David Bridges
“`html
Key Highlights
- Security Flaw: A critical security flaw in the Neon Mobile app exposed users’ phone numbers and call data.
- App Status: Neon has been temporarily taken offline following the discovery of the security issue.
- User Caution: Users were previously warned to be cautious about data privacy when using the app.
- Download Stats: The app was downloaded 75,000 times in a single day before being pulled.
Less than 24 hours after receiving attention and going viral, the Neon Mobile app has already exposed users’ phone numbers, call recordings, and transcripts.
Just yesterday, Mashable covered a viral new app that was rising up the App Store charts called Neon. The app paid users to record their phone calls, which Neon then provided to AI companies for training. Mashable warned users at the time to be cautious if using the app as there was too much unknown about the company, its founder, and their claims about keeping data safe and anonymous.
Now, 24 hours later, Neon has gone offline after TechCrunch uncovered a security flaw that exposed users’ phone numbers, call recordings, and call transcripts.
“Your data privacy is our number one priority, and we want to make sure it is fully secure even during this period of rapid growth,” reads an email sent to users by Neon founder Alex Kiam. “Because of this, we are temporarily taking the app down to add extra layers of security.”
Mashable Light Speed
As TechCrunch notes, while Kiam took down the app’s servers and let users know about the downtime, the email failed to warn users about the specific security issue that exposed their phone numbers, call recordings, and transcripts.
Also, it should be noted that it appears only the app’s servers have been taken down, rendering the app itself, which remains in the App Store, available but useless.
According to TechCrunch, they discovered the security flaw using a network analysis tool that showed data both being pushed into and sent out of the app. While users logged into the app itself could not access private user data, the data was exposed to anyone utilizing such a tool. This data included a URL to the recorded call’s audio files, which was accessible to anyone with the link, and a text transcript of the call.
However, it wasn’t just call files and transcripts that were accessible. TechCrunch discovered that Neon’s servers also exposed data concerning the most recent calls made by other users of the app. TechCrunch was able to access audio links and transcripts to those recorded calls as well. Furthermore, the metadata connected to those calls were also exposed. This metadata included the user’s phone number, the phone number they called, how long the call was and what time it was made, as well as how much was earned from the call.
It’s not everyday that a chart-topping app in the App Store is outright pulled from distribution. TechCrunch reports that app platform Appfigures tracked that Neon was downloaded 75,000 times just yesterday. If and when Neon makes a comeback, it will certainly receive increased scrutiny to be sure it addressed the issues.
Topics
Apps & Software
Cybersecurity
Brandon Fletcher
Ethan Carter
