Tag: smartphones

FBI Recovers Deleted Signal Messages Through iPhone Notifications

The FBI successfully recovered private Signal messages from a defendant’s iPhone even after the app was deleted. Learn how this security loophole works and the simple setting you must change today to keep your chats private.

Most of us prefer using the Signal app because it is supposed to be very secure with a remarkable end-to-end encryption system that hides our chats from everyone else. It also has a message-disappearing feature to help us set a message deletion time.

But the Federal Bureau of Investigation (FBI) found a way to read private Signal messages on an iPhone, even after the app was deleted. This was revealed in a court case in Texas that these messages can stay hidden in the phone’s memory longer than we expected.

How the loophole works

The case involves a woman named Lynette Sharp and an attack on a Texas detention centre in July 2025. During the trial in April 2026, the FBI revealed they recovered her messages even when she had deleted the Signal app. The bureau, reportedly, retrieved the messages from the iPhone’s push notification database.

During the trial, FBI Special Agent Clark Wiethorn explained how investigators accessed the evidence. When a message arrives, the phone shows a little preview on the screen, which is handled by the phone’s operating system and not the Signal app.

Even if Signal deletes the message later, the phone’s system can save a copy of that preview in its own records. To read these saved messages from Signal, the FBI used Cellebrite, a forensic tool often used by law enforcement to scan seized devices.

A key finding is that the FBI could only see incoming messages, not the ones Sharp sent, which confirms the data came from the notification storage. It shows that while the app’s encryption is strong, the phone’s operating system keeps its own logs of everything.

Keep reading

Massachusetts Agrees to Delete Data From App It ‘Secretly Installed’ During Pandemic

Massachusetts officials have agreed to delete data from a contact tracing application that people said was installed on their phones without their permission during the COVID-19 pandemic.

Under a settlement agreement approved by a federal judge on March 31, the Massachusetts Department of Public Health “shall (a) destroy any Primary Data in the Department’s possession, custody, and control, which the Department, exercising all due diligence, has located and … that was made available to the Department from the COVID Exposure Notification Setting on Android Devices; and (b) certify in writing to Class Counsel that such data has been destroyed and will not be provided to any third party.”

The state’s health commissioner also promised not to have data collecting applications installed on people’s phones without their permission for five years.

The settlement came in a case brought by plaintiffs who said the app in question, known as MassNotify v.3 or Exposure Notification Settings Feature-MA, was “secretly installed” on their phones without their permission.

American Institute of Economic Research senior fellow Robert Wright, who lives in Massachusetts, said the app was downloaded onto his Android phone around July 1, 2021, without his knowledge. Johnny Kula, a New Hampshire resident who travels to Massachusetts on a daily basis for work, also said he discovered the app on his phone around the same time, and that it was back on the phone later in 2021 after he uninstalled it.

The plaintiffs’ claims echoed reviews from app store users complaining they had not downloaded the app, but it appeared on their phones. The app, which allowed people to say they had tested positive for COVID-19, and alerted others who had recently been close in location to those people, was downloaded more than one million times, according to court filings. Similar applications were developed by at least 24 other states.

Keep reading

FBI Issues Public Alert on Americans Using Foreign Apps

The FBI identified data security risks from foreign-developed mobile apps used in the United States, the agency warned in a March 31 public service announcement.

“As of early 2026, many of the most downloaded and top-grossing apps in the United States are developed and maintained by foreign companies, particularly those based in China,” the FBI said, without naming any apps.

“The apps that maintain digital infrastructure in China are subject to China’s extensive national security laws, enabling the Chinese government to potentially access mobile app users’ data.”

In the Google Play store, the most popular apps include short-form video platform TikTok, video editor CapCut, artificial intelligence video generator PixVerse, and communication app Telegram X. China-based ByteDance maintains ownership of TikTok and CapCut. PixVerse is owned by a Singaporean company, and the developer of Telegram X is based in the United Arab Emirates.

On Apple’s App Store, the top free apps include CapCut, TikTok, and Chinese shopping apps Temu and Shein.

In its alert, the FBI warned users to be aware of the types of data the foreign apps request access to when they are downloaded.

