This viral app paid users to sell their private phone calls to AI firms – now it’s offline after a shocking data breach (www.techradar.com)

Neon Mobile, a viral app that paid users for recordings of their phone calls and then sold those recordings to AI firms for training, has been taken offline after a major security lapse. Investigators at TechCrunch created an account and used Burp Suite to inspect Neon’s network traffic, discovering that API endpoints exposed lists of recent calls across users along with publicly accessible links to transcripts and audio files. The flaw meant anyone with minimal technical skill could retrieve other users’ phone numbers, call metadata (date, duration), full transcripts and raw recordings — effectively a wide-open repository of private conversations. The incident is significant for AI/ML because it highlights acute data governance and consent failures in sourcing voice data for model training. Retaining metadata that can deanonymize speakers, failing to notify or obtain consent from recorded call participants, and enabling covert recording create legal and ethical liabilities (privacy law, app-store policy, and reputational risk). Beyond immediate abuses (blackmail, doxxing, unauthorized surveillance), leaked voice corpora can propagate into commercial models, amplifying exposure and making remediation difficult. Neon’s founder temporarily pulled the app to “add extra layers of security,” but the breach underscores the need for stricter provenance, encryption, access controls, and regulatory scrutiny around how voice data is collected and traded for AI development.