Security Vulnerability in 'Call Recorder' App Exposed User Conversations

by

A security flaw in an app called "Call Recorder" exposed thousands of customer conversations, reports TechCrunch. The vulnerability was found by PingSafe AI researcher Anand Prakesh, and has since been patched.

call recorder app
The Call Recorder app is designed to allow iPhone users to record their incoming and outgoing phone calls, with those recordings stored in the cloud on Amazon Web Services.

Using a proxy tool like Burp Suite, Prakash was able to view and modify network traffic going in and out of the app, and when replacing his phone number with the phone number of another Call Recorder user, their recordings became available on his phone.

There were more than 130,000 audio recordings available, though the files could not be accessed or downloaded outside of the app. TechCrunch informed the developer about the security flaw and it was fixed in an update on Saturday.

A recent report from mobile security firm Zimperium suggested that thousands of iOS apps that use public cloud services like Amazon Web Services, Google Cloud, and Microsoft Azure have improper setups that risk exposing user data.

6,608 iOS apps were found to be exposing users' personal information, passwords, and medical information. Zimperium CEO Shridhar Mittal said that cloud storage misconfigurations are a "disturbing trend."

"A lot of these apps have cloud storage that was not configured properly by the developer or whoever set things up and, because of that, data is visible to just about anyone. And most of us have some of these apps right now," he said.

No apps were named in the report because of the vulnerabilities involved, but some were major apps including a mobile wallet from a Fortune 500 company and a transportation app from a large city.

Tags: App Store, AWS

Popular Stories

apple launch feb 2025 alt

Here Are the New Apple Products We're Still Expecting This Spring

Thursday February 20, 2025 5:06 am PST by
Now that Apple has announced its new more affordable iPhone 16e, our thoughts turn to what else we are expecting from the company this spring. There are three product categories that we are definitely expecting to get upgraded before spring has ended. Keep reading to learn what they are. If we're lucky, Apple might make a surprise announcement about a completely new product category. M4...
Read Full Article61 comments
prioritize notifications ios 18 4

Everything New in iOS 18.4 Beta 1

Friday February 21, 2025 1:08 pm PST by
Apple finally released the first beta of iOS 18.4 to developers for testing purposes, and while the beta is lacking some of the Apple Intelligence features we were hoping for, there are some notable new additions. Subscribe to the MacRumors YouTube channel for more videos. Priority Notifications - Apple Intelligence There is a new Priority Notifications feature that can show you your most...
Read Full Article85 comments
Apple iPhone 16e Feature

Apple Announces iPhone 16e With A18 Chip and Apple Intelligence, Pricing Starts at $599

Wednesday February 19, 2025 8:02 am PST by
Apple today introduced the iPhone 16e, its newest entry-level smartphone. The device succeeds the third-generation iPhone SE, which has now been discontinued. The iPhone 16e features a larger 6.1-inch OLED display, up from a 4.7-inch LCD on the iPhone SE. The display has a notch for Face ID, and this means that Apple no longer sells any iPhones with a Touch ID fingerprint button, marking the ...
Read Full Article686 comments
ios 18 4 ambient music

iOS 18.4 Adds New Ambient Music Feature

Friday February 21, 2025 11:06 am PST by
In iOS 18.4, there's a new Ambient Music option that can be added to Control Center. There are four different sound categories, including Sleep, Chill, Productivity, and Wellbeing. Each category can be added to Control Center separately, and tapping one plays a random selection of sounds or music from that particular category. You can't choose what's playing from Control Center, but if...
Read Full Article38 comments
iphone 17 pro asherdipps

iPhone 17 Pro Models Rumored to Feature Aluminum Frame Instead of Titanium Frame

Tuesday February 18, 2025 12:02 pm PST by
Over the years, Apple has switched from an aluminum frame to a stainless steel frame to a titanium frame for its highest-end iPhones. And now, it has been rumored that Apple will go back to using aluminum for three out of four iPhone 17 models. In an investor note with research firm GF Securities, obtained by MacRumors this week, Apple supply chain analyst Jeff Pu said the iPhone 17, iPhone...
Read Full Article175 comments
iPhone 16e Feature

Apple Denies Speculation Surrounding iPhone 16e's Lack of MagSafe

Friday February 21, 2025 8:01 am PST by
Apple has confirmed that its custom-designed C1 modem in the iPhone 16e has nothing to do with the device's lack of MagSafe support, according to Macworld. Following the launch of the iPhone 16e, there was some speculation online about how MagSafe magnets might have interfered with the C1 modem's cellular connectivity performance, and this was considered to be a potential reason for the...
Read Full Article158 comments
Generic iOS 18