Keep reading

White House App Found Tracking Users’ Exact Location Every 4.5 Minutes via Third-Party Server

The Trump administration’s newly launched White House App is under scrutiny after a software developer claimed to have found embedded code that tracks users’ precise GPS coordinates every 4.5 minutes and automatically syncs them to a third-party server. The claim, posted on 28 March 2026 by the X account @Thereallo1026, has drawn nearly 260,000 views and prompted questions about data collection practices in government-operated applications.

The post included what appeared to be decompiled source code from the app, revealing what the user described as OneSignal’s ‘full GPS pipeline compiled in.’ According to the post, the code showed the app ‘polling your location every 4.5 minutes, syncing your exact coordinates to a third-party server.’ The White House has not publicly responded to the specific technical claims.

What the Code Allegedly Shows

OneSignal is a widely used push notification platform that, according to its own documentation, updates a user’s GPS coordinates ‘approximately every 5 minutes (based on permission and system rules)’ when location sharing is enabled within a mobile app. The platform is designed to allow developers to segment and target users based on their physical location for messaging campaigns.

The decompiled code shared by @Thereallo1026 references Android location permission strings, background location access, and a foreground update time set to 270,000 milliseconds — the equivalent of 4.5 minutes — alongside a background update time of 600,000 milliseconds, or 10 minutes. If accurate, these constants suggest the app is configured to collect and transmit precise location data at regular intervals, even while running in the background.

Keep reading

White House renamed ‘Epstein Island’ on Google phones – WaPo

The White House was briefly renamed ‘Epstein Island’ for some Google Pixel phone users, the Washington Post has reported.

The term is used to refer to the Caribbean island of Little St. James, which had been owned by the late convicted pedophile Jeffry Epstein. According to the prosecutors, it served as the venue for sex trafficking and other abuses involving some high-profile figures in business and politics.

WaPo said in an article on Saturday that when its journalist tried calling the White House switchboard earlier this week, the name on screen indicated that they were contacting “Epstein Island.”

Only users of Google’s Pixel phones experienced the issue. For those calling the presidential residence from other Android phones and iPhones, no name was displayed, the report read.

Keep reading

Mexico Mandates Biometric SIM Registration for All Phone Numbers

Anonymous prepaid SIM cards are dying in Mexico. By July 1, 2026, every active cell phone number in the country must be biometrically linked to a named, government-credentialed individual or face suspension. That’s around 127 million numbers, each one tethered to an identity the Mexican government can look up by name.

The mobile registration law took effect January 9, 2026, covering prepaid and postpaid plans, physical SIMs, and eSIMs alike. Existing subscribers have until June 30 to complete registration. New lines activated after January 9 get 30 days. Miss the window, and the line goes dark.

The enforcement mechanism runs through the CURP Biométrica, Mexico’s biometric upgrade to its existing population registry code. The new credential embeds a photograph, electronic signature, and QR code that ties directly to biometrically verified records held in the national registry.

Residents registering a mobile line must provide their CURP number alongside a valid government ID, which makes biometric enrollment not optional but structurally required. You cannot register a phone number without first handing your biometric data to the state.

What Mexico is building here is a national phone network where every number has a face attached to it.

Keep reading

Kentucky Launches Mobile ID App Amid Broader Push for Digital Identity and Age Verification Law

Kentucky has introduced a new Mobile ID app that allows residents to carry a state-issued digital ID on their smartphones.

The credential can currently be used at TSA checkpoints in select airports and is described as a voluntary digital version of a driver’s license or state ID for limited verification purposes.

The Kentucky Transportation Cabinet, which is overseeing the rollout, says the program is part of the state’s adoption of mobile driver’s license technology.

The digital ID is stored securely on the user’s phone and relies on encrypted Bluetooth connections for verification, removing the need to hand over a physical card.

At this stage, the credential is accepted only for TSA identity checks. The state has not indicated when or if it will expand to other uses such as traffic stops, public service access, or age-restricted purchases.

Kentucky officials have also stated that the app is not meant to serve as a full digital wallet but as a narrowly defined identification tool.

Governor Andy Beshear described the Mobile ID as “a secure and convenient option” for residents who wish to use it.

Transportation Cabinet Secretary Jim Gray noted that the digital version “reduces exposure of personal information” compared with showing a physical license.

The state has published detailed guidance explaining how to enroll, verify, and use the credential during airport screenings.

