Exclusive: Neon takes down app after exposing users' phone numbers, call recordings, and transcripts
techcrunch.com
Call recording app Neon was one of the top-ranked iPhone apps, but was pulled offline after a security bug allowed any logged-in user to access the call recordings and transcripts of any other user.

Call recording app Neon was one of the top-ranked iPhone apps, but was pulled offline after a security bug allowed any logged-in user to access the call recordings and transcripts of any other user.

  • Flyberius [comrade/them]@hexbear.netEnglish
    2·
    3 days ago

    Yeah I get that that. I’ve made quite a few web apps and I’ve also used a lot of niche industry ones that have awful security, like the examples I have.

    Time sensitive/single use uuids are not the problem, it’s assuming that the uniqueness and hard to guessness of the uuid is good enough for security