A popular iOS app called Call Recorder, which records incoming and outgoing calls, has been installed from the Apple App Store over 1 million times and promotes itself as being a top 20 business app in over 20 countries. However, if you have the app on your iPhone and haven't updated it in some time, you might want to uninstall it and download the most currently available version of the app from the App Store. That's because security researcher Anand Prakash, the founder of PingSafe AI, discovered a flaw in the app (via TechCrunch) that could allow a bad actor to gain access to recordings of calls from other users by knowing their phone numbers.
Using a tool like Burp Suite, which tests the security of apps, Prakash was able to replace the phone number he registered with Call Recorder with the phone number belonging to another Call Recorder user. Doing this could allow him to access the recordings of incoming and outgoing calls made by the other subscriber to the app. Prakash discovered the bug on February 27th. On March 6th, the bug was fixed and a new version was launched in the App Store with the vulnerability removed. If you do have the app installed on your iPhone, make sure it is version 2.26 or later.
The app not only records incoming and outgoing calls (even without an internet connection), and changes/edits the voices of saved recordings, it also will upload recordings to slack, Google Drive, Dropbox, and Onedrive. It also will transcribe recordings in over 50 languages. If you're thinking about subscribing to the latest version of the app, keep in mind that your carrier needs to support three-way calling. The app costs $6.99 per week with a three-day trial. A monthly subscription is $14.99 per month but you have to pay for 12 months in advance. Other pricing options are offered as well.
Here is something you should know about the app. You will be automatically charged unless auto-renew is turned off at least 24 hours before the end of the current subscription period. On the plus side, the App Privacy Label shows that Contact information is the only data collected by the app, and this data cannot be used to discover your identity.