Less than 24 hours after receiving and going viral, the neon mobile app has alredy exposed Users’ Phone Numbers, Call Recordings, and Transports.
Just yesterday, mashable covered A viral new app that was relief up the app store charts called neon. The app paid users to record their phone calls, which is then provided to ai companies for training. Mashable Warned Users at the time to be cautious if using the app as there was too much unknown about the company, its founder, and their claims about keeping data safe and anonymous.
Now, 24 hours laater, neon has gone offline after Techcrunch Uncovered a Security Flaw that exposed users’ phone numbers, call recording, and call transports.
“Your Data Privacy is our Number One Priority, and we want to make sure it is full secure even while during this period of rapid growth,” Reads an email sent to users by neon fountain alex kiam. “Because of this, we are temporarily taking the app down to add extra layers of security.”
Mashable light speed
As techcrunch notes, while kiam took down the app’s servers and let users know about the downtime, the email failed to warn users about the specific security is Call recording, and transcripts.
Also, it should be noted that it appears only the app’s servers have been taken on, rendering the app itself, which remains in the app store, available but useless.
According to techcrunch, they discovered the security flaw using a network analysis tool that showed data both bot bothe pushed into and synt out of the app. While users logged into the app its not access private user data, the data was expected to anyone utilizing such a tool. This data included a url to the recorded call’s audio files, which was accessible to anyone with the link, and a text transcript of the call.
However, it wasn’t just call files and transcripts that was accessible. Techcrunch discovered that neon’s servers also exposed data concerning the most recent calls made made by other users of the app. Techcrunch was altar to access audio links and transcripts to those recorded calls as well. Furthermore, The Metadata Connected to those calls were also exposed. This metadata included the user’s phone number, the phone number they called, how long the call was and what time it was made, as well as how much was earned from the call.
It’s not everyday that a chart-topping app in the app store is outright pulled from distribution. Techcrunch reports that app platform appfigures tracked that neon was downloaded 75,000 times just yesterday. If and when neon makes a comeback, it will certain reception increasesed scrutiny to be sure it addressed the issues.
Topics
Apps & Software Cybersecurity
