For those who love Sarahah app, this won’t come as such good news.
Sarahah, the popular anonymous messaging app, has been found to harvest and upload all email addresses and phone numbers in a user’s address book.
Sarahah, the popular anonymous messaging app, is secretly upload all email addresses and phone numbers in the address book to their servers, according to a report on The Intercept. The report is quoting Zachary Julian, a senior security analyst at Bishop Fox, who made the discovery when he installed the Sarahah app on his smartphone. The app developer has also accepted this feature is true.
Julian’s phone has something called BURP Suite, a software that “which intercepts internet traffic entering and leaving the device,” and this spotted that Sarahah was uploading his private data. According to the researcher, the app “transmits all of email and phone contacts stored on Android.” Interestingly Sarahah appears to be doing the same on iOS as well. The researcher has also shard video showcasing exactly how the app continues to violate user privacy.
First Sarahah didn’t reply to this report. Later creator of the app, Zain al-Abidin Tawfiq said that this feature, where the app was uploading the entire contact detail to the servers would be removed in a later update. He also tweeted saying the feature was supposed to help in an upcoming update to the app, which would let users find their friends on the app. That’s hard to believe given the app is built around anonymity and finding friends on it would be counter-productive.
While the developer insists this is a technical issue, which was to be removed from the app, it does raise questions around privacy and how the app is treating user data. Also the researcher has shown, if the app is not used for sometime, it again re-uploads the contact, so clearly this is a feature that was known by the developer.
While such acts of uploading contacts by applications aren’t uncommon, it’s concerning if that app isn’t making any use of the information. Apart from worrying about the security of data on your device, you also need to worry about the integrity of the company who has your data.
Credit: Fossbytes, IndianExpress