sarayut Thaneerat/Moment via Getty
Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
The Neon app has a security flaw that can expose call data.
The app has been taken offline for now.
The developer expects the app to return in one to two weeks.
People trying to earn money by sharing their personal phone conversations with the new Neon app will have to find another way to generate income, at least for now. On Thursday, the service was taken down by its developer after the discovery of a serious security flaw that let Neon users access the call recordings and other data of fellow users.
TechCrunch said it found the security vulnerability during a test of the Neon app. The flaw exposed the phone numbers, call recordings, and transcripts of Neon users to anyone signed in to the app. In its research, TechCrunch learned that the servers used by Neon were failing to prevent any logged-in user from accessing another person's call data.
While making test phone calls, TechCrunch's Zack Whittaker said he saw a list of his recent calls and how much money each call earned. That's the way the app is supposed to work. But using a network analysis tool, Whittaker uncovered details not available through the app, including a transcript of the call and a URL to the audio files, information anyone could view as long as they had the link.
Also: This app will pay you $30/day to record your phone calls for AI - but is it worth it?
... continue reading