In privacy circles, this was always known, as Google/Apple often sends notification content to their servers (which means that it bypass the App realm).
Some people talking about it (different but in the same scope of issue): https://blog.davidlibeau.fr/push-notifications-are-a-privacy...
I expect that Signal encrypts the notification data prior to sending it to Apple, then decrypts it on-device using a Notification Service Extension – this is a common pattern to avoid trusting Apple with any sensitive data.
That would mean Apple stored the cleartext on-device after decryption.
Signal doesn’t provide anything in the message other than… “there are pending messages.” Signal wakes up, fetches them, then generates notifications on the phone itself.
in the case reported the content did not leave the device. feds retreived them directly from the phone.
+ Messengers like Snapchat and WhatsApp;
despite "end-to-end" encryption (for WhatsApp) they are sending copy of some messages based on keywords to authorities, PRISM-like.
Officially to protect kids, but who knows what is in this keywords list.
I doubt anyone who wants guarantees that their communication aren't leaked is using Whatsapp or Snapshat anyway.