Security Vulnerability in 'Call Recorder' App Exposed User Conversations - MacRumors
Skip to Content

Security Vulnerability in 'Call Recorder' App Exposed User Conversations

by

A security flaw in an app called "Call Recorder" exposed thousands of customer conversations, reports TechCrunch. The vulnerability was found by PingSafe AI researcher Anand Prakesh, and has since been patched.

call recorder app
The Call Recorder app is designed to allow iPhone users to record their incoming and outgoing phone calls, with those recordings stored in the cloud on Amazon Web Services.

Using a proxy tool like Burp Suite, Prakash was able to view and modify network traffic going in and out of the app, and when replacing his phone number with the phone number of another Call Recorder user, their recordings became available on his phone.

There were more than 130,000 audio recordings available, though the files could not be accessed or downloaded outside of the app. TechCrunch informed the developer about the security flaw and it was fixed in an update on Saturday.

A recent report from mobile security firm Zimperium suggested that thousands of iOS apps that use public cloud services like Amazon Web Services, Google Cloud, and Microsoft Azure have improper setups that risk exposing user data.

6,608 iOS apps were found to be exposing users' personal information, passwords, and medical information. Zimperium CEO Shridhar Mittal said that cloud storage misconfigurations are a "disturbing trend."

"A lot of these apps have cloud storage that was not configured properly by the developer or whoever set things up and, because of that, data is visible to just about anyone. And most of us have some of these apps right now," he said.

No apps were named in the report because of the vulnerabilities involved, but some were major apps including a mobile wallet from a Fortune 500 company and a transportation app from a large city.

Tags: App Store, AWS

Popular Stories

iOS App Store General Feature Desaturated

Apple Removes Freecash App From App Store After Months of Data Harvesting

Tuesday April 14, 2026 3:54 pm PDT by
Apple removed scam app Freecash from the App Store this week after the app spent months harvesting data from iPhone users, reports TechCrunch. Freecash reached the number two spot on the U.S. App Store charts in January after being heavily marketed on TikTok. It promised users up to $35 per hour for watching TikTok content, but it was collecting swaths of user data. Back in January, Wired...
Read Full Article74 comments
grok logo purple gradient

Apple Threatened to Pull Grok From App Store Over Sexualized Images

Wednesday April 15, 2026 7:10 am PDT by
Apple privately warned Elon Musk's xAI company in January that it would remove the Grok app from the App Store unless the company put a stop to the chatbot's nude and sexualized deepfakes, according to a letter Apple sent to U.S. senators and obtained by NBC News ($). Earlier this year, Grok's AI capabilities came under scrutiny after X users shared nonconsensual sexualized images of women...
Read Full Article99 comments
iOS App Store General Feature Dock

Apple Quietly Tweaked the iOS App Store App – Here's What's Changed

Friday April 17, 2026 2:32 am PDT by
No, you aren't going crazy – Apple has quietly made a backend change to the App Store app in iOS that switches the location of the Updates tab and renames it to make it more prominent. In the App Store app, you can see the change by tapping your profile picture in the top-right corner. The "Apps & Purchase History" tab used to be at the top the list, but it has switched places with...
Read Full Article48 comments

Top Rated Comments

R
Rigby
68 months ago

Anything goes in the walled garden as long as Apple gets its pound of flesh.

Remember when they said it was going to be curated?
If you expected Apple to be able to somehow detect every bug or vulnerability in every 3rd party app, you have completely unrealistic expectations.


You're safer using the open Web, thanks to the protections of Google.
Thanks for the laugh.
Score: 9 Votes (Like | Disagree)
M
MichaelMaier
68 months ago

I always wonder why people need to record a phone call, since without consent it can’t be used as evidence in a trial and might ilegal in US…… until someone from Instacart’s customer support told me to “get over it” and accept that they spy their customers but is not different from anyone else. I was like….but I’m paying for your to spy on me? And they said yes! …. I wish I have a way to record those calls.
Correct me if I’m wrong, but in most US states you only need the consent from one participant of a recorded conversation.
Score: 5 Votes (Like | Disagree)
D
deevey
68 months ago

I always wonder why people need to record a phone call, since without consent it can’t be used as evidence in a trial and might ilegal in US…… until someone from Instacart’s customer support told me to “get over it” and accept that they spy their customers but is not different from anyone else. I was like….but I’m paying for your to spy on me? And they said yes! …. I wish I have a way to record those calls.
Try calling any customer service dept multiple times. Half the time they deny having a log of the previous complaints or fail to relay the call correctly.

Being able to play the call back to their supervisor - priceless !
Score: 4 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
68 months ago

I always wonder why people need to record a phone call, since without consent it can’t be used as evidence in a trial and might ilegal in US…… until someone from Instacart’s customer support told me to “get over it” and accept that they spy their customers but is not different from anyone else. I was like….but I’m paying for your to spy on me? And they said yes! …. I wish I have a way to record those calls.
The laws in the US vary by state and jurisdiction. Some have 2 party consent, others only require 1 party. You are right that with consent, the recording can be used as evidence in court. I live in a 1 party consent state. Fyi, 37 other states and the District of Columbia are also 1 party consent.

With that knowledge in hand, it's not really that hard to fathom why people record calls.
Score: 4 Votes (Like | Disagree)
Apple_Robert Avatar
Apple_Robert
68 months ago

Anything goes in the walled garden as long as Apple gets its pound of flesh.

Remember when they said it was going to be curated?

You're safer using the open Web, thanks to the protections of Google.

If you use Safari Fraudulent Website Warning (which you probably do by default), that's a Google feature (Apple sends the URLs to Google's servers to check them).

None of this makes Apple look good in its antitrust hearings where they say consumers trust them to have a safe app store and thus can't allow third party app stores or payment services.
How is the subject of the article Apple's fault?
Score: 3 Votes (Like | Disagree)
return2sendai Avatar
return2sendai
68 months ago
Why isn't call recording built in?
Score: 2 Votes (Like | Disagree)
Read All Comments