A controversial app that claims to pay people for recordings of their phone calls, which are then used to train AI models, could soon return after being disabled due to a significant security flaw.
Alex Kiam, the founder of Neon, emailed app users on Tuesday to inform them that their payments are still in place, despite the app going dark.
"Your earnings have not disappeared -- when we're back online, we'll pay you everything you've earned, plus a little bonus to thank you for your patience!" Kiam said in the email.
He promised Neon would be back "soon" and apologized. He did not respond to a request for further comment.
Neon was recently among the top five free iOS app downloads. However, it no longer appears on that list since it stopped functioning on Sept. 25, after TechCrunch reported on a significant security bug.
According to TechCrunch, a flaw in the app allowed people to access calls from other users, transcripts and metadata about calls. Per Neon's terms of service, users who submit their phone recordings grant the company the right and license to "sell, use, host, store, transfer" as well as publicly display, reproduce and distribute the information "in any media formats and through any media channels."
Neon founder Alex Kiam had confirmed the exposed data in an email to CNET last week. "We took down the servers as soon as TechCrunch informed us," he said.
At the time, Neon stated that it was pausing the app to "add extra layers of security." An email to users said: "You will not be able to make calls or cash out, and the app will temporarily display $0 in your account, but your money has not disappeared. The app will be back online soon."
Don't miss any of our unbiased tech content and lab-based reviews. Add CNET as a preferred Google source.
Before the app went offline, a legal expert warned against using it.
David Hoppe, founder and managing partner of Gamma Law, which advises clients on technological issues, told CNET that because some states have consent rules on recording phone calls, anyone who uses Neon should be cautious or avoid it entirely. If users don't know if using the app is legal on both ends of a call, he warned, "Do not use this app."
Cash for calls
Neon is still available for download on iOS and Android. According to its website, the company records outgoing phone calls and pays you up to $30 a day for regular calls or 30 cents a minute if the call is to another Neon user. Calls to non-Neon users pay 15 cents a minute. The app also offers $30 for referrals.
A Neon app FAQ says: "Once redeemed, payouts are typically processed within three business days, though timing may occasionally be shorter or longer."
According to Tech Crunch, the iOS version reached as high as the No. 2 spot in social-networking apps before the flaw was announced. Its rating in Apple's App Store has diminished significantly over the past several days, with some reviews referring to it as a scam. The Android app only has a 1.8-star rating, and some user comments report network errors when trying to cash out.
Promo images for the Neon app on the iOS App Store promise money for phone call data but don't mention the data is used to train AI models. Apple App Store
Training AI using your data
According to the company's FAQ, the call data it collects is anonymized and used to train AI voice assistants. "This helps train their systems to understand diverse, real-world speech," it says. AI companies need increasing amounts of data to train their models.
"The industry is hungry for real conversations because they capture timing, filler words, interruptions and emotions that synthetic data misses, which improves the quality of AI models," said Zahra Timsah, CEO of i-Gentic AI, which works in AI compliance.
"But that doesn't give apps a pass on privacy or consent," Timsah said.
Pushing legal limits
Neon promises it only draws from recording one side of the phone conversation, the caller's, which appears to be a way of skirting state laws that prohibit recording phone calls without permission.
Many states only require one person on a call to be aware that a call is being recorded. But others, including California, Florida and Maryland, have laws requiring all phone call parties to consent to recording. It's unclear how Neon functions with calls to those states. For Neon-to-Neon calls, two-party consent would presumably be implied.
The app purportedly doesn't record regular phone calls, only those made within the Neon app or received from another person using Neon.
TechCrunch, one of the first sites to write about the app, pointed out that sharing voice data can be a security risk, even if a company promises to remove identifying information from the data.
Neon could be pushing its luck, especially across states and countries, regarding privacy and IP laws or regulations, depending on how it handles consent and where the data ends up.
"We don't know if there are sufficient safeguards to exclude the person on the other end of the conversation, but some level of consent would be required, and informing them of it being provided," said Valence Howden, a data governance expert and advisory fellow at Info-Tech Research Group.
Howden said that even if the data is anonymized, AI might not have difficulty retroactively discovering who is on the line in a Neon conversation.
"AI can infer a lot, correct or otherwise, to fill in gaps in what it receives, and may be able to provide direct links if names or personal information are part of the exchange," he said.
Can I be liable for call recordings?
Putting aside the requirements the Neon app had to meet to be included in Apple's App Store, it's reasonable to still have questions about the legality of recording phone calls, especially in states where all parties must consent.
Hoppe said Neon's terms of service won't protect an app user if they face legal liability over recordings. And it doesn't help, legally speaking, that the person recording was paid for those recordings.
"Imagine a user in California records a call with a friend, also in California, without telling them. That user has just violated California's penal code," Hoppe said. "They could face criminal charges and, equally scary, be sued civilly by the person they recorded."
According to Hoppe, those violations could result in penalties of thousands of dollars per incident.
"Unless you are absolutely certain of the consent laws in your state and the state of the person you're calling, and you have explicitly informed and received consent from every other person on the call, do not use this app," he warned.