Call recording app Neon goes offline after exposing users' data
What's the story
Neon, a popular app that records phone calls and pays users for the audio data, has gone offline after a major security breach. It had quickly climbed to become the most popular app in Apple's US App Store's Social Networking section within days of its launch. However, it has now gone offline after a vulnerability was discovered in the app, exposing user phone numbers, call recordings, and transcripts, TechCrunch reports.
Data breach
It allowed logged-in users to access each other's data
The Neon app promised users a way to earn money by sharing call recordings for training AI models. However, TechCrunch found that the app's servers didn't prevent logged-in users from accessing each other's data. This included not just phone numbers but also call recordings and transcripts. The flaw was discovered during a brief test of the app on Thursday, prompting an immediate alert to its founder, Alex Kiam.
App suspension
Founder informs users about temporary suspension
After being informed about the security flaw, Kiam took down the app's servers and started notifying users about its temporary suspension. However, he didn't inform them about the security breach. The Neon app stopped working soon after TechCrunch contacted Kiam. In an email sent to customers later, Kiam said their data privacy is a top priority and that they are taking extra measures to secure it during this period of rapid growth.
Breach specifics
Security breach raised concerns about potential misuse
The security flaw in the Neon app allowed anyone with a link to access other users' call recordings and transcripts. This raised concerns that some users may be using the app for long calls that secretly record real-world conversations with others for money. Despite these issues, it remains unclear when or if the Neon app will return online after this incident.
Compliance concerns
App's compliance with developer guidelines
The security breach has raised questions about whether the Neon app was compliant with Apple and Google's developer guidelines. This isn't the first time an app with major security issues has made it to these marketplaces. Recently, a popular mobile dating companion app, Tea, suffered a data breach exposing users' personal information and government-issued identity documents.