- Sarahah app is harvesting users personal info
- Senior security spotted the app uploading his contacts, email ids on server
- Founder claims it to be a strategy for a future “Find your friends” update
After Sayat.me, another honesty app Sarahah is ruling the social media world and people are going crazy for it from the past couple of weeks. The app features a platform to write and receive anonymous feedback. However, is it really safe to use this app? Sarahah seems to be intruding your privacy according to a recent survey.
According to a report from Zachary Julian who is the senior security analyst at Bishop Fox IT consulting firm was the first to notice that his phone’s contacts were being uploaded to the servers. He was able to track this behavior using a monitoring tool known as BURP suite. Zachary claimed that as soon as the user installs the app and logs in, Sarahah starts uploading the contacts with email ids to the servers. Julian installed the app on his Samsung Galaxy S5 that runs on Android 5.1.1. However, after installing the app it does ask for permission to access the contacts and email ids.
But there seems to be no good reason as for why these contacts are actually required. The search option inside the app does not ask for any contact number. Also, there is no such list showing the number of users in your contact list using the app.
Zain Al-Abidin Tawfiq claimed that the contacts were being uploaded for a future “find your friends” update which got delayed due to some technical issue. Zain also tweeted that the data request will be removed on Sarahah’s next update.
Most of the apps (like Facebook) uses personal data like contact numbers, email ids, location etc for the addition of extra features. Every user expects something in return before giving out their personal data. The Sarahah users are slightly suspicious with this news and are now more reluctant in using this app.