Sarahah app uploading users' contacts to company's servers

Todd Singleton
August 29, 2017

The anonymous messaging app, biled as a platform for honest feedback, has reportedly also been saving all the contacts in your phone.

As of August, the app has more than 62 million users, and it is among the most downloaded apps on the Apple App Store.

Well, not sure about you, but collecting data for a feature which is not even available yet, can not be justified for most people. Interestingly Sarahah appears to be doing the same on iOS as well. Users can actually prevent the app from accessing contact data.

However, most of the newer Android operating systems, starting with Android 6.0 ("Marshmallow") do allow for more granular permissions for apps and also allows users to modify controls so that apps do not gain access to contacts or other information. According to a report from The Intercept, the app uploads users' phone contacts to the company's servers, for no good reason.

Labour positions itself as party of soft Brexit
Prime Minister Theresa May's Conservatives agree there should be a "time-limited" transition period after March 2019. It said both sides must be "flexible and willing to compromise" when it comes to solving areas where they disagree.

Federer in same half as Nadal
The Canadian, who had been struggling to win matches, played her best tennis in years to defeat the Russian in a three set battle. Venus is on the bottom half of the bracket in a section that also features Wimbledon champion Garbine Muguruza and former U.S.

England bring in Chris Woakes for Toby Roland-Jones in second Test
Meanwhile Roach backed the West Indies batsmen to follow the lead of their attack when they resume Saturday on 19 for one. Conditions in what was a standard red-ball clash looked set fair for batting when Root won the toss.

Zain al-Abidin Tawfiq, Sarahah's founder informed that the contacts were uploaded for "for a planned "find your friends" feature" which is yet to be released.

Zachary Julian, a senior security analyst at Bishop Fox, discovered Sarahah's uploading of private information when he installed the app on his Android phone, a Galaxy S5 running Android 5.1.1. Sarahah argues that this allows people from work to give constructive advice in an anonymous way, users get to know their areas of strength as well as their areas that need improvement. "The privacy policy specifically states that if it plans to use your data, it'll ask for your consent", Julian said.

Most of the mobile applications ask permission to access contacts but in Sarahah there's no feature where these contacts are required as the user can't search for a friend or acquaintance using the contact information. Sarahah privacy concerns are now on the rise as the app has been reported to be stealing contact data. On iOS, the app says "the app needs to access your contacts to show you who has an account in Sarahah", and allows the user to choose between "Okay" and "Don't allow". Also the researcher has shown, if the app is not used for sometime, it again re-uploads the contact, so clearly this is a feature that was known by the developer.

On a related note, it is very common for Android apps to secretly team up and steal your data. Over 54 per cent of Android users are using older versions which do not have these permissions, and users need to be savvy enough to know where to find app permissions are (Settings Apps Gear button App Permissions). Over there you can manually disable the permission to access contacts.

Other reports by Free-Prsite

Discuss This Article