Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
A viral app called Neon, which Offer to record your phone calls and pay you for audio So it can sell that data to AI companies, since last week, the top five free iPhone applications have increased rapidly.
The app already has thousands of users and the app is downloaded 75,000 times yesterday according to the app -detective appfigger. Neon provides call recording to users that pitch themselves as a way to provide AI models to training, improve and test.
But now Neon has gone offline, at least now, after allowing anyone to access the phone number, call recording and any other user transcript, TechCrunch can now report.
The TechCrunch Protection Error was discovered during a short examination of the app on Thursday. We have warned the founder of the app to Alex Qiyam (who earlier) The app did not respond to any request for commenting about), The error immediately after our discovery.
Kim told TechCrunch on Thursday that he dropped the app’s servers and began notifying the users ‘app to break, but rarely read about its users’ safety end.
The Neon app stopped working shortly after we contact Kiyam.
Call recording and exposed to transcript
The fault was that the Neon app servers did not prevent any log-in user accessing someone else’s data.
TechCrunch has created a new user account on a dedicated iPhone and verified a phone number as part of the sign-up process. We have used a network traffic analysis equipment called Burp Suite to inspect the network data inside and out of the Neon App, how the app works at the technical level, such as how the app communicates with its back-end servers.
After some test phone calls, the app shows us a list of our recent calls and a list of how much money each call has earned. However, our network analysis equipment has revealed the details that were not visible to regular users in the Neon App. These descriptions included a web address in the text-based transcript and audio files, which could access the link as long as they could publicly access them.
For example, here you can see the transcript from our test call between two TechCrunch journalists that ensure that the recording has worked properly.
However, the back -forth servers were able to sprinkle the calls of other people’s calls and the rims of their transcripts.
In one case, TechCrunch has discovered that neon servers can create data about the most recent calls made by the app users, as well as the transcript text on public web links and what was said on their raw audio files. (Audio files have recording those who installed Neon, not those who were contacted)))
Similarly, Neon servers can be manipulated to reveal most recent call records (known as it Metadeta) From any user of it. The user’s phone number in this metadeta and the person they were called have the phone number, when the call was made, the duration and how much money each call earned.
A review of a handful of transcripts and audio files suggests that some users can use long calls using the app that secretly records real-world conversations with other people to generate money through the app.
Now the app is closed
Immediately after we warned Neon about the error on Thursday, the company’s founder sent an email to the app’s shutdown to the app’s shutdown.
“Your data privacy is our number one priority, and we want to make sure it is fully protected during this period of rapid development. Because of this we are temporarily taking the app to add the additional layer of protection,” the email shared with TechCrunch read.
Significantly, the email did not mention any security laps or it has exposed the phone number, call recording and any other user who knew where to see.
It is unclear when Neon will return online or whether this protection break will attract the attention of the App Stores.
Apple and Google have not yet responded to Techchen’s requests to comment on whether Neon was still loyal to their respective developers.
However, any app with serious protection problem has not made it for the first time this application market. Recently, a popular mobile dating companion app, Tea, experiences a data violationWhich opens its users’ personal information and government-jarring identity documents. The popular application preferences Bumbl and wrists were exposed in 2024 The position of their users. Will also have to do both the store Pure regular contaminated applications That goes through the process of reviewing their application.
When asked, Qiyam did not immediately say that the app had reviewed any protection before its introduction and if so, those who performed the review. Kiyam also did not ask, when asked, if the company has the technical way of logs, to determine if the error is found in front of us or to determine if a user’s data is stolen.
TechCrunch has additionally reached the front initiative and Exfund, which Kim claims A LinkedIn post Invested in his app. No firm responded to our requests for commenting as a firm.
