Bug in ‘Call Recorder’ iOS App Leaks Thousands of Recordings

A bug in an iOS call recording app potentially leaked users recordings to anyone on the internet with a laptop.

A new report from TechCrunch explains that an iPhone app called Call Recorder lets users record their phone call conversations, however a recently discovered bug leaked those calls.

The vulnerability was discovered by security expert Anand Prakash and the findings were then confirmed by TechCrunch using a tool to “change” the network traffic while the app communicated with the server.

Using the trick, Prakash was able to change the number on the app to any other user, after he had registered and set up the account. The app would simply allow access as if he had registered with their numbers. Prakash also found that the recordings were being stored on a “cloud storage bucket” on Amazon Web Services and had over 130,000 audio recordings well over 300 gigabytes.

No apps were specifically named in the report, but TechCrunch notes that some were major apps, including a mobile wallet from a Fortune 500 company and a transportation app from a large city.

While the app has now been patched and an update began rolling out to users over the weekend, this incident highlights how unsafe apps can put users data at risk, even if the operating system is well designed and implements security well enough.