If your team uses Signal, WhatsApp, or any other encrypted messaging app to discuss clients, finances, or sensitive business matters — this article is essential reading. Not because encryption is broken. But because the way your device handles notifications may be quietly undoing all of that protection.
What Actually Happened
In a recent case in the United States, FBI investigators were able to retrieve deleted Signal messages from a suspect's iPhone — even after the Signal app had been completely removed from the device.
This wasn't a Hollywood-style hack. The FBI didn't crack Signal's world-class encryption, exploit a secret backdoor, or use classified technology. They used a method that is documented, repeatable, and increasingly common in digital forensics.
They looked in the iPhone's push notification database.
Here's what most people don't realise: when a message arrives on your phone and triggers a notification, Apple's operating system quietly stores a copy of that notification's content in a local database — before your app even opens it. Signal encrypts the message perfectly in transit. But the moment it arrives on your device and flashes up as a preview on your lock screen — "Sarah: The tender price is $120,000" — Apple logs it.
Forensic software can extract that database. When investigators did exactly that, they found readable, timestamped, attributed message content — intact, even after the app was deleted.
"But I Use Signal — Isn't That the Gold Standard?"
Yes. Signal is genuinely excellent and remains the most trusted encrypted messaging app in the world. It is used by journalists, lawyers, politicians, activists, and security professionals for good reason. The encryption itself was not compromised in this case.
The problem isn't Signal. The problem is the gap between the app and the operating system.
Signal actually provides a setting specifically designed to prevent this. When enabled, it strips all message content out of push notifications — your lock screen shows "New Message" instead of the actual text. That means nothing sensitive gets written into the notification log.
Most users have never turned this on. Most small businesses have never even discussed it. And that single overlooked default setting is what gave investigators a window into communications that were supposed to be private.
Why This Matters for Perth SMBs
You might be thinking: "This was a criminal investigation. My business has nothing to hide."
That's fair — but consider the full picture.
The same forensic tools used by the FBI are commercially available. Products like Cellebrite and GrayKey are sold to law enforcement agencies globally, have been documented in court proceedings, and their methods are increasingly replicated in lower-cost tools available to private investigators and bad actors.
For businesses handling any of the following, the exposure is very real:
Client confidentiality — legal, financial, medical, or HR conversations
Commercial pricing and tender information
Staff performance reviews or disciplinary matters
Banking details or credentials shared over chat
Intellectual property or product development discussions
A single device — lost, stolen, or accessed by a disgruntled former employee — could expose months of sensitive conversations. And here is the critical point: this is not just a Signal issue. Any messaging app that displays notification previews, including WhatsApp, Telegram, and Microsoft Teams, can store content in the device notification log. The vulnerability is the device configuration, not the app itself.
The Technical Breakdown — Plain English
Here is exactly what happens when you receive an encrypted message, step by step:
Your contact's app encrypts the message and sends it to Signal's server — fully protected
Signal's server triggers a push notification to Apple's notification service (APNs)
Apple delivers the notification to your iPhone and logs the content in a local database on the device
Your lock screen displays a preview — "John: The contract is ready to sign"
Signal decrypts and displays the full message inside the app
Steps 1, 2, and 5 are fully encrypted and secure. Steps 3 and 4 are not. That notification database sits quietly on your device. Forensic tools can extract it — regardless of whether the message was later deleted inside Signal, or even if Signal itself was uninstalled.
The Fix: What Your Team Should Do Today
The good news is that this is entirely preventable with the right configuration. Here is what every staff member and business owner should action immediately.
Signal (iPhone & Android)
Open Signal → Settings → Notifications → Show → select "No Name or Message"
This removes all content from notification previews and stops sensitive text from being logged.
WhatsApp (iPhone)
Go to iPhone Settings → Notifications → WhatsApp → disable "Show Preview"
Microsoft Teams
Open Teams → Settings → Notifications → set message previews to Off
For Business Owners — Enforce It Company-Wide
Individual fixes are a start, but they rely on every single employee doing it correctly. The more effective approach is enforcement at a policy level:
Deploy Mobile Device Management (MDM) such as Microsoft Intune to push security configurations across all staff devices automatically
Disable lock screen notification previews for all sensitive apps via MDM policy — no employee action required
Enable remote wipe on all devices that access company data, so a lost phone doesn't become a data breach
Conduct a regular app audit to identify which apps have notification access on company-owned and BYOD devices
The Bigger Lesson: Configuration Is the New Security Perimeter
For years, small business cybersecurity advice was simple: use strong passwords, install antivirus. Then it evolved: enable encryption, turn on two-factor authentication.
In 2026, the frontier has shifted again. The tools your team uses every day — Microsoft Teams, Signal, SharePoint, Outlook — are largely secure out of the box. But "out of the box" is rarely "optimally configured for your business."
The FBI's Signal case is a perfect illustration. There was no sophisticated attack. No phishing. No malware. The vulnerability was a single default setting that no one had changed — and it silently created an exposure that persisted for months.
This is exactly the kind of gap that falls through the cracks in businesses without a dedicated IT team. Nobody did anything wrong. No one was careless. The app was installed, it worked, and the team got on with their day. But the default settings were never reviewed, and that quiet oversight became the biggest risk in the room.
This is the work we do every day for Perth businesses with under 50 staff. Not just keeping the lights on — but proactively reviewing your tools, your configurations, and your communication policies to close the gaps before they become incidents.
Is Your Business Exposed Right Now?
Here is a quick self-assessment. Be honest:
✅ Do you have a documented mobile device policy for all staff?
✅ Are company and BYOD devices enrolled in an MDM solution like Microsoft Intune?
✅ Do you know which apps display sensitive content in lock screen notifications?
✅ Have you reviewed your Microsoft 365 security baseline in the last 12 months?
✅ Can you remotely wipe a staff member's device if it is lost or stolen today?
✅ Do new employees receive a security onboarding checklist before accessing company data?
If you answered "no" or "not sure" to even one of these, your business likely has at least one silent configuration gap — similar to the one that made headlines in this FBI case.
Let's Fix It Together
We offer a free 30-minute IT Security Review for Perth SMBs. We will look at your devices, your Microsoft 365 environment, your communication tools, and your current policies — and give you a plain-English report of what needs tightening, with no obligation and no jargon.
No scare tactics. No lock-in contracts. Just practical, honest advice from a local Perth team that works exclusively with small and medium businesses like yours.
👉 Book your free review at ITSupportPerth.net.au



