A viral app called Neon has sparked controversy over its data privacy practices after exposing users’ phone numbers, call recordings, and transcripts. This app, which promises to record your phone calls and pay you for the audio (https://techcrunch.com/2025/09/24/neon-the-no-2-social-app-on-the-apple-app-store-pays-users-to-record-their-phone-calls-and-sells-data-to-ai-firms/), has rapidly gained popularity since its launch last week, rising to the top five free iPhone apps. Its ability to monetize call recordings—by offering payments for audio snippets used to train AI models—has drawn both praise and criticism. However, the app’s sudden shutdown raises questions about its transparency and security protocols.
TechCrunch discovered a critical vulnerability during a brief test of the app on Thursday, revealing that a security flaw allowed anyone to access the personal data of any user. This flaw, which exposed phone numbers, call records, and transcripts, led to the app being taken offline temporarily. The company’s founder, Alex Kiam, initially removed the app’s servers and notified users of a pause, but failed to disclose the breach. When contacted, Kiam did not address the specific security lapse or the exposure of user data, leaving users confused about the app’s intentions.
The app’s servers were found to lack proper safeguards, enabling unauthorized access to sensitive information. TechCrunch tested the app by creating a new account and verifying a phone number during sign-up, only to uncover how the app transmitted data. Using tools like Burp Suite, they analyzed network traffic and found that the app shared detailed transcripts and web links to audio files, which could be accessed publicly once the link was known. For instance, a test call between two TechCrunch reporters showed a transcript confirming the recording worked, but users could also access raw audio files and transcripts.
The back-end servers were capable of retrieving extensive data from other users, including recent call records and metadata (like phone numbers and call durations). In one case, TechCrunch found that Neon’s servers could expose the most recent calls of its users and provide public links to their audio files, even if the data was not directly linked to the user. This raised concerns about the app’s ability to protect user privacy, especially when users are unaware of the risks.
Kiam’s email to customers, which announced the app’s shutdown, emphasized data privacy as a priority but omitted details about the security breach. The email did not mention the exposure of user data or the flaw itself, sparking debates about transparency. While Apple and Google have not responded to TechCrunch’s inquiries about Neon’s compliance with their guidelines, this isn’t the first time a security issue has caused an app to be removed from app stores. Earlier, a dating app called Tea faced a data breach that exposed users’ personal information, and popular apps like Bumble and Hinge were found to leak users’ locations.
Kiam’s company, Neon, has not disclosed whether it underwent a security review before launching the app or if any user data was stolen. TechCrunch also reached out to investors like Upfront Ventures and Xfund, which have backed Kiam’s project, but neither firm has commented on the matter. The app’s future remains uncertain as it continues to grapple with the fallout of its security lapse.
But here’s where it gets controversial: Is it ethical for an app to sell user data for profit? And if users can access their own call recordings, does that mean they’re essentially sharing their private conversations? As the debate over data privacy intensifies, the line between innovation and exploitation becomes increasingly blurred. What’s clear is that Neon’s case highlights the growing tension between technological advancement and user rights, leaving many to wonder: Should we trust apps that monetize our most intimate moments?
