large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Security flaw in popular iPhone app exposes call recordings of thousands

A popular iPhone call recording app exposed the recordings of thousands of users data, a security researcher has found.

The Call Recorder app contains a security vulnerability that enabled third-parties to access a user’s entire library of recordings, just by knowing their phone number. Apple doesn’t offer call recording as a stock feature on the iPhone, so those wishing to do so easily

Noted security researcher Anand Prakash of PingSafe AI was able to sniff out the flaw using a proxy to replace his phone number with the number of another user. This enabled him to listen into recordings at will.

The app makers proudly claim the app has been downloaded over 1 million times, and says it was a top 20 business app in 20 countries.

“An attacker can pass another user’s number in the recordings request and the API will respond with recording url of the storage bucket without any authentication,” the researcher wrote. “It also leaks victim’s entire call history and the numbers on which calls were made.”

He added: “The vulnerability allowed any malicious actor to listen to any user’s call recording from the cloud storage bucket of the application and an unauthenticated API endpoint which leaked the cloud storage URL of the victim’s data.”

The shocking vulnerability has now been closed off, and it is not known whether the flaw was exploited in the wild, beyond Prakash’s discovery.

The app developer has not yet commented on the discovery, but Trusted Reviews has contacted the company seeking more details. The app was last updated on Sunday, with TechCrunch pointing out the release “patch a security report,” so it appears this is what took care of the vulnerability.

Are you a Call Recorder user? Will you halt your usage of the app following this report? Let us know @trustedreviews on Twitter.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.