signalapp
lost my chat conversations when installing with new iPhone
- [ ] I have searched open and closed issues for duplicates
- [ ] I am submitting a bug report for existing functionality that does not work as intended
- [ ] This isn't a feature request or a discussion topic
Bug description
I wanted to let you know that I got a new phone and unfortunately, my previous conversations have been lost.
Steps to reproduce
when I download the app and login, chat goups load just not the chat.
Actual result: it just doesn't show the conversation
Expected result: when we get a new phone our conversation should sync with the new phone signal installed.
Device info
iPhone 13 beta 2
iOS version: X.Y.Z iOS 18.0 (22A5297F) Signal version: Z.Y 7.18 (190)
Signal for iOS is specifically designed to destroy your entire message history when something bad happens and deliberately does not offer any backup feature. The developers have even gone a step further by setting certain flags that actively ensure you cannot manually make any local backups either. The reasons for this are completely unknown, as its perfectly possible to implement a safe and secure backup feature within iOS as demonstrated by many applications. (Local, encrypted to iCloud, encrypted to AMB, etc.) Heck, even WhatsApp of all places has a means to backup to iCloud with an encryption key of your choosing. Signal could implement the same or simply allow users to disable the flag that prevents the database being included in AMB and/or iCloud device backups.
The Signal team rarely to never responds to questions about this and has ignored this #1 ranking wish among the userbase for years now, which is unfortunate as many people who moved to Signal moved back to (far) less privacy friendly apps because they lose their history. It looks like the team has taken the stance that message history and memories should not be considered important at all by anyone and thus does not warrant implementing any method to make a backup. The only thing it allows is moving it to another iPhone; which is of course utterly useless if your iPhone is broken, stolen or reset for whatever reason.
The only thing you can currently do is link your iOS device to a Mac/PC and generate backups by decrypting the message database there, but that only works for messages you send and receive from that point on. Other than that, you're SOL. It's rather unfortunate Signal doesn't warn users about this (I do feel the team should take more responsibility for making choices that really hurt the userbase when it catches them by surprise), but it is what is.
Good luck and keep your messages safe!
Please for the love of all things holy.
Allow us to backup to iCloud.
Make it opt-in. Whatever.
iCloud combined with Advanced Protection is end-to-end encrypted. There is literally NO argument against allowing this anymore.
Allow us to backup the app state to iCloud.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
As T4 said now that Advanced Data Protection exists there is no good reason I can think of to not support backups or even iCloud sync. I'd also be fine with it being opt-in. But please at least give us the option.
Does anyone know if the logic behind this decision has been explained anywhere? I can understand (although not agree with) the idea that iOS backups were inherently unsafe without end-to-end encryption (but it still seems to me that this should be a decision for the user to make) but cannot really see any other logic, unless there are technical issues. Personally I feel quite dirty because I have just handed in my iPhone for a battery replacement, without wiping it beforehand, purely because I do not want to lose all my Signal messages. So, in this respect, Signal has encouraged me to abandon best security practices (my decision, I acknowledge). Perhaps the trade-off of using WhatsApp would be better for me in that I would be able to backup and restore my existing messages (encrypted with a key to which only I have access) so while I would be giving away access to message metadata, I would not be giving away access to the message content itself.
@Rupert-RR Hey there!
I'm one of the contributors to the iOS repository, and I can contact one of the developers to get their input on this matter. If you have any specific questions that you would like pasted on, let me know!
Hi @MarlowBrown, thanks for the reply. I suspect that I am simply asking a question that many others have been asking about why there is no way to back up and restore Signal messages on iOS. I have read in various uncited places that this may be a deliberate decision by the developers to prevent any messages being stored somewhere where they are not protected by end-to-end encryption, but I appreciate that this may not be the real reason and there could be technical aspects to it. As a former iOS developer myself I simply wanted to see if these questions have already been answered (with reasoning) somewhere by the people who have made this decision.
@MarlowBrown Just to ask the obvious: why can't (or won't) Signal restore from an IOS Backup (far as I know, that should put the data, where and in an order that Signal would expect it to)? And if it's a matter of Hardware-Stored key, why exactly can't Users have a way to back the key up separately?
I for my part (and apparently many others) either want to trust Apple or (I'm in this camp) use the tools IOS and MacOS provide to back our data up in a manner we trust (for me, it's two offline HDDs; hard to hack those).
And if I'm already asking questions, why can't we send an encrypted copy to linked devices in order to have access to the full chat history (and not the 45 day limit of what Signal Servers will provide). I for my part would be willing to wait a few hours for a TCP connections between the linked devices to finish transferring (completely bypassing any servers).
And if the answer is "Because Users would muck it up", make it opt in. Heck, ICloud ADP specifically warns you three times that it may be a bad idea and double checks that your recovery code is secure, but at that point, it's the user's Problem.
Hello again. Thank you @RusteyBucket for mentioning me in your message to bring me back into this conversation. I hope you don't mind that I address both you and @Rupert-RR with one message.
So, to preface this conversation, this is verbatim the message that I sent to the Signal Dev.
I also have a question regarding Signal's current lack of message backup functionality. I've been discussing this with users on the issue boards, and some have suggested that it's a deliberate design choice to prevent message leaks. I have concerns about storing private information in the cloud, as even with encryption, there are risks of data breaches or unauthorized access. The recent actions of companies like Apple, which have complied with government requests to access user data, have reinforced my skepticism about relying on cloud storage. In authoritarian countries, this can be a matter of life and death. As someone who values data privacy, I think it's essential to provide users with alternatives for securing their messages. I believe that offering an option to export messages to a private cloud or local files would be a valuable feature, giving users more control over their data.
