Follow ZDNET: Add us as a preferred source on Google.
ZDNET’s key takeaways
- The Neon app has a security flaw that can expose call data.
- The app has been taken offline for now.
- The developer expects the app to return in one to two weeks.
People trying to earn money by sharing their personal phone conversations with the new Neon app will have to find another way to generate income, at least for now. On Thursday, the service was taken down by its developer after the discovery of a serious security flaw that let Neon users access the call recordings and other data of fellow users.
TechCrunch said it found the security vulnerability during a test of the Neon app. The flaw exposed the phone numbers, call recordings, and transcripts of Neon users to anyone signed in to the app. In its research, TechCrunch learned that the servers used by Neon were failing to prevent any logged-in user from accessing another person’s call data.
While making test phone calls, TechCrunch’s Zack Whittaker said he saw a list of his recent calls and how much money each call earned. That’s the way the app is supposed to work. But using a network analysis tool, Whittaker uncovered details not available through the app, including a transcript of the call and a URL to the audio files, information anyone could view as long as they had the link.
Also: This app will pay you $30/day to record your phone calls for AI – but is it worth it?
In response to the flaw, TechCrunch alerted the developer, Alex Kiam, who took down the service and notified users via the following email message:
“Thanks for using the app! Your data privacy is our number one priority, and we want to make sure it is fully secure even during this period of rapid growth. Because of this, we are temporarily taking the app down to add extra layers of security. You will not be able to make calls or cash out, and the app will temporarily display $0 in your account, but your money has not disappeared. The app will be back online soon. Stay tuned!”
In a message sent to ZDNET, Kiam cited the security vulnerability as the reason for the app’s vanishing act.
Also: Does your generative AI protect your privacy? New study ranks them best to worst
“We took down the server in order to protect people’s privacy, given the security vulnerability,” Kiam said. “So the app doesn’t work right now. We are working to a) fix the vulnerability and b) do a thorough security audit. When both happen, we will relaunch. 1-2 weeks.”
In my testing, I was still able to find and download the app. But I was unable to kick off the registration process, which simply triggered an error message instead.
How Neon works
Initially launched in July for iOS and Android users, Neon offers a new spin on a way to make money from your personal data. Officially known as Neon – Money Talks, the app pays you for certain phone conversations that you share with the company behind the app. Recordings of your phone calls are then sent to AI developers who use natural language to train their chatbots.
Only calls made or received through the Neon app are recorded. Neon will give you 30 cents per minute when you speak with another Neon user. In that case, both sides of the conversation are recorded. You’ll earn 15 cents per minute when you speak with a non-Neon user. Here, only your end of the call is recorded and shared. You can earn up to $30 a day by sharing your calls with Neon. The company will also dole out a $30 referral fee for each person you convince to use the app.
Also: How to remove yourself from Whitepages in 5 quick steps – and why you should
Neon promises to anonymize your calls, in which case it removes names, numbers, addresses, and other PII (personally identifiable information) before the calls are shared. The call recordings are encrypted and sold only to trusted and vetted AI companies, according to Neon.
Despite the assurances to protect your privacy, the developer seems to have neglected to properly test and vet the app against security weaknesses. The notion of sharing your private phone calls to make a few bucks seems like a slippery road to take. But the reveal of this security vulnerability raises even more red flags about the app and the value of your privacy.
Want to follow my work? Add ZDNET as a trusted source on Google.