{"id":691995,"date":"2025-09-26T00:40:26","date_gmt":"2025-09-25T21:40:26","guid":{"rendered":"https:\/\/buradabiliyorum.com\/en\/viral-call-recording-app-neon-goes-dark-after-exposing-users-phone-numbers-call-recordings-and-transcripts\/"},"modified":"2025-09-26T00:40:26","modified_gmt":"2025-09-25T21:40:26","slug":"viral-call-recording-app-neon-goes-dark-after-exposing-users-phone-numbers-call-recordings-and-transcripts","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/viral-call-recording-app-neon-goes-dark-after-exposing-users-phone-numbers-call-recordings-and-transcripts\/","title":{"rendered":"Viral call-recording app Neon goes dark after exposing users&#8217; phone numbers, call recordings, and transcripts"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a36e64b59492\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a36e64b59492\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/viral-call-recording-app-neon-goes-dark-after-exposing-users-phone-numbers-call-recordings-and-transcripts\/#Call_recordings_and_transcripts_exposed\" >Call recordings and transcripts exposed<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/viral-call-recording-app-neon-goes-dark-after-exposing-users-phone-numbers-call-recordings-and-transcripts\/#App_shuts_down_for_now\" >App shuts down, for now<\/a><\/li><\/ul><\/nav><\/div>\n<div>\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\">A viral <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a> called Neon, which offers to record your phone calls and pay you for the audio so it can sell that data to AI companies, has rapidly risen to the ranks of the top-five free iPhone apps since its launch last week.<\/p>\n<p class=\"wp-block-paragraph\">The app already has thousands of users and was downloaded 75,000 times yesterday alone, according to app intelligence provider Appfigures. Neon pitches itself as a way for users to make by providing call recordings that help train, improve, and test AI models.<\/p>\n<p class=\"wp-block-paragraph\">But now Neon has gone offline, at least for now, after a security flaw allowed anyone to access the phone numbers, call recordings, and transcripts of any other user, TechCrunch can now report.<\/p>\n<p class=\"wp-block-paragraph\">TechCrunch discovered the security flaw during a short test of the app on Thursday. We alerted the app\u2019s founder, Alex Kiam (who previously did not respond to a request for comment about the app), to the flaw soon after our discovery.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Kiam told TechCrunch later Thursday that he took down the app\u2019s servers and began notifying users about pausing the app, but fell short of informing his users about the security lapse.<\/p>\n<p class=\"wp-block-paragraph\">\u00a0The Neon app stopped functioning soon after we contacted Kiam.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-call-recordings-and-transcripts-exposed\"><span class=\"ez-toc-section\" id=\"Call_recordings_and_transcripts_exposed\"><\/span>Call recordings and transcripts exposed<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p class=\"wp-block-paragraph\">At fault was the fact that the Neon app\u2019s servers were not preventing any logged-in user from accessing someone else\u2019s data.<\/p>\n<p class=\"wp-block-paragraph\">TechCrunch created a new user account on a dedicated iPhone and verified a phone number as part of the sign-up process. We used a network traffic analysis tool called Burp Suite to inspect the network data flowing in and out of the Neon app, allowing us to understand how the app works at a technical level, such as how the app communicates with its back-end servers.<\/p>\n<p class=\"wp-block-paragraph\">After making some test phone calls, the app showed us a list of our most recent calls and how much money each call earned. But our network analysis tool revealed details that were not visible to regular users in the Neon app. These details included the text-based transcript of the call and a web address to the audio files, which anyone could publicly access as long as they had the link.<\/p>\n<p class=\"wp-block-paragraph\">For example, here you can see the transcript from our test call between two TechCrunch reporters confirming that the recording worked properly.<\/p>\n<figure class=\"wp-block-image alignwide size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1644\" height=\"332\" src=\"https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/09\/neon-mobile-burp-intercept.png\" alt=\"a JSON response from Neon Mobile's server, which reads as transcript text from a call between two TC reporters, which says: &quot;Uh, it worked. Hooray. Okay. Thanks, mate.&quot;\" class=\"wp-image-3050605\" srcset=\"https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/09\/neon-mobile-burp-intercept.png 1644w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/09\/neon-mobile-burp-intercept.png?resize=150,30 150w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/09\/neon-mobile-burp-intercept.png?resize=300,61 300w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/09\/neon-mobile-burp-intercept.png?resize=768,155 768w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/09\/neon-mobile-burp-intercept.png?resize=680,137 680w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/09\/neon-mobile-burp-intercept.png?resize=1200,242 1200w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/09\/neon-mobile-burp-intercept.png?resize=1280,258 1280w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/09\/neon-mobile-burp-intercept.png?resize=430,87 430w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/09\/neon-mobile-burp-intercept.png?resize=720,145 720w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/09\/neon-mobile-burp-intercept.png?resize=900,182 900w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/09\/neon-mobile-burp-intercept.png?resize=800,162 800w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/09\/neon-mobile-burp-intercept.png?resize=1536,310 1536w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/09\/neon-mobile-burp-intercept.png?resize=668,135 668w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/09\/neon-mobile-burp-intercept.png?resize=1440,291 1440w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/09\/neon-mobile-burp-intercept.png?resize=708,143 708w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/09\/neon-mobile-burp-intercept.png?resize=50,10 50w\" sizes=\"auto, (max-width: 1644px) 100vw, 1644px\"\/><figcaption class=\"wp-element-caption\"><span class=\"wp-block-image__credits\"><strong>Image Credits:<\/strong>TechCrunch<\/span><\/figcaption><\/figure>\n<p class=\"wp-block-paragraph\">But the backend servers were also capable of spitting out reams of other people\u2019s call recordings and their transcripts.