Security Vulnerability in 'Call Recorder' App Exposed User Conversations

by

A security flaw in an app called "Call Recorder" exposed thousands of customer conversations, reports TechCrunch. The vulnerability was found by PingSafe AI researcher Anand Prakesh, and has since been patched.

call recorder app
The Call Recorder app is designed to allow iPhone users to record their incoming and outgoing phone calls, with those recordings stored in the cloud on Amazon Web Services.

Using a proxy tool like Burp Suite, Prakash was able to view and modify network traffic going in and out of the app, and when replacing his phone number with the phone number of another Call Recorder user, their recordings became available on his phone.

There were more than 130,000 audio recordings available, though the files could not be accessed or downloaded outside of the app. TechCrunch informed the developer about the security flaw and it was fixed in an update on Saturday.

A recent report from mobile security firm Zimperium suggested that thousands of iOS apps that use public cloud services like Amazon Web Services, Google Cloud, and Microsoft Azure have improper setups that risk exposing user data.

6,608 iOS apps were found to be exposing users' personal information, passwords, and medical information. Zimperium CEO Shridhar Mittal said that cloud storage misconfigurations are a "disturbing trend."

"A lot of these apps have cloud storage that was not configured properly by the developer or whoever set things up and, because of that, data is visible to just about anyone. And most of us have some of these apps right now," he said.

No apps were named in the report because of the vulnerabilities involved, but some were major apps including a mobile wallet from a Fortune 500 company and a transportation app from a large city.

Tags: App Store, AWS

Popular Stories

AirPods Pro 3 Heart Rate Tracking Feature

AirPods Pro 3 Expected to Launch This Year With Key New Feature

Sunday August 24, 2025 7:16 am PDT by
Bloomberg's Mark Gurman expects Apple to release new AirPods Pro this year, and he said the earbuds will have a key new feature: heart rate monitoring. From his Power On newsletter today, with emphasis added:As for Apple's other devices, there's a lot in the fall pipeline — though many of the new products are only incremental upgrades. There will be Apple Watch updates, faster Vision...
Read Full Article73 comments
iPhone 17 Pro on Desk Centered 1

iPhone 17 Pro Coming Soon With These 12 New Features

Sunday August 24, 2025 6:00 am PDT by
Apple's iPhone 17 Pro and iPhone 17 Pro Max should be unveiled in a few more weeks, and there are plenty of rumors about the devices. In his Power On newsletter today, Bloomberg's Mark Gurman corroborated a rumor that iPhone 17 Pro models will be "available in an orange color." Below, we recap key changes rumored for the iPhone 17 Pro models: Aluminum frame: iPhone 17 Pro models are...
Read Full Article46 comments
Alleged iPhone 17 Pro Antenna Design

Two All-New iPhone 17 Colors Seemingly Confirmed

Monday August 25, 2025 4:22 am PDT by
Apple will offer the upcoming iPhone 17 Pro and iPhone 17 Pro Max in a new orange color, according to Bloomberg's Mark Gurman. Gurman made the claim in the latest edition of his Power On newsletter, adding that the new iPhone 17 Air – replacing the iPhone 16 Plus – will come in a new light blue color. We've heard multiple rumors about a new iPhone 17 Pro color being a shade of orange. The ...
Read Full Article61 comments
iPhone 17 Air Thumb 2 Blue Electric Boogaloo

Apple Has Reportedly Considered Releasing iPhone 17 Air Bumper Case

Sunday August 24, 2025 12:40 pm PDT by
Apple has "considered" releasing a bumper case for the upcoming iPhone 17 Air, according to Bloomberg's Mark Gurman. Similar to the bumper case that Apple introduced for the iPhone 4 in 2010, Gurman said the iPhone 17 Air version of the case would cover the edges of the device, but not the back of it. Those bumper cases were made of rubber. Given that the iPhone 17 Air is expected to have ...
Read Full Article90 comments
awe dropping event

Apple Event Announced for September 9: 'Awe Dropping'

Tuesday August 26, 2025 9:01 am PDT by
Apple will hold its annual iPhone-centric event on Tuesday, September 9 at the Apple Park campus in Cupertino, California, according to an announcement that went out today. The event will start at 10:00 a.m., with select members of the media invited to attend. At the September 2025 iPhone event, Apple will unveil the iPhone 17 lineup, which includes an all-new ultra-thin iPhone 17 Air. It...
Read Full Article215 comments
Apple Watch Ultra 2 Complications

Apple Watch Ultra 3 Just Weeks Away: Eight Reasons to Upgrade

Wednesday August 20, 2025 6:44 am PDT by
We're only weeks away from Apple's annual iPhone event – rumored to take place on September 9 – and along with the new iPhone 17 series, we're going to get a new version of the Apple Watch Ultra for the first time since 2023. By the time the Ultra 3 is unveiled, it will have been two years since the previous model arrived. The intervening period has left plenty of room for enhancements,...
Read Full Article75 comments
Awe Dropping Apple Event Feature

