Earlier today, we covered the skyrocketing success of Neon, an app that pays users in exchange for recording their phone calls. Now, the app has gone offline, following the discovery of an egregious security breach. Here are the details.
For the past few days, Neon Mobile has been making waves at the App Store, promising to pay “hundreds or even thousands of dollars per year” to users willing to share their audio conversations so that they can sell this data to AI companies.
As of this morning, the app ranked 7th overall on the App Store’s free charts, and 2nd in Social Networking. Now, it has gone dark following TechCrunch’s discovery of a serious flaw:
“But now Neon has gone offline, at least for now, after a security flaw allowed anyone to access the phone numbers, call recordings, and transcripts of any other user, TechCrunch can now report.”
Discovering the flaw
As TechCrunch explains in detail in the original story, during the process of reporting about the app,their reporters decided to look into Neon’s inner workings and data flows.
After noticing they were able to intercept data about their own calls, they also managed to trick Neon’s servers into handing call records and metadata from any other user:
“This metadata contained the user’s phone number and the phone number of the person they’re calling, when the call was made, its duration, and how much money each call earned.”
To make matters worse, TechCrunch also revealed that, based on the transcripts and call recordings it accessed, some users were trying to game the app and maximize their payouts by secretly recording real-world conversations of people who didn’t know they were being recorded.
As the reporters alerted Neon’s founder, Alex Kiam, about the security flaw, he took the app offline and contacted users informing them that the app would be temporarily taken down. However, he failed to mention the data breach:
... continue reading