This popular voice chat app leaked users' private conversations — do you have it on your phone?

Voice chat app
Watch out for this voice-chat app (Image credit: Getty Images/IconicBestiary)

Popular voice chat apps, including Discord, Zoom, Skype, Google Meet, Microsoft Teams, and WhatsApp, are many users' staples for facilitating remote communication and collaboration, whether it's for work, socializing or gaming.

However, according to an explosive investigation from Cybernews, you should be concerned about your conversations spilling out into the open, particularly with one voice-chat app that's been gaining traction with five million downloads on the Google Play Store. 

Keep this voice-chat app off your phone

A new Cybernews report exposed OyeTalk, a voice-chat app that lets users host podcasts and interact with each other in discussion rooms, for storing unencrypted user conversations on an unprotected database sans a password. With 500MB of data, the open database featured the following:

  • International Mobile Equipment Identity (IMEI) numbers
  • usernames
  • unencrypted user chats

For those who need a refresher, an IMEI number is a 15-digit identifier that acts like a unique fingerprint for your phone.

"Spilling IMEI numbers on every message sent is a vast privacy intrusion, as the message is permanently associated with a specific device and its owner at the time. Threat actors could exploit it to impose ransom," Cybernews said, adding that law enforcement (and cybercriminals) often rely on IMEI numbers to identify the legal owners of devices.

After Cybernews discovered that OyeTalk was publicly exposing users' private conversations, it notified the app's developers about the data spill. Unfortunately, they failed to seal the public's access to the database. On the plus side, Google eventually stepped in and managed to "close off the instance."

If you think this is just an isolated incident, think again! Cybernews investigators analyzed more than 33,000 Android apps and found that 600 them were open, allowing malicious actors to gain access to their databases and user data.

Kimberly Gedeon

Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!