Neon, an application that pays to record your phone calls reaches number 2 on the App Store, removed from a security flaw

After getting out of nowhere, a new viral application that pays people to record their phone calls in order to form AI was torn offline after a security defect, allegedly exposed user data.

The founder of the neon, Alex Kiam, told Gizmodo in an email that the servers of the application were broken while the team corrects the vulnerability and performs a security audit to ensure that the problem does not happen again.

Neon was launched last week and quickly pulled place number two on the best table of the free iPhone applications before being withdrawn on Thursday.

The application pays to users who agree to save their calls and allows NEON to sell these records and other data to AI companies to train their models and vocal assistants. It has been launched as a way for people to earn money from their data, which technological companies have long benefited.

“Companies collect and sell your data every day. We think you deserve a reduction, ”says the company’s website.

Things took a tour on Thursday after Techcrunch discovered and reported a major defect which allowed almost anyone to access sensitive neon user data, including telephone numbers, call recordings and transcriptions.

During the application test, Techcrunch used the Burp network following network tools to analyze the data to come and get out of the application. Neon’s interface displays only a simple list of recent calls from a user and the amount gained. However, Burp Suite was able to obtain much more information in the Back-End servers of the application, such as complete call transcriptions and public links to the crude calls from other users’s calls.

By approaching further, Techcrunch journalists discovered that they could also access the call metadata for other users. This information included the telephone numbers of the two parties, the time and duration of a call, and how each call won.

Kiam said the neon team had closed the servers of the application immediately after Techcrunch alerted them to the fault.

In an email to users, the company said it expects to return online soon.

“Your data confidentiality is our number one priority, and we want to make sure that it is fully secure even during this period of rapid growth,” said the email. “For this reason, we temporarily remove the application to add additional safety layers.”

How does neon work

Users register with their telephone number and grant a neon authorization to record calls made via the application. Whenever they place or receive a call from the application, it automatically records both sides of the conversation if the other part also uses a neon, or, in theory, just the side of the neon user if the person is not on the application.

The records and related data are then supposed to be anonymized – exceeded in identification details – and sold to AI and verified data partners. Users earn $ 0.30 per minute for calls with another neon user or $ 0.15 per minute when calling a non-user, capped at $ 30 per day.