One of the most appreciated features of Signal for Mac is that messages sent by this communication app can be set to automatically erase themselves. However, security researchers have found a flaw in the system.
The problem comes from the notifications macOS provides for incoming Signal messages.
Researcher Alec Muffett pointed out that a Mac’s notification bar shows the contents of messages, and these persist even after the time limit causes the original message to disappear from the Signal app.
The user needs to tap the ‘x’ for the notification to go away.
Signal for Mac messages live on
And it goes farther than that. Researcher Patrick Wardle discovered that Notification Center works from a SQLite database, and that notifications from Signal, including the text of messages, are stored there. The text can still be found and read from that source, even after the notification has been dismissed.
The researcher recommended that users disable all notifications coming from Signal for Mac. This can be easily done in the software’s Settings.
But there’s partial good news for iOS users of this app. Wardle said “Signal’s iOS application does not appear to be affected…at least is seems that messages are removed from the iOS Notification Center when viewed in the app. Whether iOS stores notifications similar to macOS should be investigated.”