Beware: Sarahah app has been collecting your phone contacts, without permission
Sarahah app has no doubt created a quite a buzz ever since its launch. While anonymity and honesty are its USP, turns out the app is not being really being honest with its users. The app is reportedly uploading user’s phone contacts to the company’s servers.
This odd behavior was spotted by security analyst Zachary Julian, and the app is doing it for a feature that is yet unreleased, The Intercept reports. When the report got out, app founder ZainAlabdin Tawfiq took to Twitter to clarify the reason behind the app’s odd behavior. Tawfiq says that the contact lists are being uploaded on the company’s servers for a ‘find your friend’ feature that got ‘delayed due to a technical issue’. Tawfiq further tweeted that the “database doesn’t currently host contacts and the data request will be removed on next update”.
Julian discovered the app’s odd behavior when using a monitoring software called BURP Suite. This software essentially intercepts internet traffic entering and leaving the device thereby allowing users to see what data is sent to remote servers. “As soon as you log into the application, it transmits all of your email and phone contacts stored on the Android operating system,” Julian told …read more