Kentucky’s Mobile ID app is not an isolated gadget for airport lines. It fits into a broader state effort to rethink how identity and age are confirmed in both physical and online settings.

This comes at a time when Kentucky lawmakers are actively expanding legal frameworks around age verification and digital identity across multiple fronts.

The Mobile ID lets residents carry a secure digital version of their driver’s license or state ID on a smartphone, currently usable at TSA checkpoints in participating airports.

The app’s design stores credentials locally on the device and uses encrypted Bluetooth to transmit only the necessary details for a verification task.

At the same time that the state is embracing mobile identity technology, lawmakers have enacted age verification legislation that applies to online activity.

Under House Bill 278, websites hosting adult content must verify that users are at least 18 years old before allowing access, which in practice has led some major adult sites to block access for Kentucky users rather than collect ID data online.

This law took effect in mid-2024 and reflects a legislative move to enforce age checks on digital platforms.

Kentucky’s digital identity initiative and its age verification law point toward a future where proving age and identity electronically may become more common in many contexts.

Keep reading

Unbanked In A Connected World

Financial exclusion remains high in many parts of the world. In several countries, more than two out of three adults are unbanked, yet the majority own a mobile phone. This contrast between connectivity and financial access highlights both the persistent gaps in global inclusion and the massive opportunity to close them.

Created in partnership with Plasma, this graphic, via Visual Capitalist’s Jenna Ross, shows how ownership of financial accounts and mobile phones compares across countries. It’s part of our Money 2.0 series, where we highlight how finance is evolving into its next era.

The Unbanked Gap

In low- and middle-income economies, 84% of adults own a mobile phone, while 75% of people have financial accounts. This gap is much wider in some countries, especially in Africa and the Middle East.

For the most unbanked countries worldwide, here are the percentages of adults who own a financial account and those who own a mobile phone.

Keep reading

How the Military Exposed the Tools That Let Authorities Break Into Phones

Immigration and Customs Enforcement (ICE) really doesn’t want the public to know what it’s doing with Cellebrite devices, a company that helps law enforcement break into a locked phone. When it announced an $11 million contract with Cellebrite last month, ICE completely redacted the justification for the purchase.

The U.S. Marine Corps has now done the opposite. It published a justification to a public contracting platform, apparently by mistake, for a no-bid contract to continue putting Cellebrite’s UFED/InsEYEts system in the hands of military police. The document is marked “controlled unclassified information” with clear instructions not to distribute it publicly. UFED/InsEYEts “includes capabilities exclusive to Cellebrite and not available from any other company or vendor,” the document claims, before going on to list specific capabilities for breaking into specific devices.

Reason is posting the document below, with phone numbers redacted.

Keep reading

Google’s Android Lockdown: Are You Really In Control Of Your Phone?

Android’s new rule requires all app developers to submit personal information to Google, even for apps outside the Play Store. Critics argue this threatens user freedom and ignores solutions…

Android, Google’s mobile operating system, announced on August 25 that it will be requiring all app developers to verify their identity with the organization before their apps can run on “certified android devices.”

While this might sound like a common-sense policy by Google, this new standard is not just going to be applied to apps downloaded from Google Play store, but all apps, even those “side-loaded” — installed directly into devices by side-stepping the Google Play store. Apps of the sort can be found online in Github repositories or on project websites and installed on Android devices directly by downloading the installation files (known as APKs). 

What this means is that, if there is an application that Google does not like, be it because it does not conform to its policies, politics or economic incentives, they can simply keep you from running that application on your own device. They are locking down Android devices from running applications not with their purview. The ask? All developers, whether submitting their apps through the Play store or not, need to give their personal information to Google. 

The decision begs the question, if you can not run whatever app you want on your device without the permission of Google, then is it really your device? How would you respond if Windows decided you could only install programs from the Microsoft app store?

The move has of course made news in tech and cybersecurity media and caused quite a stir as it has profound consequences for the free and open web. For years, Android has been touted as an open source operating system, and through this strategy has gained massive distribution throughout the world with users in developing countries where Apple’s “walled garden” model and luxury devices are not affordable.

This new policy will tighten up controls over applications and its developers, and threatens the freedom to run whatever software you like on your own device in a very subversive and legalistic way. Because of Google’s influence over the Android variety of phones, the consequences of this policy are likely to be felt by the majority of users and devices, throughout the world.

Keep reading