Viral App Sarahah Has Been Found To Secretly Upload Your Contact List Without Permission
There is a possibly a big privacy risk.
By Tang Ruxyn — 29 Aug 2017, 06:34 PM
There is a viral application that has been trending worldwide and it has been dubbed as an "honesty app"
Millions of people around the world have been downloading and using Sarahah, a free app that was created by Saudi Arabian developer Zain al-Abidin Tawfiq, to enable users to "self-develop" by receiving constructive feedback.
The app, which means "honesty" in Arabic when its name is loosely translated, was launched last February and it has more than 62 million users as of August 2017.
According to the app's website, the app is aimed at helping users obtain "honest feedback" from friends and employees by getting people to leave messages anonymously - just like a suggestion box. There is apparently no way to find out who is sending you those messages on the app.
Sarahah screenshots have flooded Facebook as users have been posting their replies to the anonymous messages they've received
However, be warned. It was recently revealed that the popular app actually uploads its users' contact list secretly.
It is believed that this alarming behaviour was first spotted by senior security analyst Zachary Julian, who works for IT security consulting firm Bishop Fox when he installed the app on his Android phone and noticed that his private data was being uploaded to a remote server.
"As soon as you log into the application, it transmits all of your email and phone contacts stored on the Android operating system," Zachary explained, adding that this also happens on Apple's iOS.
The matter gained international attention when it was publicised by online portal The Intercept on 27 August.
While it is not unusual for apps on both Android and iOS to ask for permissions to access each user's phone contacts, Sarahah has received flak for uploading them to the company's servers without asking for consent.
After this supposed expose by Julian and The Intercept, the creator of Sarahah has responded to allegations that the app is stealing private data from users
According to The Intercept, Sarahah "did not initially respond to requests for comment".
It was only after the article revealing that the app has been uploading data to its server was published that Zain said on Twitter "the data request will be removed on next update" and that it had been intended for a "find your friends' feature" which is still not available on the app.
He also said that Sarahah's servers don't "currently host contacts", although The Intercept reported that it could not verify his claims.
If you're a Sarahah user, here's how you can check if you've granted permission for the app to access your contacts:
For users using iOS device, go to Settings > Sarahah and check your settings there.
For those of you who are on Android (Android 6.0 Marshmallow or later), go to Settings > Apps > Sarahah > App Permission to set the permissions according to your needs.
If you want to delete your Sarahah account, you will need to do it on the website because the option is not available on the app itself.