Apple fixed a bug where deleted notifications could be retained on-device (iOS 26.4.2)

Original post (source): Apple Support - “About the security content of iOS 26.4.2 and iPadOS 26.4.2” (Apr 22, 2026)

• https://support.apple.com/en-us/127002

Summary

Apple’s iOS 26.4.2 and iPadOS 26.4.2 security note includes a fix for a notification privacy issue:

• Impact (Apple’s wording): notifications marked for deletion could be unexpectedly retained on the device.
• Fix: Apple says a logging issue was addressed with improved data redaction.
• Reference: CVE-2026-28950.

Apple does not provide a lot of operational detail (as expected for security notes), but the practical interpretation is straightforward: notifications can be more persistent than teams assume, and the lock screen plus notification history should be treated as a sensitive surface.

Why this matters

If your app sends notifications that include:

• personal data,
• health or finance details,
• one-time codes,
• or “sensitive by context” information,

then “preview content” is not just a UX decision. It is a trust and risk decision.

This also matters for retention and CRM teams: notification copy and preview behavior can affect opt-outs, complaints, and support load.

What to do next (tiny win)

Pick your most-triggered notification and apply a safe-default rule:

• make the lock screen preview generic (no personal details), and
• deep link to the detail screen inside the app after unlock.

If you have any notification types that truly must include sensitive content, add an in-app setting for preview level (full preview vs generic), and default it to the safer option.

Read the original: https://support.apple.com/en-us/127002