The Digital Security Digest, by Freedom of the Press Foundation (FPF), is a weekly newsletter with security tips that keep you, your sources, and your devices safe. If someone shared this newsletter with you, please subscribe here.
After news report reveals security flaw, Apple issues update
Three weeks ago, my colleague Dr. Martin Shelton highlighted a security issue related to Signal notifications. Initially reported by 404 Media, the FBI was able to obtain deleted Signal notifications from a defendant’s iPhone through forensic extraction. Even though the defendant had deleted their Signal app, their notifications were subject to collection by the FBI because they had been stored in their phone’s push notification database.
In an act of redress that demonstrates the power of news reporting, Apple released a security update on April 22 that fixes the issue. This is a welcome development, as the federal government has been investing more heavily in forensic technology.
What you can do
- Download this update and any others that are waiting for you. Even if it means cutting away from this newsletter, open your Settings app, search for “Software update,” and see what’s waiting for you. Do it. Do it now. (Even if you’re an Android person.)
- Note that Apple’s patch for this particular bug applies to notifications that have been deleted. It’s worth taking a look at your current notification settings to make sure your phone is not currently displaying and storing information you prefer to keep private.
- We love Signal’s in-app feature that allows you to set notifications so they show “no name or message.” This setting means that Signal will alert you to the existence of a new message without revealing who sent it or what it’s about. While this does add an element of suspense to your experience, it’s a great way to ensure your notifications maintain the very confidentiality that probably inspires your use of Signal in the first place.
Updates from our team
- Check out this recording of a panel discussion featuring Harlo Holmes, FPF’s chief security programs officer, on working safely with sources. The panel was part of last month’s International Journalism Festival.
- Register here for “Journalist safety in the US: Crowds, protests, and events,” on Tuesday, May 19, at 1 p.m. Eastern time. This event is brought to you by the U.S. Journalist Assistance Network and also features our own Harlo Holmes. We hope to see you there!
Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.
Thank you for reading!
Davis
–
Davis Erin Anderson
Senior Digital Security Trainer
Freedom of the Press Foundation
