iOS stores the previously displayed notifications in an internal database, which was used to access the data. It’s outside of Signal’s control, they recommend disabling showing notification content in their settings to prevent this attack vector

They are;

“Messages were recovered from Sharp’s phone through Apple’s internal notification storage—Signal had been removed, but incoming notifications were preserved in internal memory. Only incoming messages were captured (no outgoing).”

ie the messages recovered were 1. incoming 2. stored by the OS after decryption

i also was spooked by the headline :p

You can choose what to show in the notification and there is an option to include the message, so I'm guessing that allowed some unencrypted incoming messages to be read.

This kind of vulnerability is not tied to Signal but all apps which send notification.

[dead]