Signal for macOS found to be storing messages on local drive


Signal offers instant messaging with features and safeguards that appeal to those concerned about privacy and security. The app can be configured to automatically remove messages after a time, sort of a self-destruct feature. It was found, however, the default setting on macOS can leave a remanence of messages in a database. Furthermore, this database is apparently not a part of the volume that's encrypted by the system and is available with user-level permissions.

Motherboard:

As it turns out, the data is stored on disk inside the operating system, according to Mac security researcher Patrick Wardle. Wardle found that the disappearing messages that have appeared as notification can be recovered later, even after they are gone within the Signal app.

In a blog post, Wardle explains and shows that the messaged end up in a SQLite database that is accessible with normal user permissions. That means any malware, hacker, or forensic expert who can bypass the full disk encryption, will be able to recover these messages even after they’re gone in the app, Wardle told me.

This is just a setting issue with how notifications work, and it's important to note that someone would still need access to the machine to find old messages. Motherboard offers details how to disable the notification that results in the logging