Zack Whittaker* breathes in *
Fuccccccccckkkkkk thiiiisssssss. How this sketchy call recording app got to #2 in the Apple App Store is beyond me.
Well, it somehow got even worse.
After taking a look at the Neon app, I found a major security flaw that allowed any logged-in user to access the phone numbers, call recordings, and transcripts of any other user.
I alerted the company's founder, Alex Kiam, to the security lapse, and he pulled Neon offline soon after.
Exclusive: Neon takes down app after exposing users' phone numbers, call recordings, and transcripts
Call recording app Neon was one of the top-ranked iPhone apps, but was pulled offline after a security bug allowed any logged-in user to access the call recordings and transcripts of any other user.
Speed demon πͺπΊ π³π΄πΊπ¦π΅πΈ@zackwhittaker Heeey !! FREE money ! Also Dooonuuuuuuut !
Em 
@zackwhittaker Wow! Excellent work! I hope this triggers the interest of data protections authorities as well. There are so many things wrong with this app.
@Em0nM4stodon thank you Em, means a lot!
josh g.@zackwhittaker nice work and also (not to understate your skill but) yikes that sounds like they just totally failed App Security 101
@joshg thank you and I agree; it's quite a state of affairs if someone with as few skills as I can still find something so glaringly obviously bad.
@zackwhittaker
sort of helps get rid of infosec imposter syndrome, though, doesn't it π
sort of helps get rid of infosec imposter syndrome, though, doesn't it π
Stephen Bannasch (316 ppm)Good investigation and reporting!!
@stepheneb thanks stephen :)
skry@zackwhittaker Thank you for doing that.
Dissent Doe 
@zackwhittaker Brilliant investigation and reporting, Zack!!
@PogoWasRight you're far too kind, thank you DD!
β― Michel de Cryptadamus β―
Brandon@zackwhittaker Yikes I literally had to reread what the app does. It's like wtf inception.
Joseph Lorenzo Hall, PhD@zackwhittaker jfc thank you for your service. This is so ignorantly beyond the pale. We work so hard to keep backdoors out of our communications and these fools just dump full take
@joebeone thanks Joe, i appreciate it!
mytwobits01@zackwhittaker
I'm puzzled why users would expect any privacy when they're voluntarily handing over their phone conversations....
I'm puzzled why users would expect any privacy when they're voluntarily handing over their phone conversations....
Royce WilliamsWell, there's a difference between "The company I'm giving data to can see what I'm doing" and "Everyone in the world can see what I'm doing", I think.
@tychotithonus
When you put it like that, it does seem to fit the established social media data model. On the other hand, if the data is *intended* to be incorporated into a public product....
I don't know. Hard to say what their users expected (if anything). I hadn't heard of Neon, and don't know what they promised their users. Clearly, though, they don't deserve trust.
AnneH@zackwhittaker Great reporting. Sigh. Hate how this was so predictable with this "app".
Naive users unfairly doxxed.
Naive users unfairly doxxed.