Chat apps like Signal and Telegram aim to attract users with the promise of privacy, and it seems they do so pretty successfully if the mostly-positive user reviews are anything to go by.
Telegram accomplishes this task through end-to-end message encryption, while Signal boosts privacy by automatically deleting your messages.
Unfortunately for the latter’s Mac fans, the app might not be as private as they think.
According to Motherboard, while Signal is effective at protecting your calls and messages in general, the Mac app has a few specific privacy-related issues related to its notification system.
Signal’s default Mac notification settings will display messages received from your friends in your device’s notification bar, even if those messages were officially deleted in the app.
Security researcher Alec Muffet told Motherboard that he is worried about “where in Apple’s operating system [Signal’s] data lives,” and whether it’s being cached or written somewhere where it could be accessed later.
#HEADSUP: #Security Issue in #Signal. If you are using the @signalapp desktop app for Mac, check your notifications bar; messages get copied there and they seem to persist — even if they are “disappearing” messages which have been deleted/expunged from the app. pic.twitter.com/CVVi7rfLoY
— Alec Muffett (@AlecMuffett) May 8, 2018
Another security researcher, Patrick Wardle, reportedly found that these messages can indeed be recovered later if they’ve appeared as a notification, as they’re simply “stored on a disk” inside the operating system.
Since Signal is commonly used for conversations of a particularly sensitive nature, this will likely be a concerning development for many.
Fortunately, Motherboard claims there’s an easy fix for the issue – all you need to do is visit Signal’s Mac notification settings and tick the “Neither name nor message” option to mitigate the problem.