The viral app Neon, which offers to record users’ phone calls and pay them for the audio to be used in AI training, has faced a major setback after a critical security flaw was discovered. The app, which surged to the top-five free iPhone apps within a week of its launch, had attracted thousands of users and experienced 75,000 downloads in a single day. However, a significant vulnerability was found that allowed anyone with access to the app to view the phone numbers, call transcripts, and recordings of other users. This flaw was identified by TechCrunch during a short test of the app and led to the app’s immediate shutdown.
Upon notification of the security flaw, Neon’s founder Alex Kiam informed TechCrunch about the issue and took steps to address it by discontinuing the app’s services. However, the app’s backend systems were found to lack proper access restrictions, enabling logged-in users to retrieve data belonging to other users. This included sensitive metadata such as call dates, times, and durations, as well as the actual call transcripts. The app’s abrupt shutdown left many users concerned about the potential exposure of their private information.
While the app’s founder took action by removing the service, the incident has raised questions about data privacy and security in apps that collect sensitive user information. The incident has also prompted discussions about the ethical implications of apps that monetize user data, highlighting the need for stronger data protection measures. Users are now left to assess the risk of their data being exposed and are advised to remain vigilant about the apps they use for sensitive tasks.