Sarahah has been quite a sensation; the anonymous app has been in the limelight since past couple of weeks. The app became an instant hit with the users since it promised unparalleled anonymity and thus eventually became viral. Sarahah lets its users comment on others anonymously but it doesn’t reveal the name, and neither does the app allow users to reply to a comment. The app has been criticised and praised alike, but a new report seems to reveal unsettling traits about Sarahah.
As per reports from security analyst Zachary Julian the app uploads users phone contacts into the company servers and all of this is done without any known purpose. On questioning the behavior, Sarahah founder, Zain al-Abidin Tawfiq said that the contacts are uploaded “for a planned ‘find your friends’ feature.” He further added that the feature was delayed due to a technical issue and assured that the data request would be removed from the next update.
That being said, Sarahah has been pretty straightforward when it comes to your contacts, it asks for permission to access your contacts on both iOS and Android. However, you can still refuse to give the permission and yet continue to use the app. Things get murky especially since the app doesn’t offer any feature that would require access to your contacts. The typical option to search for your contacts is also missing.
This behavior was observed by Julian while using monitoring software to see the data being transferred and received by Sarahah on his Android phone. The app accessed all the contact details including emails and phone contacts. He later confirmed that the same happened with iOS as well. Most of the apps like Instagram and Facebook ask access for users contacts, but they do so with a purpose. Asking access to contact details without offering any feature associated with contacts simply raises a red flag.On a related note, it’s very common for Android apps to sectreately team up and steals your data. A recent study revealed that nearly 20,000 app pairings leaked data. The app interactions also involved privilege escalation which is a phase wherein sensitive information is prone to get leaked.
On a related note, it is prevalent for Android apps to team up and steal your data secretly. A recent study revealed that nearly 20,000 app pairings leaked data. The app interactions also involved privilege escalation which is a phase wherein sensitive information is prone to get leaked.