded to developers and beta testers this morning addresses an ongoing bug that could cause some Apple Watch chargers not to work properly with the Apple Watch. Back in December, we reported on a growing number of charging issues that Apple Watch Series 7 owners were facing. Since watchOS 8.3, there have been a number of complaints about...