The service has been taken down, but the developer promises a relaunch in another one to two weeks.
The Neon app has a security flaw that can expose call data.
The app has been taken offline for now.
The developer expects the app to return in one to two weeks.
People trying to earn money by sharing their personal phone conversations with the new Neon app will have to find another way to generate income, at least for now. On Thursday, the service was taken down by its developer after the discovery of a serious security flaw that let Neon users access the call recordings and other data of fellow users.
TechCrunch said it found the security vulnerability during a test of the Neon app. The flaw exposed the phone numbers, call recordings, and transcripts of Neon users to anyone signed in to the app. In its research, TechCrunch learned that the servers used by Neon were failing to prevent any logged-in user from accessing another person’s call data.
While making test phone calls, TechCrunch’s Zack Whittaker said he saw a list of his recent calls and how much money each call earned. That’s the way the app is supposed to work. But using a network analysis tool, Whittaker uncovered details not available through the app, including a transcript of the call and a URL to the audio files, information anyone could view as long as they had the link.
In response to the flaw, TechCrunch alerted the developer, Alex Kiam, who took down the service and notified users via the following email message:
„Thanks for using the app! Your data privacy is our number one priority, and we want to make sure it is fully secure even during this period of rapid growth.
