How to Keep The Feds Out of Your Signal Messages
Earlier this week we learned that federal prosecutors used Signal messages to build a case against 15 people in Minnesota that leans heavily on what appears to be First Amendment-protected activity. The indictment draws on conversations from more than a dozen Signal groups and quotes more than 100 specific messages. But how did the feds get into these chats to begin with, and what can you do to stop them from reading yours?
How they did it: ICE likely physically accessed some people’s phones.
Signal has strong end-to-end encryption, but that’s only as strong as the end points, or phones that have the messages on them. There are many ways law enforcement can gain access to phones, but what they actually see when they get them depends in part on your settings.
Here’s what you can do to increase the odds of keeping your phone safe from government overreach. (Note that this is not legal advice; please consult with a lawyer for that.)
Step 1: Power your phone off if seizure is likely.
A phone that's been fully shut down sits in a "Before First Unlock" state where the encryption keys aren't loaded in memory. This makes it harder for any forensic tool to crack than a phone you've unlocked at least once since it booted. Modern iPhones also auto-reboot back into this state after about 3 days of inactivity, but don't rely on the timer. If you think your phone may be taken (at a protest, a stop, a raid), shut it all the way down yourself.
Step 2: Turn off (and clear out) biometrics.
If police access your phone, for example if you are arrested, courts have consistently held that police can't force you to share a passcode. The law around face and fingerprint data is contested and may depend on your jurisdiction. Because a passcode is the more clearly protected option, turning biometrics off is the safer choice.
- iPhone: Settings → Face ID & Passcode, enter your passcode, and toggle off the unlock options (e.g., iPhone Unlock). Also, tap “Reset Face ID” to clear your Face ID if it’s saved on your phone. (If it says “Set up Face ID” then you can skip this step.) If you have an older model, go to Settings > Touch ID and Passcode, tap the fingerprint and click Delete Fingerprint.
- Android: Settings → Security & Privacy → Device Unlock, tap Face Unlock or Fingerprint Unlock, and delete the enrolled data.
Turning off biometrics makes it annoying to use your phone, so I know some of you will ignore this suggestion. If that’s you, remember that both Android and iOS have a quick "lockout" that forces a passcode and disables biometrics until you re-enter it: on iPhone, hold the side + volume button until the power-off screen appears, then cancel; on most Androids, hold power and tap Lockdown. Also remember that you can always turn off biometrics just to unlock your phone and leave it on for things like unlocking Signal, Apple Pay, etc.
Step 3: Use a strong password.
Now that you've turned off biometrics, you might be tempted to pick an easy phone unlock password since you'll be entering it 500 times a day, but please don't pick something that's reused or easy for them to guess. It defeats the purpose. You should at least use six characters, but 10 is better. Don't reuse a code from another account, and don't pick anything guessable.
Step 4: Turn on autolock on your phone.
This locks your phone so people can’t read literally everything on it.
- iPhone: Settings → Display & Brightness → Auto-Lock, set the shortest time you can stand.
- Android: Settings → Display → Screen timeout (set short). Then Settings → Security (or Security & Privacy) → tap the gear next to Screen lock → "Lock after screen timeout" → Immediately or a short delay.
- Samsung Galaxy: Settings → Lock screen → Secure lock settings, enter your password, and set "Auto lock when screen turns off."
Step 5: Watch for shoulder surfing.
Just be careful about where you enter that password in public and also what you're viewing in public. People can read or photograph your screen. You can also get a privacy screen for your phone, in which case someone will need to be directly behind you to read what's on your screen, which will otherwise be shielded from view. (If you find a privacy screen that lines up well and doesn't mess up your screen brightness, please let me know.)
Step 6: Keep your OS updated.
Earlier this year the FBI recovered "deleted" incoming Signal messages from an iPhone. They didn’t break the encryption, but Apple quietly archived the message notifications in a system database, even after the Signal app was deleted. Apple patched this (CVE-2026-28950) in iOS 18.7.8 and iOS 26.4.2, released April 22, 2026, and the fix only works once you actually install the update. Outdated devices stay exposed. Update everything, and turn on automatic updates.
Step 7: Consider turning on Lockdown Mode.
Both iOS and Android have an extreme-protection mode that shrinks your attack surface by disabling risky features (most message attachment types, some web tech, wired data connections when locked, etc.). It will make some things unusable; that's the trade-off.
- iPhone: Settings → Privacy & Security → Lockdown Mode → turn on and restart.
- Android (Advanced Protection): Settings → Security & Privacy → Advanced Protection.
Step 8: Lock the Signal app.
Don't let Signal sit open and readable whenever your phone is. Turn on Signal's own Screen Lock so the app requires your device passcode to open: Signal → Settings → Privacy → Screen Lock. On Android you can also lock Signal on demand from the notification tray ("Lock Signal").
Step 9: Set disappearing messages.
If a government agent manages to unlock the contents of your phone (or the phone belonging to someone in your Signal chat group), they still can't see the messages that have disappeared, so set a short default expiration time.
Signal → Settings → Privacy → Disappearing Messages (sets the default), or open any chat → tap the name → Disappearing Messages (per-chat).
Remember that this protects the content of the message but not the message itself, or the names of people in group chats. Someone with your device can still see your contact and group lists. Consider deleting entire chats and groups, if needed. You can also delete call records, which may even show up in your phone's call history. On iPhone, stop Signal from spilling calls into the system call log: tap your profile circle (top-left) → Settings → Privacy → turn off Show Calls in Recents.
On Android, there's no equivalent toggle. Signal calls aren't written into the system phone app's call log the way they are on iOS (that "Show Calls in Recents" option is an iOS CallKit feature Android doesn't have), so your Signal call history lives only inside Signal. Just delete it within the app.
Step 10: Turn off notification content.
A notification that previews message text can be read off a locked screen or screenshotted by anyone holding the phone. Set Signal to show no name and no content:
- iPhone & Android: Signal → Settings → Notifications → Show → choose "No Name or Content" (or at most "Name Only,” especially if you use pseudonyms.)
Step 11: Be careful when texting.
When you're in a group chat, be careful about making jokes or statements that could be misinterpreted or taking out of context. If a single person in your group isn't following all of these steps and law enforcement access their phones, you could see that joke pop up in court where people might be missing important context. Someone in your group chat could also share it with law enforcement themselves. (And there's always a chance someone is an undercover agent or becomes a cooperating witness, which could complicate your case even if you are only engaging in legally protected activity. A chat on Signal tells you nothing about who's on the other end.)
Step 12: Trim what Signal shares with the OS.
Change your setting to keep Signal data from leaking into other parts of the phone.
On iOS, under Signal → Settings → Chats, turn off Share Contacts with iOS and Use Phone Contact Photos.
On Android, look for Use address book photos (Settings → Chats).
Good luck, and stay safe out there.