Viral Call-Recording App Neon Pulled Following Massive Security Flaw

The viral voice-calling app Neon, which gained popularity for offering users the option to sell private data to AI companies, went offline on Thursday after TechCrunch discovered a major security flaw.

According to TechCrunch’s exclusive report, researchers revealed that logged-in users could access other people’s private data, including recent call lists, transcripts, call recordings, and earnings per call. The team also discovered that Neon’s servers could be manipulated to reveal metadata from other users.

“We used a network traffic analysis tool called Burp Suite to inspect the network data flowing in and out of the Neon app,” wrote TechCrunch. “Our network analysis tool revealed details that were not visible to regular users in the Neon app. These details included the text-based transcript of the call and a web address to the audio files, which anyone could publicly access as long as they had the link.”

TechCrunch reported the security flaw to the app creator, Alex Kiam, on Thursday, immediately after confirming the data breach. The app was shut down shortly afterward.

Kiam said that he took the servers down and notified users. Moments later, he sent an email to customers informing them about the app’s shutdown.

“Your data privacy is our number one priority, and we want to make sure it is fully secure even during this period of rapid growth. Because of this, we are temporarily taking the app down to add extra layers of security,” stated the email shared with TechCrunch.

Neon had reached over 75,000 downloads only on Thursday, and quickly reached the top of the charts on app marketplaces, reaching second place in the App Store as one of the most popular social media apps.

The platform, promoted as a “moneymaking tool,” offered users the opportunity to sell their audio conversations—between app users—for thirty cents per minute, allowing them to earn up to $30 per day, along with referral bonuses.

The data collected was offered to AI companies  “for the purpose of developing, training, testing, and improving machine learning models, artificial intelligence tools and systems, and related technologies,” according to Neon’s description.

It remains unclear when Neon’s service will be restored, and TechCrunch noted that the warning shared with users did not mention the data that had already been exposed.

Other popular apps that have recently climbed the app marketplace charts have also faced troubling security risks. Tea, a women-focused dating advice app, suffered a massive data breach right after reaching the top charts in July, forcing its developers to suspend services.