The rapidly growing app, Neon, launched recently and quickly became one of the top five free iPhone applications. It allows users to record phone calls and earn money by submitting these recordings, which are then sold to AI companies for training their models. With over 75,000 downloads in a single day, Neon amassed thousands of users in a short time.
However, the app was swiftly taken offline following the discovery of a significant security breach. TechCrunch uncovered that the app’s servers lacked proper protections, allowing any logged-in user to access the personal data of other users, including phone numbers, call recordings, and their transcripts. The flaw was identified during a routine test, prompting TechCrunch to inform the app’s founder, Alex Kiam.
In a response to the situation, Kiam took the servers offline but did not initially notify users of the security concerns, stating instead that the app would be paused to enhance security. Following this incident, the app ceased operations.
The vulnerability was due to the servers being improperly configured, which rendered the data of one user accessible to another. Using a network analysis tool, TechCrunch confirmed the issue by creating a user account, which led to the discovery of not only personal earnings from calls but also private transcripts and audio files of other users’ conversations.
This alarming breach indicated that some users might be misusing the platform to record lengthy conversations for profit. After TechCrunch alerted Neon, an email was sent to users announcing the app’s shutdown, emphasizing priority on data privacy but failing to explicitly mention the security breach.
The timeline for when Neon will resume operations remains unclear, and it is uncertain whether the incident will raise alarms within app stores. Neither Apple nor Google have commented on the compliance of Neon with developer guidelines.
This isn’t the first instance of a serious security oversight in popular apps. Recently, another app, Tea, faced a data breach that compromised user personal information. Carriers must regularly purge malicious applications that bypass their review processes.
When probed about whether Neon had undergone security reviews prior to its launch, Kiam did not provide definitive answers regarding the existence of such evaluations or any logs that might indicate whether the vulnerability had been exploited before TechCrunch’s discovery.
Overall, Neon’s brief foray into the app market highlights critical issues of user privacy and security in the increasingly competitive tech landscape.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