Five Things to Expect From Apple's 'Awe Dropping' September 9 Event

Tuesday August 26, 2025 4:17 pm PDT by
Apple today announced its "Awe Dropping" iPhone-centric event, which is set to take place on Tuesday, September 9 at 10:00 a.m. Pacific Time. There are a long list of products that are coming, but we thought we'd pull out five feature highlights to look forward to. That Super Thin iPhone - Apple's September 9 event will see the unveiling of the first redesigned iPhone we've had in years, ...
Read Full Article99 comments
airpods pro 2 gradient

AirPods Pro 3: Four Key Design Changes Anticipated

Tuesday August 26, 2025 4:05 am PDT by
Apple hasn't updated the AirPods Pro since 2022 other than a shift from Lightning to USB-C, and the earbuds are due for a refresh. According to Bloomberg's Mark Gurman, Apple will launch AirPods Pro 3 later this year, and apart from new features like heart rate monitoring, we're also expecting a few design changes. The fourth‑generation AirPods offer useful clues to Apple's design cues for ...
Read Full Article32 comments

Top Rated Comments

Rigby Avatar
Rigby
58 months ago

Anything goes in the walled garden as long as Apple gets its pound of flesh.

Remember when they said it was going to be curated?
If you expected Apple to be able to somehow detect every bug or vulnerability in every 3rd party app, you have completely unrealistic expectations.


You're safer using the open Web, thanks to the protections of Google.
Thanks for the laugh.
Score: 9 Votes (Like | Disagree)
MichaelMaier Avatar
MichaelMaier
58 months ago

I always wonder why people need to record a phone call, since without consent it can’t be used as evidence in a trial and might ilegal in US…… until someone from Instacart’s customer support told me to “get over it” and accept that they spy their customers but is not different from anyone else. I was like….but I’m paying for your to spy on me? And they said yes! …. I wish I have a way to record those calls.
Correct me if I’m wrong, but in most US states you only need the consent from one participant of a recorded conversation.
Score: 5 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
58 months ago

I always wonder why people need to record a phone call, since without consent it can’t be used as evidence in a trial and might ilegal in US…… until someone from Instacart’s customer support told me to “get over it” and accept that they spy their customers but is not different from anyone else. I was like….but I’m paying for your to spy on me? And they said yes! …. I wish I have a way to record those calls.
The laws in the US vary by state and jurisdiction. Some have 2 party consent, others only require 1 party. You are right that with consent, the recording can be used as evidence in court. I live in a 1 party consent state. Fyi, 37 other states and the District of Columbia are also 1 party consent.

With that knowledge in hand, it's not really that hard to fathom why people record calls.
Score: 4 Votes (Like | Disagree)
deevey Avatar
deevey
58 months ago

I always wonder why people need to record a phone call, since without consent it can’t be used as evidence in a trial and might ilegal in US…… until someone from Instacart’s customer support told me to “get over it” and accept that they spy their customers but is not different from anyone else. I was like….but I’m paying for your to spy on me? And they said yes! …. I wish I have a way to record those calls.
Try calling any customer service dept multiple times. Half the time they deny having a log of the previous complaints or fail to relay the call correctly.

Being able to play the call back to their supervisor - priceless !
Score: 4 Votes (Like | Disagree)
Apple_Robert Avatar
Apple_Robert
58 months ago

Anything goes in the walled garden as long as Apple gets its pound of flesh.

Remember when they said it was going to be curated?

You're safer using the open Web, thanks to the protections of Google.

If you use Safari Fraudulent Website Warning (which you probably do by default), that's a Google feature (Apple sends the URLs to Google's servers to check them).

None of this makes Apple look good in its antitrust hearings where they say consumers trust them to have a safe app store and thus can't allow third party app stores or payment services.
How is the subject of the article Apple's fault?
Score: 3 Votes (Like | Disagree)
dk001 Avatar
dk001
58 months ago

I always wonder why people need to record a phone call, since without consent it can’t be used as evidence in a trial and might ilegal in US…… until someone from Instacart’s customer support told me to “get over it” and accept that they spy their customers but is not different from anyone else. I was like….but I’m paying for your to spy on me? And they said yes! …. I wish I have a way to record those calls.
Sadly not true.
Recently wrapped up a legal issue where party A in a State without dual consent could record and use everything while the other side living in a dual party consent State could not.

Then again it can be fun to put "your call may be recorded for quality purposes..." on your line. :eek: The telemarketers hang up fast.
Score: 2 Votes (Like | Disagree)
Read All Comments