To Rupert: I personally don't know why something like this has been implemented yet. I have read a bunch of conversations on issues on here about database corruption and people losing their messages which is really really sad to hear about. I am definitely against the idea that its a deliberate decision that its to prevent the messages from being stored someplace that doesnt have E2E encryption. For things like that I personally apply Occam's Razor and say that they simply havent gotten around to that yet.
To RusteyBucket: If you read that hyperlink that I have attached the beginning part of my message you should have a tremedous reason to not trust Apple. Currently, the only way to export messages off the device (foreshadowing) is to use the debug build of Signal, something that is only possible if you're developing the application with Xcode. (ie not available to the general public if the app is downloaded through the App Store).
To your question on the linked device transfer; to my knowledge I dont know exactly, but I confidently sure that it has to do with linked devices not being secure. In case you might not have heard back a couple of months ago there was an instance where members of the United States government were using a Signal group chat and an unauthorized member got into the group chat. This was due to Russia-aligned hackers creating malfomed QR codes to exploit the linked devices feature. Here is the full story on it. I'm not extremely familiar on how it works, so I can't comment on that part.
While registering for a Signal account, I came across a new button that I havent seen before. According to the commit messages its new(?)
This button only appeared about a month and a half ago (I hope I'm not spoiling any surprise the devs have planned. Sorry if I am) that only appears if you're running Signal in developer mode. It appears that our wishes might be granted(?) and that Signal is currently implementing the feature that is being requested by everyone here.
https://github.com/user-attachments/assets/030af0c8-1f89-49e4-8561-9dd13d9e60c5
I think I have covered everything that needs to be covered here. Let me know if you guys have any follow up questions, or if you still need clarification on something that I havent addressed yet.
@MarlowBrown I heard about that case with the UK and learned about ICloud ADP because of that. I also looked at the privacy law that applies to me (and the revised espionage order that would allow for its circumvention) and I personally, currently trust the threats (GDPR 4% annual turnover and DSG personal criminal fine of up to CHF 250'000 for anyone recklessly compromising data security with effects in Switzerland) to provide an incentive for ADP to do what it says on the tin (namely, encrypt ICloud Drive with a key that Apple doesn't store). And I don't believe that Apple is the only one threatened with legal action, just the only known one to make a fuss instead of complying silently.
Interestingly enough, the espionage order for my country explicitly states that End to End encryption or other forms of encryption that the provider does not know the key for are exempt. I am under no illusion, that neither Apple nor Signal are close enough for my jurisdiction to ensure my privacy (and I don't want to pay Apple for Storage), thus my favour of local, encrypted backups (IOS to Mac via Finder and Mac to local HDD via TimeMachine, very difficult to hack a disconnected HDD) and that in the end, I have to trust Apple not to go out of their way to spy on me (us).
Though in the case of Apple on IOS (or any OS and their respective developer), they have the option of nuking any encryption of Signal (or any usable application) by embedding a trojan between the decryption and the screen as there must be a state between encrypted and me, where it gets decrypted and rendered as plain text. And afaik, they also control the API that allows for storing keys as well as how to change authentication to access them, so they could probably extract the key somehow (at a significant hit to their reputation and legal action if it ever came to light; so might as well assume they secretly do already).
As for that investigatory powers act of 2016, section 43 (4) and (5) seems to provide at least some protection if there is conflicting law preventing compliance (not that that would help as both Apple and Signal are based in the US, where such laws don't seem to exist).
As to the hacker story: If you get duped by device pairing into syncing with a device that isn't yours, I'd try to get at that with maybe some 2FA like measure to ensure the device you're trying to sync to actually is said device and if such a link is made, a P2P connection transferring any messages beyond the 45 day cutoff of Signal's servers would likely not make a meaningful difference and may, depending how to opt in to such a transfer, even enable you to catch that you got duped (assuming the fake device shows up as an additional device and isn't somehow acting as a man in the middle, somehow chaining the account activity including backup transfer through).
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@aniqueta that's good news! It still seems a shame that there will not be any possibility to back up to the medium of the user's choice, without having to pass through a Signal Cloud service (although I will probably be happy to pay for the storage as a way of supporting the service).
@Rupert-RR From the end of that blog post:
Our future plans include letting you save a secure backup archive to the location of your choosing, alongside features that let you transfer your encrypted message history between Android, iOS, and Desktop devices.
That being said, I would still prefer a setting to enable including Signal data in a standard iOS backup archive.
@thislooksfun yes, indeed. A lack of attention on my part. Thanks for pointing it out.
Hi all, thanks for the discussion here. As others have pointed out, by default Signal does not restore message history on a new install. And, as also pointed out we're working hard to release Signal Secure Backups on iOS as well, with features like backing up to a local file store planned.
Since this is the intended behavior I'm going to close this issue – but thank you all again for your interest, and we can't wait for you to try Backups.
Signal for iOS is specifically designed to destroy your entire message history when something bad happens and deliberately does not offer any backup feature.
So, if my iPhone is broken, then I am done. It is fine that Signal does not offer backup but the backup of iPhone should include chats of Signal if the user chooses to.
