Skip to main content

A Security Researcher Has Found That Anonymous Feedback App Sarahah Keeps Uploading Your Email And Phone Contacts To Its Servers

Image
By

Earlier this month, viral anonymous app Sarahah took the internet by storm when its popularity rose exponentially. The teenagers, as well as adults, were engrossed in this Sarahah-mania to receive “anonymous” feedback from their friends and co-workers.

While Sarahah app was already criticized for its possible aid in cyber bullying incidents, a new revelation has been made by a senior security analyst. As reported by The Intercept, Zachary Julian found out that Sarahah is collecting the private information of users.
As soon as you launch the app for the first time, Sarahah immediately uploads all the phone numbers and email addresses in your phone book. While it asks for user-permission for the access, it doesn’t disclose the upload act.
Moreover, Sarahah doesn’t even make any apparent and functional use of the uploaded data. Julian discovered the same when he installed Sarahah app on his Android smartphone, which was a Samsung Galaxy S5 running Android 5.1.1. Using BURP Suite, he was able to intercept the incoming and outgoing internet traffic.
Sarahah performs this sneaky action on iOS devices as well. It’s worth noting that if a person doesn’t use the app for some time, it shares the contacts again.
On iOS, the app says, “the app needs to access your contacts to show you who has an account in Sarahah.” It doesn’t do so. On Android, the app, in some cases, makes a request to access contacts without giving any reason.
After this revelation, app’s creator, Zain al-Abidin Tawfiq, said that the functionality will be removed in a future update. He further said that the feature was intended for a “find your friends” feature, something that doesn’t exist at the moment. The validity of Tawfiq’s statements is impossible to verify.
While such acts of uploading contacts by applications aren’t uncommon, it’s concerning if that app isn’t making any use of the information. Apart from worrying about the security of data on your device, you also need to worry about the integrity of the company who has your data.
Did you find this story on viral Sarahah app useful? Don’t forget to share your views and concerns with us.
Labels:

Comments

Post a Comment

Follow Us

WHAT'S HOT

Virtual and Augmented Reality: Transforming The Way We Look At The Internet and Data Security

By
Virtual and Augmented Reality have redefined every aspect of our modern world ranging from gaming, music, and pop culture, to business, human interaction, and development. However, ‘with great power comes great responsibility’. When it comes to a technology slowly becoming a part of some of our most sensitive aspects in our lives (finances, identity, and health), ensuring its safety is highly important. Despite this, many companies have certainly not done their part to ensure the better virtual reality security and, in turn,
1 comment
Continue Reading »

Twin sisters CONJOINED at abdomen, liver and umbilical cord die soon after birth (photo)

By
> The Siamese twins who were born in Zambia a few days ago passed away > They were joined at the chest > The babies shared one abdomen, liver and umbilical cord The conjoined twins who had been born at KITWE Central Hospital in Zambia a few days ago, have passed away. The Siamese girls were delivered by a 19-year-old woman. They were joined by the chest, sharing one abdomen, liver and umbilical cord.
1 comment
Continue Reading »

Which Is The Best Linux Distro For Beginners? — 2017 Edition

By
Are you looking for  a Linux distro that’s suitable for new users who are willing to start   an exciting Linux journey? Well, you’re at the right place. These days, Linux Mint is giving a tough competition to Ubuntu as it’s very beginner-friendly. Our other top recommendations are Zorin OS (which looks a lot like Windows operating system) and lightweight Linux Lite.
2 comments
Continue Reading »

Google’s Open Source DIY Kit Turns Your Raspberry Pi Into An AI Assistant

By
The latest edition of the MagPi magazine includes a DIY kit created by Google that can be used to create a custom Google Home device powered by Raspberry Pi. A user can take advantage of the Google Assistant SDK and Google Cloud Speech API to enable voice control in their projects.
Post a Comment
Continue Reading »