#HEADSUP: #Security Issue in #Signal. If you are using the @signalapp desktop app for Mac, check your notifications bar; messages get copied there and they seem to persist — even if they are "disappearing" messages which have been deleted/expunged from the app. pic.twitter.com/CVVi7rfLoY — Alec Muffett (@AlecMuffett) May 8, 2018

Security researcher Patrick Wardle described the problem in some detail in a blog post. He showed that those messages are also stored elsewhere in your computer, in an SQLite database, and that with just a little bit of effort, all of the Signal-deleted messages that ended up in the Notification Center can be recovered. And that means someone else can get to those messages too, negating one of the main reasons to use Signal in the first place. "This is definitely less than ideal," Wardle told Motherboard. "We set messages to disappear with the expectation that they will go poof. Often such messages are very sensitive and would be ruinous if they well in the wrong hands." He added, "If I'm a nation state [hacking] group, I'm now going to code up a 'grabSignalMessage' plugin for my implants."

Wardle noted in his post that the problem may not extend to your iPhone, as it appears messages are removed from the iOS Notification Center. But he warns it's worth looking into whether iOS stores notifications in a similar way as macOS.

To fix the problem on your Mac going forward, pop into the Signal desktop app's preferences and then the "Notifications" section. There you have the option of managing what information is included in a message notification or disabling notifications altogether. Previously stored messages still remain, however, so you'll have to clear the database that stores them or get rid of it completely, though at your own risk, Wardle writes.