Warning: Second Phone Number App on iOS Exposes Users’ Texts
April 24, 2025
A popular iOS app offering second phone numbers for calls and texts has come under fire after a significant privacy flaw was discovered, potentially exposing users’ private messages to unauthorized access.
Cybersecurity researchers revealed that the app—designed to provide anonymity and secure communication—was inadvertently leaking user texts due to poorly configured backend servers. The flaw reportedly allowed external parties to access logs of messages sent through the app without authentication.
“Users rely on these apps for privacy—sometimes for personal reasons, sometimes for business—but this breach shatters that trust,” said Alex Roman, a digital privacy expert with CyberWatch Labs. “The issue highlights how even apps promising ‘secure communication’ can fail if proper safeguards aren’t implemented.”
🔍 How the Leak Happened
The exposed data was traced to an unprotected API endpoint that failed to validate user sessions. This allowed anyone with basic technical knowledge to pull data from the servers—no password or user account required. The leaked information included message contents, timestamps, and in some cases, contact numbers.
Security analysts are still assessing the scale of the breach, but early estimates suggest that tens of thousands of users may have been affected.
📱 What Users Should Do
Users who have installed the app are advised to:
-
Immediately stop using the app until an official patch is released.
-
Change any sensitive information they may have shared via text.
-
Monitor other accounts for unusual activity if they used the number for verifications.
Apple has not yet issued a formal response, but sources suggest the app may face removal from the App Store if the issue is not resolved quickly.
🧑💻 Developer Response
The app’s development team acknowledged the issue in a brief statement on their website:
“We are aware of the vulnerability and are working urgently to fix the issue. The safety and privacy of our users is our top priority.”
However, critics argue that this statement falls short of addressing the real damage, especially for users who depended on the service for confidential conversations.
🔐 Bigger Privacy Concerns
This incident adds to a growing list of privacy failures among so-called “secure” apps, reminding users that no platform is entirely immune to technical flaws or developer oversight.
For now, experts recommend using well-established apps with proven track records in data security, and to stay informed about updates from developers and cybersecurity communities.
