Neon, the Popular Call-Recording Application, Ceases Operations After Data Leak

Uncategorized Mihnea


Less than a day after attracting attention and becoming viral, the Neon Mobile app has already revealed users’ phone numbers, call recordings, and transcripts.

Just the day before, Mashable reported on a trending new app named Neon that was rapidly ascending the App Store charts. The app incentivized users to record their phone calls, which Neon then supplied to AI firms for training purposes. Mashable cautioned users to be careful with the app due to uncertainties surrounding the company, its founder, and their assertions regarding data privacy and anonymity.

Now, 24 hours later, Neon has gone offline after TechCrunch uncovered a security vulnerability that exposed users’ phone numbers, recorded calls, and transcripts.

“Safeguarding your data privacy is our top priority, and we aim to ensure it is completely secure even during this phase of swift development,” stated an email sent to users by Neon founder Alex Kiam. “For this reason, we are temporarily taking the app offline to implement additional security measures.”

As TechCrunch highlights, although Kiam took down the app’s servers and notified users about the downtime, the email did not alert users to the specific security problem that exposed their phone numbers, call recordings, and transcripts.

Moreover, it seems that only the app’s servers have been shut down, leaving the app itself, which is still present in the App Store, accessible but non-operational.

According to TechCrunch, they identified the security weakness using a network analysis tool that revealed data being sent in and out of the app. While users logged into the app were unable to reach private user information, that data was available to anyone utilizing such a tool. This data included a URL to the audio files of the recorded calls, accessible to anyone possessing the link, along with a text transcript of the conversation.

However, it was not solely the call files and transcripts that were exposed. TechCrunch discovered that Neon’s servers also gave access to information pertaining to the latest calls made by other users of the app. TechCrunch was able to retrieve audio links and transcripts of those recorded calls as well. Furthermore, the metadata associated with those calls was also compromised. This metadata included the user’s phone number, the number they dialed, call duration, the time the call occurred, and the earnings from that call.

It’s not commonplace for a top-charting app in the App Store to be removed from distribution. TechCrunch mentions that app platform Appfigures recorded that Neon was downloaded 75,000 times just the previous day. If and when Neon makes a comeback, it will undoubtedly encounter heightened scrutiny to ensure that these issues are resolved.