Neon, an app that pays users in exchange for recording their phone calls and had been rocketing to the top of the App Store charts has gone offline, after it was discovered that the app would allow other users to access the transcripts of other users calls.
Neon Mobile quickly rose to be the seventh-ranked app in the App Store, as it promised to pay “hundreds or even thousands of dollars per year” to users willing to share their audio conversations with AI companies.
While as recently as Thursday morning, the app was second in the Social Networking category, it has now gone dark, after TechCrunch discovered a serious flaw:
“But now Neon has gone offline, at least for now, after a security flaw allowed anyone to access the phone numbers, call recordings, and transcripts of any other user, TechCrunch can now report.”
TechCrunch earlier had reported about the ambitious app and the reporters then decided to take a closer look at how Neon worked, as well as how it handled data flows.
Reporters found that not only were they able to intercept data about their own calls, but they were also able to finagle a way to view call records and other data about other users’ activity.
“This metadata contained the user’s phone number and the phone number of the person they’re calling, when the call was made, its duration, and how much money each call earned.”
TechCrunch also discovered that some users were trying to game the app to maximize their payouts by secretly recording real-world conversations of people who were not aware they were being recorded.
TechCrunch contacted Neon’s founder, Alex Kiam, and informed him about the security issue, and to his credit he took the app offline and told users that the app would be temporarily taken down. However, he did not inform users about the data breach:
“Your data privacy is our number one priority, and we want to make sure it is fully secure even during this period of rapid growth. Because of this, we are temporarily taking the app down to add extra layers of security,” the email, shared with TechCrunch, reads.
While TechCrunch reached out to both Apple and Google about the app’s issues, it hasn’t heard back from either company. At this point, it is uncertain when, or even if, the app will come back online.
