A viral app called neon, which offers to record your phone calls and pay you for the audio, so that this information can sell to AI companies, has risen quickly to the rank of the top-five free iPhone apps since the launch last week.
The app already has thousands of users and was only downloaded 75,000 times yesterday, according to App Intelligence Provider App figures. Neon raises itself as a way for users to offer on -call recordings that help train, improve and test AI models.
But now, Neon has gone offline, at least for the time being, after a security error allowed someone to access the telephone numbers, on -call recordings and transcripts from another user, Techcrunch can now report.
Techcrunch discovered the security error on Thursday during a short test of the app. We informed the founder of the app, Alex Kiam (who previously did not respond to a request for comment about the app) on the errors), shortly after our discovery.
Kiam told Techcrunch later Thursday that he brought down the servers of the app and started to let users know about pausing the app, but arose to inform his users about the security course.
The Neon app did not work with Kiam shortly after we had contacted Kiam.
Publishing and transcripts exposed
The mistake was the fact that the Neon app servers did not prevent a logged in user to have access to someone else’s data.
Techcrunch has made a new user account on a special iPhone and verified a telephone number as part of the registration process. We have used a tool for network traffic analysis called Burp Suite to inspect the network data that flowed in and out of the Neon app, so that we can understand how the app works at a technical level, such as how the app communicates with its back-end servers.
After doing some test telephone, the app showed us a list of our most recent calls and how much money each phone earned. But our tool for network analysis revealed details that were not visible to regular users in the Neon app. These details include the text -based transcript of the call and a web address for the audio files, where everyone could get public access, as long as they had the link.
Here you can, for example, see the transcript of our test call between two tech crunch reporters who confirm that the recording worked correctly.
But the Backend servers were also able to spit belts from the call -ups of other people and their transcriptions.
In one case, Techcrunch discovered that the Neon servers could produce data about the most recent calls from the users of the app, and the provision of public web links to their unprocessed audio files and the transcript text of what was said during the call. (The audio files contain recordings of only those who have installed neon, not those with whom they have contacted.)
Likewise, the neonservers could be manipulated to reveal the most recent call records (also known as metadata) of all users. This metadata contained the telephone number of the user and the telephone number of the person they call, when the call was made, the duration and how much money each phone earned.
An assessment of a handful of transcriptions and audio files suggests that some users may use the app to make long calls that record secret conversations with other people with other people to generate money via the app.
App will be switched off for the time being
Shortly after we warned Neon on Thursday, the founder of the company, Kiam, sent an e -mail to customers who warn them about the closure of the app.
“Your data privacy is our first priority, and we want to ensure that it is completely safe, even during this period of rapid growth. That is why we take the app down temporarily to add extra security layers,” reads the e -mail with techcrunch.
The e -mail in particular does not make a report of a security gradient or that it calls the telephone numbers of users, on -call recordings and transcriptions to another user who was able to search where.
It is unclear when Neon will be online again or that this security acceleration will attract the attention of the app stores.
Apple and Google have not yet responded to the requests of Techcrunch to comment on whether or not neon meets their respective developer guidelines.
However, this would not be the first time that an app with serious security problems reached this app marketplaces. Recently a popular mobile dating apple app, tea, experienced a data breach that exposed the personal information and identity documents issued by the government. Popular apps such as Bumble and Hinge were caught in 2024 that exposed the locations of their users. Both stores must also regularly purify malignant apps that slide past their app assessment processes.
Asked, Kiam did not immediately say whether the app had undergone a security review prior to the launch, and, if so, who carried out the assessment. Kiam also did not say, when asked, whether the company has the technical means, such as logs, to determine whether someone else has found the mistake for us or whether user data was stolen.
Techcrunch also reached contact with Upfront Ventures and Xfund, which Kiam claims in A LinkedIn -message have invested in his app. Neither of the companies has responded to our requests for comments from publication.
#Exclusive #NEON #takes #app #exposing #telephone #numbers #users #call #recordings #transcriptions