Data Loss Following Unverified Account Transfer and Unintended Cross-Device Synchronization

[gab12]

Guidelines

• I have searched searched open and closed issues for duplicates
• I am submitting a bug report for existing functionality that does not work as intended
• This isn't a feature request or a discussion topic

Bug description

Hello,

I followed a non-standard user path, and the problem is that I lost all my data. Here’s the use case: I wanted to transfer my "Signal" data from one device to another.

I had both devices, so I installed the app and began the transfer during setup. It worked very well.
After the transfer, I had my data on both devices, which was perfect!

However, on the second device, in order to continue conversations, I was asked to verify the phone number linked to the account. That’s where the problems began, as I hadn’t renewed my phone line and therefore couldn’t receive the code.

So, I tried to work around the issue to continue using Signal.
I entered another phone number of mine, hoping the code would be sent to the new line and unlock my access on the device.

Here’s what happened:

The code worked, but it didn’t give me access to the local Signal data on the device. Instead, it retrieved all the data linked to my new line, overwriting the transfer I had completed.
Worse still, and what I consider a design flaw:

It also synchronized this new data on the original device, overwriting the original source of my data.
Result: I now have three devices with data from my new phone line and have lost all my original data.

I believe that the data should never have been synced back to the original device and overwritten its contents without warning, especially since the second device had not completed verification of the code.

Screenshots

No response

Device

no name

Android version

Android 13

Signal version

7.20.2

Link to debug log

No response

[greyson-signal]

I'm having trouble following the series of events here. It sounds like there's actually three devices in play, which we can label A, B, and C.

• A: The original device you were transferring data from
• B: The device you transferred data to
• C: The device whose number you used to register B

Do all three devices have signal installed?

Instead, it retrieved all the data linked to my new line, overwriting the transfer I had completed.

Can you elaborate? The only data Signal can restore is your group memberships+contacts. We can't restore any message content, so I'm confused by what you mean when you say "overwriting".

It also synchronized this new data on the original device, overwriting the original source of my data.

Are you saying the data from C is now on A? What data? Did you register C's phone number on A? Did you do a device transfer? Again, Signal the service has no access to any message data and cannot arbitrarily restore data onto devices. All we can do is sync your contacts and group memberships, but only if the number is registered on that device.

---

Some general things to keep in mind:

• Signal has no access to message content. The only way data can be transferred is through local backups or device-to-device transfer. The only data we can restore after registration is your contact list and what groups you were in (no group contents).
• A number can only be registered to a single Signal install. If the phone number on C was used for Signal, it would have become unregistered when you used it to register on B.