Signal’s “disappearing messages” live on in macOS notifications

Signal, the privacy-focused voice and text messaging application, offers an attractive bit of operational security: ephemeral text messages that “self-delete” after a predetermined amount of time. There is just one small problem, however, with that feature on the Mac desktop version of the application, as information security consultant Alec Muffett discovered: if you sent a self-deleting message to someone using the macOS application, the message lives on in macOS’s Notifications history.

#HEADSUP: #Security Issue in #Signal. If you are using the @signalapp desktop app for Mac, check your notifications bar; messages get copied there and they seem to persist — even if they are “disappearing” messages which have been deleted/expunged from the app. pic.twitter.com/CVVi7rfLoY

— Alec Muffett (@AlecMuffett) May 8, 2018

Ars reproduced the problem, which Patrick Wardle of Objective See conducted a particularly deep dive on—revealing that the problem is in part a bug in the way Signal handles calls to the macOS notification system, and in part is just how macOS notifications work.

Messages that self delete from Signal still show up in notifications

Read 4 remaining paragraphs | Comments

Post Author: martin

Martin is an enthusiastic programmer, a webdeveloper and a young entrepreneur. He is intereted into computers for a long time. In the age of 10 he has programmed his first website and since then he has been working on web technologies until now. He is the Founder and Editor-in-Chief of BriefNews.eu and PCHealthBoost.info Online Magazines. His colleagues appreciate him as a passionate workhorse, a fan of new technologies, an eternal optimist and a dreamer, but especially the soul of the team for whom he can do anything in the world.