The FBI was able to forensically extract copies of incoming Signal messages from a defendants iPhone, even after the app was deleted, because copies of the content were saved in the devices push notification database, multiple people present for FBI testimony in a recent trial told 404 Media. The case involved a group of people setting off fireworks and vandalizing property at the ICE Prairieland Detention Facility in Alvarado, Texas in July, and one shooting a police officer in the neck.The news shows how forensic extractionwhen someone has physical access to a device and is able to run specialized software on itcan yield sensitive data derived from secure messaging apps in unexpected places. Signal already has a setting that blocks message content from displaying in push notifications; the case highlights why such a feature might be important for some users to turn on.We learned that specifically on iPhones, if ones settings in the Signal app allow for message notifications and previews to show up on the lock screen, [then] the iPhone will internally store those notifications/message previews in the internal memory of the device, a supporter of the defendants who was taking notes during the trial told 404 Media. 404 Media granted the person anonymity to protect them from retaliation.The Prairieland ICE detention center case was the first time authorities charged people for alleged Antifa activities after President Trump designated the umbrella term a domestic terrorist organization in September. Supporters of the more than a dozen defendants say the case is political repression.Do you know anything else about this case? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.One of the defendants was Lynette Sharp, who previously pleaded guilty to providing material support to terrorists. During one day of the related trial, FBI Special Agent Clark Wiethorn testified about some of the collected evidence. A summary of Exhibit 158 published on a group of supporters website says, Messages were recovered from Sharps phone through Apples internal notification storageSignal had been removed, but incoming notifications were preserved in internal memory. Only incoming messages were captured (no outgoing).404 Media spoke to one of the supporters who was taking notes during the trial, and to Harmony Schuerman, an attorney representing defendant Elizabeth Soto. Schuerman shared notes she took on Exhibit 158. They were able to capture these chats bc [because] of the way she had notifications set up on her phoneanytime a notification pops up on the lock screen, Apple stores it in the internal memory of the device, those notes read.The supporter added, I was in the courtroom on the last day of the state's case when they had FBI Special Agent Clark testifying about some Signal messages. One set came from Lynette Sharp's phone (one of the cooperating witnesses), but the interesting detailed messages shown in court were messages that had been set to disappear and had in fact disappeared in the Signal app.Typically when a user receives a Signal message, their phone will display a push notification announcing they have received a message, and display the sender and at least some of the message content. In the Notifications menu under Settings in the Signal app, users can change what Notification Content appears. This includes Name, Content, and Actions; Name Only; and No Name or Content.The issue of notifications saving some message data is likely not limited to the Signal app, but is a more fundamental friction between secure messaging apps and how Apple stores notifications.Authorities have turned to push notifications more broadly as an investigative strategy too; in June 404 Media reported Apple gave governments data on thousands of push notifications. Those were legal demands made to Apple, while the Prairieland case was about data from a device authorities had physical access to.Signal acknowledged a request for comment on March 12, but stopped replying to emails after that. Apple did not respond to a request for comment.All defendants of the recent trial were found guilty of multiple charges each.