Skip to main content

Sarahah app is uploading your contacts to its servers without your permission

Sarahah, the popular anonymous messaging app, is reportedly sending your phone’s contacts to the company’s servers without your permission. The app had gone viral over the past few months and somewhere around 18 million people have downloaded it from Apple and Google’s app stores.
Now, according to a report published by The Intercept, the app that allows users to get “honest feedback” from their friends, quietly harvests and uploads the user’s contacts including all phone numbers and email addresses to its servers.
The report is quoting Zachary Julian, a senior security analyst at Bishop Fox. He first discovered that Sarahah is uploading private information when he installed the app on his Galaxy S5 running Android 5.1.1.
His device was having a security monitoring software called BURP Suite. The software allows seeing data from the device being sent to any remote servers. So, on installing and running Sarahah, Julian discovered that the app was sending his phone’s contact data to the company’s servers without proper permissions.
While Sarahah does ask for permission to access a user’s contacts while installing, it does not specify that the same are being uploaded on its servers. The report claims that if you go by the privacy policy in the app, it states that if it plans to use your data, Sarahah will ask for your permission. Also, the data transfer is not only limited to Android OS and the same also occurs on iOS devices as well after you give permissions to “access contacts.”
Moreover, as per Julian’s testing, if users don’t access the Sarahah app for a few days, it pushes contacts data all over again when the app is rebooted. Julian rebooted the app after a gap of two days, and all his contacts were sent to the Sarahah servers again.
Sarahah did not initially comment on the issue but later Zain al-Abidin Tawfiq, Sarahah founder replied that the contacts functionality had been intended for a ‘find your friends’ feature and the feature was delayed due to “technical issues”..
The Intercept   @theintercept
When first launched, this app harvests and uploads all phone numbers and email addresses in your address book. https://interc.pt/2xnrXrn 
ZainAlabdin Tawfiq @ZainAlabdin878
Sarahah App asked for contacts for a planned "find your friends" feature
7:22 AM - Aug 27, 2017
Twitter Ads info and privacy
While the company says this is a technical issue, which was to be removed from the app, this does raise questions about the privacy of the users and how the app is using user’s data.
“Sarahah has between 10 and 50 million installs on just the Play Store alone for Android, so if you extrapolate that number, it could easily get into hundreds of millions of phone numbers and email addresses that they’ve harvested,” Julian said.
Julian says if the company intends to continue accessing the data, it should specifically inform the user about the data they are giving up and where it is going. It should also provide the users with a legitimate reason as to why the app actually needs it.

Comments

Post a Comment

Popular posts from this blog

HTC Desire 20 Pro certified by Google Play, NCC

HTC’s glory days are well in the past, but the Taiwanese company is trying to stay relevant in the smartphone world. As spotted by a vigilant Twitter user, the Desire 20 Pro has been certified at NCC and Google Play Support. Previously the same phone appeared on Geekbench and in leaked schematics . The Google Play Support page mentions the same HTC 2Q9J1000 model number we saw earlier. Seeing how this is a Pro there is likely to be a vanilla version in the pipeline as well, but we haven't heard anything about it. HTC Desire 20 Pro certifications When the phones eventually arrive, they will be a follow-up of the Desire 19 lineup that brought us the Desire 19s and Desire 19+ . Both of them had unimpressive Helio chipsets (respectively P22 and P35) and the main camera was 13 MP f/1.9 with PDAF on both of them. Hopefully, this year’s Desire lineup will get in line with the current trends and introduce big batteries, fast charging, and better cameras if HTC w...
Post a Comment
Read more

IDC: Global smartphone shipments to decline by 12% in 2020

The latest predictions from analysts IDC concerns the global smartphone shipments and they sound properly grim. Total shipments for 2020 are expected to reach 1.2 billion units which would be an 11.9% decline compared to 2019. The new estimate is based on the Q1 shipment results which saw the largest decline in smartphone sales in the history of IDC’s Worldwide Quarterly Mobile Phone Tracker at -14.5%. Looking at the first half of 2020, IDC predicts an 18.2% decline in shipments due to lowered consumer spending. According to IDC’s Sangeetika Srivastava, the main issue now is a lack of demand on behalf of consumers. On a more regional basis, the new report suggests that China will see a single-digit decline in shipments for the current year as COVID-19 restrictions have been lifted and demand is slowly recovering. The situation in Europe is more difficult as countries like Italy and Spain are still actively fighting the pandemic. In the long-term, IDC expects th...
Post a Comment
Read more