Signal's self-destructing messages linger on Macs

Macbook in use
A Macbook air in an Apple store. Photo: Brian Kersey/Getty Images

Signal Messenger's self-destructing messages are saved by the Apple Mac operating system's notification feature.

Why it matters: The end-to-end encrypted Signal is as close to a gold standard in secure chat as you will find among privacy-conscious users. But that was in part because the messages weren't stored beyond pre-designated time limits. Now, every old message is fair game for hackers again, provided it was sent to someone using a Mac version of Signal.

The details: The Mac notification system doesn't automatically delete old messages. Signal isn't coded to delete its own notifications, either. So even after it has deleted messages in its application, the system keeps a record of the notification of the message — even for users who have notifications turned off.

  • The bug was initially noted by Alec Muffett, with Digita's Patrick Wardle drilling down to the reasons the messages didn't delete.