Here's When Apple Will Release iOS 18.4

Wednesday February 19, 2025 11:38 am PST by
Following the launch of the iPhone 16e, Apple updated its iOS 18, iPadOS 18, and macOS Sequoia pages to give a narrower timeline on when the next updates are set to launch. All three pages now state that new Apple Intelligence features and languages will launch in early April, an update from the more broader April timeframe that Apple provided before. The next major point updates will be iOS ...
Read Full Article46 comments
oppo find n5 fingers

World's Thinnest Foldable Phone Launches in Europe and Asia

Thursday February 20, 2025 8:55 am PST by
Oppo has launched the Find N5, the world's thinnest foldable phone yet. When closed, the book-style foldable measures 8.93mm. That's less than a millimeter thicker than an iPhone 16 Pro, and thinner than the Honor Magic V3, which was the previous record holder. The device is barely thicker than its USB-C port. Indeed, Oppo has suggested that the obstacle to making it any thinner is now "the...
Read Full Article178 comments

Top Rated Comments

Rigby Avatar
Rigby
52 months ago

Anything goes in the walled garden as long as Apple gets its pound of flesh.

Remember when they said it was going to be curated?
If you expected Apple to be able to somehow detect every bug or vulnerability in every 3rd party app, you have completely unrealistic expectations.


You're safer using the open Web, thanks to the protections of Google.
Thanks for the laugh.
Score: 9 Votes (Like | Disagree)
MichaelMaier Avatar
MichaelMaier
52 months ago

I always wonder why people need to record a phone call, since without consent it can’t be used as evidence in a trial and might ilegal in US…… until someone from Instacart’s customer support told me to “get over it” and accept that they spy their customers but is not different from anyone else. I was like….but I’m paying for your to spy on me? And they said yes! …. I wish I have a way to record those calls.
Correct me if I’m wrong, but in most US states you only need the consent from one participant of a recorded conversation.
Score: 5 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
52 months ago

I always wonder why people need to record a phone call, since without consent it can’t be used as evidence in a trial and might ilegal in US…… until someone from Instacart’s customer support told me to “get over it” and accept that they spy their customers but is not different from anyone else. I was like….but I’m paying for your to spy on me? And they said yes! …. I wish I have a way to record those calls.
The laws in the US vary by state and jurisdiction. Some have 2 party consent, others only require 1 party. You are right that with consent, the recording can be used as evidence in court. I live in a 1 party consent state. Fyi, 37 other states and the District of Columbia are also 1 party consent.

With that knowledge in hand, it's not really that hard to fathom why people record calls.
Score: 4 Votes (Like | Disagree)
deevey Avatar
deevey
52 months ago

I always wonder why people need to record a phone call, since without consent it can’t be used as evidence in a trial and might ilegal in US…… until someone from Instacart’s customer support told me to “get over it” and accept that they spy their customers but is not different from anyone else. I was like….but I’m paying for your to spy on me? And they said yes! …. I wish I have a way to record those calls.
Try calling any customer service dept multiple times. Half the time they deny having a log of the previous complaints or fail to relay the call correctly.

Being able to play the call back to their supervisor - priceless !
Score: 4 Votes (Like | Disagree)
Apple_Robert Avatar
Apple_Robert
52 months ago

Anything goes in the walled garden as long as Apple gets its pound of flesh.

Remember when they said it was going to be curated?

You're safer using the open Web, thanks to the protections of Google.

If you use Safari Fraudulent Website Warning (which you probably do by default), that's a Google feature (Apple sends the URLs to Google's servers to check them).

None of this makes Apple look good in its antitrust hearings where they say consumers trust them to have a safe app store and thus can't allow third party app stores or payment services.
How is the subject of the article Apple's fault?
Score: 3 Votes (Like | Disagree)
dk001 Avatar
dk001
52 months ago

I always wonder why people need to record a phone call, since without consent it can’t be used as evidence in a trial and might ilegal in US…… until someone from Instacart’s customer support told me to “get over it” and accept that they spy their customers but is not different from anyone else. I was like….but I’m paying for your to spy on me? And they said yes! …. I wish I have a way to record those calls.
Sadly not true.
Recently wrapped up a legal issue where party A in a State without dual consent could record and use everything while the other side living in a dual party consent State could not.

Then again it can be fun to put "your call may be recorded for quality purposes..." on your line. :eek: The telemarketers hang up fast.
Score: 2 Votes (Like | Disagree)
Read All Comments