<\/p>\n<p class=\"wp-block-paragraph\">In one case, TechCrunch found that the Neon servers could produce data about the most recent calls made by the app\u2019s users, as well as providing public web links to their raw audio files and the transcript text of what was said on the call. (The audio files contain recordings of just those who installed Neon, not those they contacted.)<\/p>\n<p class=\"wp-block-paragraph\">Similarly, the Neon servers could be manipulated to reveal the most recent call records (also known as metadata) from any its users. This metadata contained the user\u2019s phone number and the phone number of the person they\u2019re calling, when the call was made, its duration, and how much money each call earned.<\/p>\n<p class=\"wp-block-paragraph\">A review of a handful of transcripts and audio files suggests some users may be using the app to make lengthy calls that covertly record real-world conversations with other people in order to generate money through the app.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-app-shuts-down-for-now\"><span class=\"ez-toc-section\" id=\"App_shuts_down_for_now\"><\/span>App shuts down, for now<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p class=\"wp-block-paragraph\">Soon after we alerted Neon to the flaw on Thursday, the company\u2019s founder, Kiam, sent out an email to customers alerting them to the app\u2019s shutdown.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cYour data privacy is our number one priority, and we want to make sure it is fully secure even during this period of rapid growth. Because of this, we are temporarily taking the app down to add extra layers of security,\u201d the email, shared with TechCrunch, reads.<\/p>\n<p class=\"wp-block-paragraph\">Notably, the email makes no mention of a security lapse or that it exposed users\u2019 phone numbers, call recordings, and call transcripts to any other user who knew where to look.<\/p>\n<p class=\"wp-block-paragraph\">It\u2019s unclear when Neon will come back online or whether this security lapse will gain the attention of the app stores.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Apple and Google have not yet responded to TechCrunch\u2019s requests for comment about whether or not Neon was compliant with their respective developer guidelines.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">However, this would not be the first time that an app with serious security issues has made it onto these app marketplaces. Recently, a popular mobile dating companion app, Tea, experienced a data breach, which exposed its users\u2019 personal information and government-issued identity documents. Popular apps like Bumble and Hinge were caught in 2024 exposing their users\u2019 locations. Both stores also have to regularly purge malicious apps that slip past their app review processes.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">When asked, Kiam did not im<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>tely say if the app had undergone any security review ahead of its launch, and if so, who performed the review. Kiam also did not say, when asked, if the company has the technical means, such as logs, to determine if anyone else found the flaw before us or if any user data was stolen.<\/p>\n<p class=\"wp-block-paragraph\">TechCrunch additionally reached out to Upfront Ventures and Xfund, which Kiam claims in <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.linkedin.com\/posts\/alex-kiam-608626b1_hiring-if-youre-a-10x-mobile-dev-based-activity-7333175657629143040-_xqO?utm_source=share&amp;utm_medium=member_desktop&amp;rcm=ACoAAABfl0AB-pFcSfrJ_NE6Dz-ocSptWS4YoW4\">a LinkedIn post<\/a> have invested in his app. Neither firm has responded to our requests for comment as of publication.<\/p>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMN63nwsw68G3Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" target=\"_blank\" >Technology<\/a><\/span> category.<\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/techcrunch.com\/2025\/09\/25\/viral-call-recording-app-neon-goes-dark-after-exposing-users-phone-numbers-call-recordings-and-transcripts\/\" target=\"_blank\" >Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A viral app called Neon, which offers to record your phone calls and pay you for the audio so it can sell that data to AI companies, has rapidly risen to the ranks of the top-five free iPhone apps since its launch last week. The app already has thousands of users and was downloaded 75,000&#8230;<\/p>\n","protected":false},"author":1,"featured_media":691996,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/09\/neon-phone-app-smaller.jpg?resize=1200,800","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[15047,158843,5055,157938,70375,61594,26112,158844,72287,151454],"class_list":["post-691995","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-privacy","tag-apple-app-store-security","tag-apps","tag-call-recording","tag-cybersecurity","tag-exclusive","tag-neon","tag-neon-mobile","tag-security","tag-tc"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/691995","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=691995"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/691995\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/691996"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=691995"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=691995"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=691995"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}