This iPhone app exposed thousands of users' recorded calls

Image Credit: Ajay Suresh | Flickr CC by 2.0
(Image credit: Image Credit: Ajay Suresh | Flickr CC by 2.0)

A security vulnerability has been discovered in a popular call recording app for the iPhone, potentially exposing the call recordings of thousands of users.

The flaw in the Automatic Call Recorder app was discovered by PingSafe AI security researcher Anand Prakash. It turns out that anyone could access recordings from other users, just as long as they knew the other users' phone numbers. 

According to Prakash, it's not as simple as entering a user's phone number and then having access to all their recorded calls. But it's not all that difficult either. Prakash accomplished it with the network-sniffing proxy tool Burp Suite. 

Widely used by security researchers, Burp Suite allowed Prakash to view and modify network traffic as it passed to and from the Automatic Call Recorder on his iPhone. It allowed  him to change the registered phone number with that of a different registered user. 

This vulnerability shows the inherent dangers of storing app data in cloud storage and failing to properly secure it, as was the case here. 

According to TechCrunch, who were able to replicate the exploit, Automatic Call recorder stores its recordings in a cloud-storage bucket hosted by Amazon Web Services. That bucket held around 130,000 recordings that took up 300 gigabytes of space.

A report last week from mobile security firm Zimperium suggests that leaky smartphone apps are far from rare. The firm found about 18,000 Android and iOS apps that hadn't set up cloud-storage databases correctly. While the apps weren’t named in that report, it does mean potentially millions of users are at risk of having their data exposed.

TechCrunch got in touch with Automatic Call Recorder’s developers, who promptly patched the exploit March 6. So there’s no need to delete all your recordings in a panic as long as you update Automatic Call Recorder to version 2.26. 

TOPICS
Tom Pritchard
UK Phones Editor

Tom is the Tom's Guide's UK Phones Editor, tackling the latest smartphone news and vocally expressing his opinions about upcoming features or changes. It's long way from his days as editor of Gizmodo UK, when pretty much everything was on the table. He’s usually found trying to squeeze another giant Lego set onto the shelf, draining very large cups of coffee, or complaining about how terrible his Smart TV is.

Read more
Find My iPhone
Apple Find My hack turns any Bluetooth device into a secret AirTag — what we know
DeepSeek logo on smartphone in front of merging US and Chinese flags
DeepSeek’s app contains serious privacy and security vulnerabilities that you should know about
iPhone 16 Pro shown held in hand
Apple just patched its first zero-day flaw of the year — update your iPhone and Mac right now
Apple iPhone 16 held in the hand.
iOS 18.3.1 — update your iPhone right now to fix critical zero-day vulnerability
redesigned photos app in iOS 18
Do you know which apps have access to your iPhone photo roll? Here’s how to check
iPhone 16 Pro shown held in hand
iPhone lets you record calls — here’s how to do it
Latest in iPhones
New emojis with iOS 18.4 beta release.
iOS 18.4 beta brings 8 new emoji to your iPhone — here's all the new options
An image of an iPhone screen showing the Safari app icon in the center
I got tired of Safari revealing my web searches in iOS 18.4 — this setting fixes that
iPhone Flip Concept
Foldable iPhone delays — there’s a bigger problem going on at Apple
iPhone 17 Air render
iPhone 17 Air — new survey could be bad news for Apple's super thin iPhone
Render of the alleged design of the iPhone 17 Pro
New iPhone 17 Pro dummy leak highlights redesigned camera and part glass body
Siri in iOS 18 on iPhone
Users complain that Siri can’t answer even the most basic questions — here’s what we know
Latest in News
A first look at Amazon's Fallout TV series coming to Prime Video
‘Fallout’ season 3 plans are reportedly being made — while season 2 is still filming
Surface Laptop 7 from the front
Amazon just gave Surface Laptop 7 a 'frequently returned' label — here's what's going on
New emojis with iOS 18.4 beta release.
iOS 18.4 beta brings 8 new emoji to your iPhone — here's all the new options
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
half-life alyx
Latest Half-Life 3 rumors point to a 2025 release — and maybe pigs will fly
NFL Sunday Ticket logo for YouTube
NFL Sunday Ticket 2025 pricing revealed — and it's bad news